diff --git a/.github/env b/.github/env index 9be729c777c..adafccd2625 100644 --- a/.github/env +++ b/.github/env @@ -1,3 +1,3 @@ -golang-version=1.22 -kind-version=v0.23.0 -kind-image=kindest/node:v1.30.0 +golang-version=1.23 +kind-version=v0.24.0 +kind-image=kindest/node:v1.31.0 diff --git a/.github/workflows/changed-files.yaml b/.github/workflows/changed-files.yaml new file mode 100644 index 00000000000..60d3459a6ac --- /dev/null +++ b/.github/workflows/changed-files.yaml @@ -0,0 +1,27 @@ +name: changed-files + +on: + workflow_call: + outputs: + non-markdown-files: + description: "changed files list" + value: ${{ jobs.changed-files.outputs.non-markdown-files }} + +jobs: + changed-files: + # Map the job outputs to step outputs + outputs: + non-markdown-files : ${{ steps.changed-files.outputs.non-markdown-files}} + runs-on: ubuntu-latest + steps: + - name: checkout repo + id: checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: get changed files + id: changed-files + run: | + echo non-markdown-files=$(git diff --name-only --diff-filter=ACMRT ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -iv .md$ | xargs) >> $GITHUB_OUTPUT + - run: | + echo "${{ steps.changed-files.outputs.non-markdown-files}}" diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index e6ad5aa23fb..1b51ea04eab 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -8,6 +8,10 @@ on: - 'main' tags: - 'v*' +# To cancel running workflow when new commits pushed in a pull request +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: generate: runs-on: ${{ matrix.os }} @@ -26,6 +30,23 @@ jobs: go-version: '${{ env.golang-version }}' check-latest: true - run: make --always-make format generate && git diff --exit-code + env: + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + + comment-generate-failure: + if: ${{ failure() }} + permissions: + pull-requests: write + needs: generate + name: Comment troubleshooting message for format and generate failure + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Comment PR + uses: thollander/actions-comment-pull-request@v3 + with: + message: 'Auto-generated files are likely not up-to-date. Please make sure to run `make --always-make format generate`, commit the modifications and push the updated branch.' check-docs: runs-on: ubuntu-latest @@ -39,6 +60,24 @@ jobs: go-version: '${{ env.golang-version }}' check-latest: true - run: make check-docs + env: + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + + comment-docs-failure: + if: ${{ failure() }} + permissions: + pull-requests: write + needs: check-docs + name: Comment troubleshooting message for check-docs failure + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Comment PR + uses: thollander/actions-comment-pull-request@v3 + with: + message: | + message: 'Formatting and local/remote links likely not correct. Please make sure to run `make check-docs`, commit the modifications and push the updated branch.' check-golang: runs-on: ubuntu-latest @@ -54,9 +93,9 @@ jobs: - name: go.mod run: make tidy && git diff --exit-code - name: golangci-lint - uses: golangci/golangci-lint-action@v6.0.1 + uses: golangci/golangci-lint-action@v6.1.1 with: - version: v1.57.2 + version: v1.61.0 args: --timeout 10m0s --go ${{ env.golang-version }} check-metrics: @@ -89,6 +128,7 @@ jobs: go-version: '${{ env.golang-version }}' check-latest: true - run: make operator + po-rule-migration: runs-on: ubuntu-latest name: Build Prometheus Operator rule config map to rule file CRDs CLI tool @@ -101,4 +141,3 @@ jobs: go-version: '${{ env.golang-version }}' check-latest: true - run: cd cmd/po-rule-migration && go install - diff --git a/.github/workflows/e2e-feature-gated.yaml b/.github/workflows/e2e-feature-gated.yaml index e2d4c3c7efc..0ff1636a6d3 100644 --- a/.github/workflows/e2e-feature-gated.yaml +++ b/.github/workflows/e2e-feature-gated.yaml @@ -1,8 +1,6 @@ name: e2e-feature-gated on: pull_request: - paths-ignore: - - '**/*.md' push: branches: - 'release-*' @@ -10,11 +8,17 @@ on: - 'main' tags: - 'v*' - paths-ignore: - - '**/*.md' +# To cancel running workflow when new commits pushed in a pull request +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: + changed-files: + uses: ./.github/workflows/changed-files.yaml e2e-tests: name: E2E tests for feature gates + needs: changed-files + if: ${{ needs.changed-files.outputs.non-markdown-files }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/e2e-prometheus3.yaml b/.github/workflows/e2e-prometheus3.yaml new file mode 100644 index 00000000000..b386d3dc098 --- /dev/null +++ b/.github/workflows/e2e-prometheus3.yaml @@ -0,0 +1,109 @@ +name: e2e-prometheus3 + +on: + schedule: + - cron: '30 14 * * *' # Every day 14:30 + +jobs: + e2e-tests: + name: E2E experimental version tests + runs-on: ubuntu-latest + strategy: + # since upgrade test was failing other tests were cancelled, setting this so that other test run + fail-fast: false + matrix: + suite: [alertmanager, prometheus, prometheusAllNS, thanosruler, operatorUpgrade] + include: + - suite: alertmanager + prometheus: "exclude" + prometheusAllNS: "exclude" + alertmanager: "" + thanosruler: "exclude" + operatorUpgrade: "exclude" + - suite: prometheus + prometheus: "" + prometheusAllNS: "exclude" + alertmanager: "exclude" + thanosruler: "exclude" + operatorUpgrade: "exclude" + - suite: prometheusAllNS + prometheus: "exclude" + prometheusAllNS: "" + alertmanager: "exclude" + thanosruler: "exclude" + operatorUpgrade: "exclude" + - suite: thanosruler + prometheus: "exclude" + prometheusAllNS: "exclude" + alertmanager: "exclude" + thanosruler: "" + operatorUpgrade: "exclude" + - suite: operatorUpgrade + prometheus: "exclude" + prometheusAllNS: "exclude" + alertmanager: "exclude" + thanosruler: "exclude" + operatorUpgrade: "" + steps: + - uses: actions/checkout@v4 + - name: Import environment variables from file + run: cat ".github/env" >> $GITHUB_ENV + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: '${{ env.golang-version }}' + check-latest: true + - name: Build images + run: | + export SHELL=/bin/bash + make build image + - name: Start kind cluster + uses: helm/kind-action@v1.10.0 + with: + version: ${{ env.kind-version }} + node_image: ${{ env.kind-image }} + wait: 300s + config: ./test/e2e/kind-conf.yaml + cluster_name: e2e + - name: Wait for cluster to finish bootstraping + run: | + echo "Waiting for all nodes to be ready..." + kubectl wait --for=condition=Ready nodes --all --timeout=120s + kubectl get nodes + echo "Waiting for all pods to be ready..." + kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout=300s + kubectl get pods -A + echo "Cluster information" + kubectl cluster-info + - name: Load images + run: | + kind load docker-image -n e2e quay.io/prometheus-operator/prometheus-operator:$(git rev-parse --short HEAD) + kind load docker-image -n e2e quay.io/prometheus-operator/prometheus-config-reloader:$(git rev-parse --short HEAD) + kind load docker-image -n e2e quay.io/prometheus-operator/admission-webhook:$(git rev-parse --short HEAD) + kubectl apply -f scripts/kind-rbac.yaml + - name: Run tests + run: > + TEST_EXPERIMENTAL_PROMETHEUS=true + EXCLUDE_ALERTMANAGER_TESTS=${{ matrix.alertmanager }} + EXCLUDE_PROMETHEUS_TESTS=${{ matrix.prometheus }} + EXCLUDE_PROMETHEUS_ALL_NS_TESTS=${{ matrix.prometheusAllNS }} + EXCLUDE_THANOSRULER_TESTS=${{ matrix.thanosruler }} + EXCLUDE_OPERATOR_UPGRADE_TESTS=${{ matrix.operatorUpgrade }} + EXCLUDE_FEATURE_GATED_TESTS=exclude + EXCLUDE_PROMETHEUS_UPGRADE_TESTS=exclude + make test-e2e + + # Added to summarize the matrix and allow easy branch protection rules setup + e2e-tests-result: + name: End-to-End Test Results + if: always() + needs: + - e2e-tests + runs-on: ubuntu-latest + steps: + - name: Mark the job as a success + if: needs.e2e-tests.result == 'success' + run: exit 0 + - name: Mark the job as a failure + if: needs.e2e-tests.result != 'success' + run: exit 1 diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 5b035ac223f..516e850a772 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -10,12 +10,18 @@ on: - 'main' tags: - 'v*' - paths-ignore: - - '**/*.md' +# To cancel running workflow when new commits pushed in a pull request +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: + changed-files: + uses: ./.github/workflows/changed-files.yaml e2e-tests: name: E2E tests runs-on: ubuntu-latest + needs: changed-files + if: ${{ needs.changed-files.outputs.non-markdown-files }} strategy: matrix: suite: [alertmanager, prometheus, prometheusAllNS, thanosruler, operatorUpgrade] @@ -101,8 +107,9 @@ jobs: # Added to summarize the matrix and allow easy branch protection rules setup e2e-tests-result: name: End-to-End Test Results - if: always() + if: ${{ needs.changed-files.outputs.non-markdown-files }} needs: + - changed-files - e2e-tests runs-on: ubuntu-latest steps: diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 7ce9e7a623e..0593fec80b9 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -25,6 +25,11 @@ jobs: uses: actions/checkout@v4 - name: Import environment variables from file run: cat ".github/env" >> $GITHUB_ENV + - name: Reclaim disk space + run: | + docker image prune --force --all + sudo rm -rf /usr/share/dotnet + sudo rm -rf /usr/local/lib/android - name: Install Go uses: actions/setup-go@v5 with: diff --git a/.github/workflows/test-prom-version-upgrade.yaml b/.github/workflows/test-prom-version-upgrade.yaml index 304cb5d0082..8bbaad8f4a7 100644 --- a/.github/workflows/test-prom-version-upgrade.yaml +++ b/.github/workflows/test-prom-version-upgrade.yaml @@ -41,6 +41,7 @@ jobs: kubectl apply -f scripts/kind-rbac.yaml - name: Run tests run: > + TEST_EXPERIMENTAL_PROMETHEUS=false EXCLUDE_ALL_NS_TESTS=exclude EXCLUDE_ALERTMANAGER_TESTS=exclude EXCLUDE_PROMETHEUS_TESTS=exclude diff --git a/.github/workflows/unit.yaml b/.github/workflows/unit.yaml index 98bb8271eef..14387c41347 100644 --- a/.github/workflows/unit.yaml +++ b/.github/workflows/unit.yaml @@ -10,12 +10,18 @@ on: - 'main' tags: - 'v*' - paths-ignore: - - '**/*.md' +# To cancel running workflow when new commits pushed in a pull request +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: + changed-files: + uses: ./.github/workflows/changed-files.yaml unit-tests: - runs-on: ubuntu-latest name: Unit tests + runs-on: ubuntu-latest + needs: changed-files + if: ${{ needs.changed-files.outputs.non-markdown-files }} steps: - uses: actions/checkout@v4 - name: Import environment variables from file @@ -28,6 +34,8 @@ jobs: extended-tests: runs-on: ubuntu-latest name: Extended tests + needs: changed-files + if: ${{ needs.changed-files.outputs.non-markdown-files }} steps: - uses: actions/checkout@v4 - name: Import environment variables from file diff --git a/.mdox.validate.yaml b/.mdox.validate.yaml index 76221fada54..f75655b7467 100644 --- a/.mdox.validate.yaml +++ b/.mdox.validate.yaml @@ -4,6 +4,9 @@ timeout: "1m" explicitLocalValidators: true validators: + # Skip localhost examples. + - regex: 'localhost' + type: "ignore" # docs.github.com returns 403 if not in browser. Cannot curl as well. - regex: 'docs\.github\.com' type: "ignore" @@ -31,3 +34,8 @@ validators: # Ignore anchor links pointing to the API documentation which are HTML tags and not supported by mdox. - regex: 'api\.md#monitoring\.coreos\.com/v1\.(BasicAuth|PrometheusSpec|StorageSpec)$' type: ignore + # Use the githubPullsIssues validator to avoid rate-limiting. + - regex: '(^http[s]?:\/\/)(www\.)?(github\.com\/)prometheus-operator\/prometheus-operator(\/pull\/|\/issues\/)' + type: githubPullsIssues + # The GitHub actions running mdox configure the GITHUB_TOKEN environment variable. + token: '$(GITHUB_TOKEN)' diff --git a/ADOPTERS.md b/ADOPTERS.md index 2abb806266c..c4fcbee3b01 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -85,6 +85,19 @@ Details: - 800K samples/s - 30M active series +## DACHS IT + +[dachs-it.de](https://dachs-it.de) + +Environments: AWS, Azure, Bare Metal + +Uses [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus): No + +Details (optional): +- HA Pair of Prometheus +- 25k samples/s +- 750k active series + ## Deckhouse [deckhouse.io](https://deckhouse.io/) @@ -135,6 +148,19 @@ Details: - 20000 samples/s - 1M active series +## iFlytek + +https://www.iflytek.com/ + +Environments: iflytek Cloud, etc + +Uses [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus): Yes + +Details (optional): +- One prometheus operator per management cluster and one prometheus instance per workload cluster +- 700000 samples/s +- 30M active series + ## Innovaccer https://innovaccer.com/ diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ae7e782a7a..8330bf17474 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,79 @@ +## 0.78.2 / 2024-11-21 + +* [BUGFIX] Revert the removal of the `proxyURL` field in `AlertmanagerConfig` CRD. The field takes precedence over `proxyUrl`. #7114 + +## 0.78.1 / 2024-10-30 + +* [BUGFIX] Fix container images for architectures other than `amd64`. #7065 #7066 #7067 + +## 0.78.0 / 2024-10-30 + +* [CHANGE] Allow overlapping compactions by default in Prometheus when the Thanos sidecar is configured with uploads. #6906 +* [CHANGE] Drop support (officially) for Alertmanager less than v0.15. #7057 +* [FEATURE] Add `dnsConfig` and `dnsPolicy` fields to `Alertmanager`, `Prometheus`, `PrometheusAgent` and `ThanosRuler` CRDs. #3889 +* [FEATURE] Add `ruleQueryOffset` field to `Prometheus` CRD and `query_offset` field to `PrometheusRule` CRD. #6957 +* [FEATURE] Add support for Remote Write v2.0 to `Prometheus` and `PrometheusAgent` CRDs. #7033 +* [ENHANCEMENT] Add `goGC` field to `Prometheus` and `PrometheusAgent` CRDs. #6667 +* [BUGFIX] Fix label name validation in `ScrapeConfig` CRD. #6892 +* [BUGFIX] Fix version checking for the `promoteResourceAttributes` field. #7017 + +## 0.77.2 / 2024-10-21 + +* [BUGFIX] Correct HTTP port name for the Kubelet endpoint. #7027 + +## 0.77.1 / 2024-09-25 + +* [BUGFIX] Fix Thanos Ruler reconciliations not triggered on StatefulSet updates. #6964 +* [BUGFIX] Fix error message for unsupported versions. #6965 + +## 0.77.0 / 2024-09-19 + +> [!NOTE] +> Along with this release we also introduce a new command line tool [poctl](https://github.com/prometheus-operator/poctl). It is designed specifically for managing Prometheus Operator Custom Resources. +> This project is currently under active development and fully experimental, so expect breaking changes and rough edges. We encourage you to [try it out](https://github.com/prometheus-operator/poctl/releases/tag/v0.1.0) and provide the feedback. + +> [!WARNING] +> Another notable change is that we have switched the logging framework from [go-kit/log](https://github.com/go-kit/log) to [slog](https://pkg.go.dev/log/slog) which may lead to some differences in the log output. + +* [CHANGE] Add more API validation and changes to the `ScrapeConfig` CRD. #6921 #6855 #6744 +* [CHANGE] Update the validating webhook to reject `PrometheusRule` objects that would generate configuration greater than the max ConfigMap size (512KiB). #6606 +* [FEATURE] Add experimental Prometheus 3 support. It allows to try the new Prometheus `v3.0.0-beta.0`. #6940 + * Feature requests in this version won't be supported until Prometheus 3 reaches a stable release. However, users are encouraged to try the beta version with the Operator and report any issues they encounter. +* [FEATURE] Add support for `PodMonitor` to the `PrometheusAgent` CRD in DaemonSet mode. #6879 +* [FEATURE] Add `-kubelet-endpointslice` argument to support `EndpointSlice` for the kubelet controller. #6882 +* [FEATURE] Add `outOfOrderTimeWindow` field to the `PrometheusAgent` CRD. #6851 +* [FEATURE] Add `matchFirstNetwork` field to the `ScrapeConfig` CRD for the Docker Service Discovery. #6849 #6894 +* [FEATURE] Add the `otlp` field to the `Prometheus` and `PrometheusAgent` CRDs. #6780 +* [FEATURE] Add support for certificate, key and client CA file paths to the web TLS configuration. #6358 +* [FEATURE] Add `noProxy`, `proxyFromEnvironment` and `proxyConnectHeader` fields to the AlertmanagerConfig CRD for OAuth2 clients. #6922 +* [FEATURE] Add `noProxy`, `proxyFromEnvironment` and `proxyConnectHeader` fields to the AlertmanagerConfig CRD for HTTP clients. #6864 +* [FEATURE] Add Ionos Service Discovery support to `ScrapeConfig` CRD. (#6732) +* [BUGFIX] Fix panic when processing an invalid `AlertmanagerConfig` object used for global configuration. #6931 +* [BUGFIX] Allow configuring proxy URL for all Prometheus versions. #6845 + +## 0.76.2 / 2024-09-09 + +* [BUGFIX] Fix OAuth2 TLSConfig nil pointer. #6909 + +## 0.76.1 / 2024-09-03 + +* [BUGFIX] fix bug with Kubernetes service discovery `Selector.Role` field. #6896 + +## 0.76.0 / 2024-08-08 + +* [CHANGE] Enhanced secret management in Prometheus and PrometheusAgent CRDs by switching the secrets field from atomic to listType: set, allowing independent handling of entries by different managers to prevent conflicts and improve deployment stability. #6762 +* [CHANGE] Add API-level validations to Kubernetes SD in the ScrapeConfig CRD. #6678 +* [FEATURE] Add TLS and Proxy settings to OAuth2 configuration for Prometheus and PrometheusAgent CRDs. #6735 +* [FEATURE] Add support for OAuth2 in the ScrapeConfig CRD. #6814 +* [FEATURE] Add scale subresource to the Alertmanger CRD. #6728 +* [FEATURE] Add Scaleway service discovery to the ScrapeConfig CRD. #6711 +* [FEATURE] Add `serviceDiscoveryRole` field to the Prometheus and PrometheusAgent CRDs to select between Endpoints (default) and EndpointSlice for discovering scrape and alerting targets. #6672 +* [ENHANCEMENT] Make the `namespace` field optional in the Alertmanager endpoints configuration of the Prometheus CRD, if not defined it will use the `default` namespace. #6338 +* [ENHANCEMENT] Add support to configure the TLS version for Prometheus, PrometheusAgent and Alertmanager CRDs. #6736 +* [ENHANCEMENT] Add `-secret-label-selector` argument to the operator to filter the Secrets being watched. #6731 +* [ENHANCEMENT] Add `attachMetadata` field to ScrapeClasses. #6756 +* [BUGFIX] Add support for all proxy settings in the Alertmanager configuration. #6818 + ## 0.75.2 / 2024-07-23 * [BUGFIX] Avoid invalid alerting config with TLS. #6765 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 751e244dbd0..bb58e0230e9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,10 +1,10 @@ --- -weight: 120 +weight: 501 toc: true title: Contributing menu: docs: - parent: prologue + parent: community lead: "" lastmod: "2021-03-08T08:48:57+00:00" images: [] @@ -21,23 +21,24 @@ and other resources to make it easier to get your contribution accepted. To maintain a safe and welcoming community, all participants must adhere to the project's [Code of Conduct](code-of-conduct.md). -# Certificate of Origin +## Certificate of Origin By contributing to this project you agree to the Developer Certificate of Origin (DCO). This document was created by the Linux Kernel community and is a simple statement that you, as a contributor, have the legal right to make the contribution. See the [DCO](DCO) file for details. -# Email and Chat +## Email and Chat The project currently uses the [Kubernetes Slack](https://kubernetes.slack.com): + - [#prometheus-operator](https://kubernetes.slack.com/archives/CFFDS2Z7F) - [#prometheus-operator-dev](https://kubernetes.slack.com/archives/C01B03QCSMN) Please avoid emailing maintainers found in the MAINTAINERS file directly. They are very busy and read the mailing lists. -# Office Hours Meetings +## Office Hours Meetings The project also holds bi-weekly public meetings where maintainers, contributors and users of the Prometheus Operator and kube-prometheus can @@ -72,13 +73,15 @@ Thanks for your contributions! ### Changes to the APIs When designing Custom Resource Definitions (CRDs), please refer to the existing Kubernetes guidelines: -* [API conventions](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md). -* [API changes](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api_changes.md). + +- [API conventions](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md). +- [API changes](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api_changes.md). In particular, this project follows the API stability guidelines: -* For alpha API versions (e.g. `v1alpha1`, `v1alpha2`, ...), we may allow to break forward and backward compatibility (but we'll try hard to avoid it). -* For beta API versions (e.g. `v1beta1`, `v1beta2`, ...), we may allow to break backward compatibility but not forward compatibility. -* For stable API versions (e.g. `v1`), we don't allow to break backward and forward compatibility. + +- For alpha API versions (e.g. `v1alpha1`, `v1alpha2`, ...), we may allow to break forward and backward compatibility (but we'll try hard to avoid it). +- For beta API versions (e.g. `v1beta1`, `v1beta2`, ...), we may allow to break backward compatibility but not forward compatibility. +- For stable API versions (e.g. `v1`), we don't allow to break backward and forward compatibility. ### Format of the Commit Message @@ -86,7 +89,7 @@ We follow a rough convention for commit messages that is designed to answer two questions: what changed and why. The subject line should feature the what and the body of the commit should describe the why. -``` +```bash scripts: add the test-cluster command This uses tmux to setup a test cluster that you can easily kill and @@ -97,7 +100,7 @@ Fixes #38 The format can be described more formally as follows: -``` +```bash : @@ -110,7 +113,7 @@ second line is always blank, and other lines should be wrapped at 80 characters. This allows the message to be easier to read on GitHub as well as in various Git tools. -# Local Development +## Local Development If you want to run Prometheus Operator on your local environment, you can follow the steps below. @@ -118,20 +121,24 @@ If you want to run Prometheus Operator on your local environment, you can follow 2. Run the utility script [scripts/run-external.sh](scripts/run-external.sh), it will check all the requirements and run your local version of the Prometheus Operator on your Kind cluster. -``` +```bash ./scripts/run-external.sh -c ``` + 3. You should now be able to see the logs from the operator in your terminal. The Operator is successully running in your local system and can be debugged, checked for behaviour etc. Similarly, if you work on a specific branch, you can run the `scripts/run-external.sh` script in this branch to deploy it. -# Proposal Process +## Proposal Process -The Prometheus Operator project accepts proposals for new features, enhancements and design documents. -Proposals can be submitted in the form of a pull request using the template below. +The Prometheus Operator project accepts proposals for new features, +enhancements and design documents. The document should be created in the +`Documentation/proposals` directory using the template below, prefixed by +`-` and submitted in the form of a GitHub Pull Request. The process is adopted from the Thanos community. +```markdown mdox-exec="cat Documentation/proposals/template.md" ## Your Proposal Title * **Owners:** @@ -211,3 +218,4 @@ The tasks to do in order to migrate to the new idea. ... +``` diff --git a/DCO b/DCO index 716561d5d28..9d1e477c253 100644 --- a/DCO +++ b/DCO @@ -1,3 +1,15 @@ +--- +weight: 503 +toc: true +title: DCO +menu: + docs: + parent: community +lead: "" +images: [] +draft: false +--- + Developer Certificate of Origin Version 1.1 diff --git a/Dockerfile b/Dockerfile index 12ea770a2bf..a8d6cefb70e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,20 @@ -ARG ARCH="amd64" -ARG OS="linux" +ARG ARCH=amd64 +ARG OS=linux +ARG GOLANG_BUILDER=1.23 +FROM quay.io/prometheus/golang-builder:${GOLANG_BUILDER}-base AS builder +WORKDIR /workspace + +# Copy source files +COPY . . + +# Build +ARG GOARCH +ENV GOARCH=${GOARCH} +RUN make operator + FROM quay.io/prometheus/busybox-${OS}-${ARCH}:latest -COPY operator /bin/operator +COPY --from=builder workspace/operator /bin/operator # On busybox 'nobody' has uid `65534' USER 65534 diff --git a/Documentation/api.md b/Documentation/api.md index a16940d163a..e86e4460e6d 100644 --- a/Documentation/api.md +++ b/Documentation/api.md @@ -4,7 +4,7 @@ description: "Prometheus operator generated API reference docs" draft: false images: [] menu: "operator" -weight: 211 +weight: 151 toc: true --- > This page is automatically generated with `gen-crd-api-reference-docs`. @@ -40,7 +40,9 @@ Resource Types:

Alertmanager

-

Alertmanager describes an Alertmanager cluster.

+

The Alertmanager custom resource definition (CRD) defines a desired Alertmanager setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more.

+

For each Alertmanager resource, the Operator deploys a StatefulSet in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode.

+

The resource defines via label and namespace selectors which AlertmanagerConfig objects should be associated to the deployed Alertmanager instances.

@@ -468,6 +470,34 @@ This defaults to the default PodSecurityContext.

+ + + + + + + + @@ -793,7 +823,13 @@ More info:

PodMonitor

-

PodMonitor defines monitoring for a set of pods.

+

The PodMonitor custom resource definition (CRD) defines how Prometheus and PrometheusAgent can scrape metrics from a group of pods. +Among other things, it allows to specify: +* The pods to scrape via label selectors. +* The container ports to scrape. +* Authentication credentials to use. +* Target and metric relabeling.

+

Prometheus and PrometheusAgent objects select PodMonitor objects using label and namespace selectors.

+dnsPolicy
+ + +DNSPolicy + + +
+(Optional) +

Defines the DNS policy for the pods.

+
+dnsConfig
+ + +PodDNSConfig + + +
+(Optional) +

Defines the DNS configuration for the pods.

+
serviceAccountName
string @@ -657,30 +687,30 @@ Kubernetes meta/v1.LabelSelector
-alertmanagerConfigMatcherStrategy
+alertmanagerConfigNamespaceSelector
- -AlertmanagerConfigMatcherStrategy + +Kubernetes meta/v1.LabelSelector
-

The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. -In the future more options may be added.

+

Namespaces to be selected for AlertmanagerConfig discovery. If nil, only +check own namespace.

-alertmanagerConfigNamespaceSelector
+alertmanagerConfigMatcherStrategy
- -Kubernetes meta/v1.LabelSelector + +AlertmanagerConfigMatcherStrategy
-

Namespaces to be selected for AlertmanagerConfig discovery. If nil, only -check own namespace.

+

AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects +process incoming alerts.

@@ -889,7 +925,7 @@ associated Kubernetes Pod object onto the ingested metrics.

@@ -902,7 +938,7 @@ Kubernetes meta/v1.LabelSelector @@ -915,8 +951,8 @@ NamespaceSelector @@ -1003,6 +1039,47 @@ uint64 + + + + + + + + + + + + @@ -1067,7 +1144,11 @@ of uncompressed response body that will be accepted by Prometheus.

Probe

-

Probe defines monitoring for a set of static targets or ingresses.

+

The Probe custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the blackbox exporter.

+

The Probe resource needs 2 pieces of information: +* The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects. +* The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, …) as Prometheus metrics.

+

Prometheus and PrometheusAgent objects select Probe objects using label and namespace selectors.

(Optional) -

List of endpoints part of this PodMonitor.

+

Defines how to scrape metrics from the selected pods.

-

Label selector to select the Kubernetes Pod objects.

+

Label selector to select the Kubernetes Pod objects to scrape metrics from.

-

Selector to select which namespaces the Kubernetes Pods objects -are discovered from.

+

namespaceSelector defines in which namespace(s) Prometheus should discover the pods. +By default, the pods are discovered in the same namespace as the PodMonitor object but it is possible to select pods across different/all namespaces.

+scrapeClassicHistograms
+ +bool + +
+(Optional) +

Whether to scrape a classic histogram that is also exposed as a native histogram. +It requires Prometheus >= v2.45.0.

+
+nativeHistogramBucketLimit
+ +uint64 + +
+(Optional) +

If there are more than this many buckets in a native histogram, +buckets will be merged to stay within the limit. +It requires Prometheus >= v2.45.0.

+
+nativeHistogramMinBucketFactor
+ +k8s.io/apimachinery/pkg/api/resource.Quantity + +
+(Optional) +

If the growth factor of one bucket to the next is smaller than this, +buckets will be merged to increase the factor sufficiently. +It requires Prometheus >= v2.50.0.

+
keepDroppedTargets
uint64 @@ -1028,7 +1105,7 @@ AttachMetadata (Optional)

attachMetadata defines additional metadata which is added to the discovered targets.

-

It requires Prometheus >= v2.37.0.

+

It requires Prometheus >= v2.35.0.

@@ -1364,6 +1445,47 @@ Only valid in Prometheus versions 2.27.0 and newer.

+ + + + + + + + + + + + @@ -3130,7 +3362,8 @@ More info:

PrometheusRule

-

PrometheusRule defines recording and alerting rules for a Prometheus instance

+

The PrometheusRule custom resource definition (CRD) defines alerting and recording rules to be evaluated by Prometheus or ThanosRuler objects.

+

Prometheus and ThanosRuler objects select PrometheusRule objects using label and namespace selectors.

+scrapeClassicHistograms
+ +bool + +
+(Optional) +

Whether to scrape a classic histogram that is also exposed as a native histogram. +It requires Prometheus >= v2.45.0.

+
+nativeHistogramBucketLimit
+ +uint64 + +
+(Optional) +

If there are more than this many buckets in a native histogram, +buckets will be merged to stay within the limit. +It requires Prometheus >= v2.45.0.

+
+nativeHistogramMinBucketFactor
+ +k8s.io/apimachinery/pkg/api/resource.Quantity + +
+(Optional) +

If the growth factor of one bucket to the next is smaller than this, +buckets will be merged to increase the factor sufficiently. +It requires Prometheus >= v2.50.0.

+
keepDroppedTargets
uint64 @@ -1396,7 +1518,10 @@ string

Prometheus

-

Prometheus defines a Prometheus deployment.

+

The Prometheus custom resource definition (CRD) defines a desired Prometheus setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more.

+

For each Prometheus resource, the Operator deploys one or several StatefulSet objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default.

+

The resource defines via label and namespace selectors which ServiceMonitor, PodMonitor, Probe and PrometheusRule objects should be associated to the deployed Prometheus instances.

+

The Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed.

@@ -1866,6 +1991,22 @@ For more information see +[]RemoteWriteMessageVersion + + + + + + + + + + + + + + + + + + + @@ -2779,6 +2964,52 @@ in a breaking way.

+ + + + + + + + + + + + + + + + - - - -
+(Optional) +

List of the protobuf message versions to accept when receiving the +remote writes.

+

It requires Prometheus >= v2.54.0.

+
enableFeatures
@@ -2120,6 +2261,21 @@ Kubernetes core/v1.Affinity
+otlp
+ + +OTLPConfig + + +
+(Optional) +

Settings related to the OTLP receiver feature. +It requires Prometheus >= v2.55.0.

+
securityContext
@@ -2135,6 +2291,34 @@ This defaults to the default PodSecurityContext.

+dnsPolicy
+ + +DNSPolicy + + +
+(Optional) +

Defines the DNS policy for the pods.

+
+dnsConfig
+ + +PodDNSConfig + + +
+(Optional) +

Defines the DNS configuration for the pods.

+
listenLocal
bool @@ -2593,7 +2777,8 @@ bool

Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/).

When hostNetwork is enabled, this will set the DNS policy to -ClusterFirstWithHostNet automatically.

+ClusterFirstWithHostNet automatically (unless .spec.DNSPolicy is set +to a different value).

+serviceDiscoveryRole
+ + +ServiceDiscoveryRole + + +
+(Optional) +

Defines the service discovery role used to discover targets from +ServiceMonitor objects and Alertmanager endpoints.

+

If set, the value should be either “Endpoints” or “EndpointSlice”. +If unset, the operator assumes the “Endpoints” role.

+
+tsdb
+ + +TSDBSpec + + +
+(Optional) +

Defines the runtime reloadable configuration of the timeseries database(TSDB). +It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.

+
+runtime
+ + +RuntimeConfig + + +
+(Optional) +

RuntimeConfig configures the values for the Prometheus process behavior

+
baseImage
string @@ -3078,6 +3309,21 @@ Default: “30s”

+ruleQueryOffset
+ + +Duration + + +
+(Optional) +

Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. +It requires Prometheus >= v2.53.0.

+
enableAdminAPI
bool @@ -3093,20 +3339,6 @@ ensure only clients authorized to perform these actions can do so.

https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis

-tsdb
- - -TSDBSpec - - -
-

Defines the runtime reloadable configuration of the timeseries database -(TSDB).

-
@@ -3206,7 +3439,13 @@ PrometheusRuleSpec

ServiceMonitor

-

ServiceMonitor defines monitoring for a set of services.

+

The ServiceMonitor custom resource definition (CRD) defines how Prometheus and PrometheusAgent can scrape metrics from a group of services. +Among other things, it allows to specify: +* The services to scrape via label selectors. +* The container ports to scrape. +* Authentication credentials to use. +* Target and metric relabeling.

+

Prometheus and PrometheusAgent objects select ServiceMonitor objects using label and namespace selectors.

@@ -3316,8 +3555,9 @@ associated Kubernetes Pod object onto the ingested metrics.

@@ -3330,7 +3570,7 @@ Kubernetes meta/v1.LabelSelector @@ -3343,8 +3583,8 @@ NamespaceSelector @@ -3431,6 +3671,47 @@ uint64 + + + + + + + + + + + +
-(Optional) -

List of endpoints part of this ServiceMonitor.

+

List of endpoints part of this ServiceMonitor. +Defines how to scrape metrics from Kubernetes Endpoints objects. +In most cases, an Endpoints object is backed by a Kubernetes Service object with the same name and labels.

-

Label selector to select the Kubernetes Endpoints objects.

+

Label selector to select the Kubernetes Endpoints objects to scrape metrics from.

-

Selector to select which namespaces the Kubernetes Endpoints objects -are discovered from.

+

namespaceSelector defines in which namespace(s) Prometheus should discover the services. +By default, the services are discovered in the same namespace as the ServiceMonitor object but it is possible to select pods across different/all namespaces.

+scrapeClassicHistograms
+ +bool + +
+(Optional) +

Whether to scrape a classic histogram that is also exposed as a native histogram. +It requires Prometheus >= v2.45.0.

+
+nativeHistogramBucketLimit
+ +uint64 + +
+(Optional) +

If there are more than this many buckets in a native histogram, +buckets will be merged to stay within the limit. +It requires Prometheus >= v2.45.0.

+
+nativeHistogramMinBucketFactor
+ +k8s.io/apimachinery/pkg/api/resource.Quantity + +
+(Optional) +

If the growth factor of one bucket to the next is smaller than this, +buckets will be merged to increase the factor sufficiently. +It requires Prometheus >= v2.50.0.

+
keepDroppedTargets
uint64 @@ -3495,7 +3776,9 @@ of uncompressed response body that will be accepted by Prometheus.

ThanosRuler

-

ThanosRuler defines a ThanosRuler deployment.

+

The ThanosRuler custom resource definition (CRD) defines a desired Thanos Ruler setup to run in a Kubernetes cluster.

+

A ThanosRuler instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services).

+

The resource defines via label and namespace selectors which PrometheusRule objects should be associated to the deployed Thanos Ruler instances.

@@ -3724,6 +4007,34 @@ This defaults to the default PodSecurityContext.

+ + + + + + + + @@ -4432,7 +4743,6 @@ in clear-text. Prefer using authorization.

(Appears on:AlertmanagerSpec)

-

AlertmanagerConfigMatcherStrategy defines the strategy used by AlertmanagerConfig objects to match alerts.

+dnsPolicy
+ + +DNSPolicy + + +
+(Optional) +

Defines the DNS policy for the pods.

+
+dnsConfig
+ + +PodDNSConfig + + +
+(Optional) +

Defines the DNS configuration for the pods.

+
priorityClassName
string @@ -4421,7 +4732,7 @@ in clear-text. Prefer using authorization.

-

AlertmanagerEndpoints Prometheus should fire alerts against.

+

Alertmanager endpoints where Prometheus should send alerts to.

@@ -4446,29 +4756,57 @@ in clear-text. Prefer using authorization.

type
-string + +AlertmanagerConfigMatcherStrategyType +
-

If set to OnNamespace, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules. -None will not add any additional matchers other than the ones specified in the AlertmanagerConfig. -Default is OnNamespace.

+

AlertmanagerConfigMatcherStrategyType defines the strategy used by +AlertmanagerConfig objects to match alerts in the routes and inhibition +rules.

+

The default value is OnNamespace.

-

AlertmanagerConfiguration -

+

AlertmanagerConfigMatcherStrategyType +(string alias)

-(Appears on:AlertmanagerSpec) +(Appears on:AlertmanagerConfigMatcherStrategy)

-

AlertmanagerConfiguration defines the Alertmanager configuration.

- + + + + + + + + + +
FieldValueDescription

"None"

With None, the route and inhbition rules of an AlertmanagerConfig +object process all incoming alerts.

+

"OnNamespace"

With OnNamespace, the route and inhibition rules of an +AlertmanagerConfig object only process alerts that have a namespace +label equal to the namespace of the object.

+
+

AlertmanagerConfiguration +

+

+(Appears on:AlertmanagerSpec) +

+
+

AlertmanagerConfiguration defines the Alertmanager configuration.

+
+ + + + @@ -4541,7 +4879,10 @@ string @@ -5232,6 +5573,34 @@ This defaults to the default PodSecurityContext.

+ + + + + + + + @@ -5615,6 +5984,17 @@ int32 + + + + @@ -6530,6 +6912,22 @@ For more information see +[]RemoteWriteMessageVersion + + + + + + + + + + + + + + + + + + + @@ -7441,6 +7883,38 @@ PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.

in a breaking way.

+ + + + + + + +
Field Description
+(Optional)

Namespace of the Endpoints object.

+

If not set, the object will be discovered in the namespace of the +Prometheus object.

+dnsPolicy
+ + +DNSPolicy + + +
+(Optional) +

Defines the DNS policy for the pods.

+
+dnsConfig
+ + +PodDNSConfig + + +
+(Optional) +

Defines the DNS configuration for the pods.

+
serviceAccountName
string @@ -5421,30 +5790,30 @@ Kubernetes meta/v1.LabelSelector
-alertmanagerConfigMatcherStrategy
+alertmanagerConfigNamespaceSelector
- -AlertmanagerConfigMatcherStrategy + +Kubernetes meta/v1.LabelSelector
-

The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. -In the future more options may be added.

+

Namespaces to be selected for AlertmanagerConfig discovery. If nil, only +check own namespace.

-alertmanagerConfigNamespaceSelector
+alertmanagerConfigMatcherStrategy
- -Kubernetes meta/v1.LabelSelector + +AlertmanagerConfigMatcherStrategy
-

Namespaces to be selected for AlertmanagerConfig discovery. If nil, only -check own namespace.

+

AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects +process incoming alerts.

+selector
+ +string + +
+

The selector used to match the pods targeted by this Alertmanager object.

+
conditions
@@ -5777,7 +6157,7 @@ string

AttachMetadata

-(Appears on:PodMonitorSpec, ServiceMonitorSpec) +(Appears on:PodMonitorSpec, ScrapeClass, ServiceMonitorSpec)

@@ -5798,8 +6178,10 @@ bool
(Optional) -

When set to true, Prometheus must have the get permission on the -Nodes objects.

+

When set to true, Prometheus attaches node metadata to the discovered +targets.

+

The Prometheus service account must have the list and watch +permissions on the Nodes objects.

+(Optional) +

List of the protobuf message versions to accept when receiving the +remote writes.

+

It requires Prometheus >= v2.54.0.

+
enableFeatures
@@ -6784,6 +7182,21 @@ Kubernetes core/v1.Affinity
+otlp
+ + +OTLPConfig + + +
+(Optional) +

Settings related to the OTLP receiver feature. +It requires Prometheus >= v2.55.0.

+
securityContext
@@ -6799,6 +7212,34 @@ This defaults to the default PodSecurityContext.

+dnsPolicy
+ + +DNSPolicy + + +
+(Optional) +

Defines the DNS policy for the pods.

+
+dnsConfig
+ + +PodDNSConfig + + +
+(Optional) +

Defines the DNS configuration for the pods.

+
listenLocal
bool @@ -7257,7 +7698,8 @@ bool

Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/).

When hostNetwork is enabled, this will set the DNS policy to -ClusterFirstWithHostNet automatically.

+ClusterFirstWithHostNet automatically (unless .spec.DNSPolicy is set +to a different value).

+serviceDiscoveryRole
+ + +ServiceDiscoveryRole + + +
+(Optional) +

Defines the service discovery role used to discover targets from +ServiceMonitor objects and Alertmanager endpoints.

+

If set, the value should be either “Endpoints” or “EndpointSlice”. +If unset, the operator assumes the “Endpoints” role.

+
+tsdb
+ + +TSDBSpec + + +
+(Optional) +

Defines the runtime reloadable configuration of the timeseries database(TSDB). +It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.

+

Condition @@ -7795,10 +8269,46 @@ be ignored. A null or empty list means only match against labelSelector.

+

DNSPolicy +(string alias)

+

+(Appears on:AlertmanagerSpec, CommonPrometheusFields, ThanosRulerSpec) +

+
+

DNSPolicy specifies the DNS policy for the pod.

+
+ + + + + + + + + + + + + + + + +
ValueDescription

"ClusterFirst"

DNSClusterFirst indicates that the pod should use cluster DNS +first unless hostNetwork is true, if it is available, then +fall back on the default (as determined by kubelet) DNS settings.

+

"ClusterFirstWithHostNet"

DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS +first, if it is available, then fall back on the default +(as determined by kubelet) DNS settings.

+

"Default"

DNSDefault indicates that the pod should use the default (as +determined by kubelet) DNS settings.

+

"None"

DNSNone indicates that the pod should use empty DNS settings. DNS +parameters such as nameservers and search paths should be defined via +DNSConfig.

+

Duration (string alias)

-(Appears on:AlertmanagerEndpoints, AlertmanagerGlobalConfig, CommonPrometheusFields, Endpoint, MetadataConfig, PodMetricsEndpoint, ProbeSpec, PrometheusSpec, PrometheusTracingConfig, QuerySpec, QueueConfig, RemoteReadSpec, RemoteWriteSpec, Rule, RuleGroup, TSDBSpec, ThanosRulerSpec, ThanosSpec, AzureSDConfig, ConsulSDConfig, DNSSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, FileSDConfig, GCESDConfig, HTTPSDConfig, HetznerSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OVHCloudSDConfig, OpenStackSDConfig, PuppetDBSDConfig, PushoverConfig, ScrapeConfigSpec, PushoverConfig) +(Appears on:AlertmanagerEndpoints, AlertmanagerGlobalConfig, CommonPrometheusFields, Endpoint, MetadataConfig, PodMetricsEndpoint, ProbeSpec, PrometheusSpec, PrometheusTracingConfig, QuerySpec, QueueConfig, RemoteReadSpec, RemoteWriteSpec, Rule, RuleGroup, TSDBSpec, ThanosRulerSpec, ThanosSpec, AzureSDConfig, ConsulSDConfig, DNSSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, FileSDConfig, GCESDConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OVHCloudSDConfig, OpenStackSDConfig, PuppetDBSDConfig, PushoverConfig, ScalewaySDConfig, ScrapeConfigSpec, PushoverConfig)

Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function. @@ -8081,7 +8591,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.

+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).

@@ -8698,14 +9208,58 @@ SafeTLSConfig -proxyURL
+proxyUrl
string (Optional) -

Optional proxy URL.

+

proxyURL defines the HTTP proxy server to use.

+ + + + +noProxy
+ +string + + + +(Optional) +

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names +that should be excluded from proxying. IP and domain names can +contain port numbers.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+ + + + +proxyFromEnvironment
+ +bool + + + +(Optional) +

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+ + + + +proxyConnectHeader
+ + +map[string][]k8s.io/api/core/v1.SecretKeySelector + + + + +(Optional) +

ProxyConnectHeader optionally specifies headers to send to +proxies during CONNECT requests.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -8928,6 +9482,65 @@ list restricting them.

+

NativeHistogramConfig +

+

+(Appears on:PodMonitorSpec, ProbeSpec, ServiceMonitorSpec, ScrapeConfigSpec) +

+
+

NativeHistogramConfig extends the native histogram configuration settings.

+
+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+scrapeClassicHistograms
+ +bool + +
+(Optional) +

Whether to scrape a classic histogram that is also exposed as a native histogram. +It requires Prometheus >= v2.45.0.

+
+nativeHistogramBucketLimit
+ +uint64 + +
+(Optional) +

If there are more than this many buckets in a native histogram, +buckets will be merged to stay within the limit. +It requires Prometheus >= v2.45.0.

+
+nativeHistogramMinBucketFactor
+ +k8s.io/apimachinery/pkg/api/resource.Quantity + +
+(Optional) +

If the growth factor of one bucket to the next is smaller than this, +buckets will be merged to increase the factor sufficiently. +It requires Prometheus >= v2.50.0.

+

NonEmptyDuration (string alias)

@@ -8942,7 +9555,7 @@ Examples: 30s, 1m, 1h20m15s, 15dOAuth2

-(Appears on:Endpoint, HTTPConfig, PodMetricsEndpoint, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, HTTPConfig) +(Appears on:Endpoint, HTTPConfig, PodMetricsEndpoint, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)

OAuth2 configures OAuth2 settings.

@@ -9018,28 +9631,129 @@ map[string]string URL.

- - -

OAuth2ValidationError -

-
-
- - - - - - - - + + + + + + + + + + + + + + + + + + + +
FieldDescription
-err
+tlsConfig
-string + +SafeTLSConfig + + +
+(Optional) +

TLS configuration to use when connecting to the OAuth2 server. +It requires Prometheus >= v2.43.0.

+
+proxyUrl
+ +string + +
+(Optional) +

proxyURL defines the HTTP proxy server to use.

+
+noProxy
+ +string + +
+(Optional) +

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names +that should be excluded from proxying. IP and domain names can +contain port numbers.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+
+proxyFromEnvironment
+ +bool + +
+(Optional) +

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+
+proxyConnectHeader
+ + +map[string][]k8s.io/api/core/v1.SecretKeySelector + + +
+(Optional) +

ProxyConnectHeader optionally specifies headers to send to +proxies during CONNECT requests.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+
+

OAuth2ValidationError +

+
+
+ + + + + + + + + + + + + +
FieldDescription
+err
+ +string + +
+
+

OTLPConfig +

+

+(Appears on:CommonPrometheusFields) +

+
+

OTLPConfig is the configuration for writing to the OTLP endpoint.

+
+ + + + + + + + + + @@ -9109,6 +9823,105 @@ string
FieldDescription
+promoteResourceAttributes
+ +[]string
+(Optional) +

List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none.

+

PodDNSConfig +

+

+(Appears on:AlertmanagerSpec, CommonPrometheusFields, ThanosRulerSpec) +

+
+

PodDNSConfig defines the DNS parameters of a pod in addition to +those generated from DNSPolicy.

+
+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+nameservers
+ +[]string + +
+

A list of DNS name server IP addresses. +This will be appended to the base nameservers generated from DNSPolicy.

+
+searches
+ +[]string + +
+

A list of DNS search domains for host-name lookup. +This will be appended to the base search paths generated from DNSPolicy.

+
+options
+ + +[]PodDNSConfigOption + + +
+

A list of DNS resolver options. +This will be merged with the base options generated from DNSPolicy. +Resolution options given in Options +will override those that appear in the base DNSPolicy.

+
+

PodDNSConfigOption +

+

+(Appears on:PodDNSConfig) +

+
+

PodDNSConfigOption defines DNS resolver options of a pod.

+
+ + + + + + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +
+

Name is required and must be unique.

+
+value
+ +string + +
+

Value is optional.

+

PodMetricsEndpoint

@@ -9483,7 +10296,7 @@ associated Kubernetes Pod object onto the ingested metrics.

(Optional) -

List of endpoints part of this PodMonitor.

+

Defines how to scrape metrics from the selected pods.

@@ -9496,7 +10309,7 @@ Kubernetes meta/v1.LabelSelector -

Label selector to select the Kubernetes Pod objects.

+

Label selector to select the Kubernetes Pod objects to scrape metrics from.

@@ -9509,8 +10322,8 @@ NamespaceSelector -

Selector to select which namespaces the Kubernetes Pods objects -are discovered from.

+

namespaceSelector defines in which namespace(s) Prometheus should discover the pods. +By default, the pods are discovered in the same namespace as the PodMonitor object but it is possible to select pods across different/all namespaces.

@@ -9597,6 +10410,47 @@ uint64 +scrapeClassicHistograms
+ +bool + + + +(Optional) +

Whether to scrape a classic histogram that is also exposed as a native histogram. +It requires Prometheus >= v2.45.0.

+ + + + +nativeHistogramBucketLimit
+ +uint64 + + + +(Optional) +

If there are more than this many buckets in a native histogram, +buckets will be merged to stay within the limit. +It requires Prometheus >= v2.45.0.

+ + + + +nativeHistogramMinBucketFactor
+ +k8s.io/apimachinery/pkg/api/resource.Quantity + + + +(Optional) +

If the growth factor of one bucket to the next is smaller than this, +buckets will be merged to increase the factor sufficiently. +It requires Prometheus >= v2.50.0.

+ + + + keepDroppedTargets
uint64 @@ -9622,7 +10476,7 @@ AttachMetadata (Optional)

attachMetadata defines additional metadata which is added to the discovered targets.

-

It requires Prometheus >= v2.37.0.

+

It requires Prometheus >= v2.35.0.

@@ -9913,6 +10767,47 @@ Only valid in Prometheus versions 2.27.0 and newer.

+scrapeClassicHistograms
+ +bool + + + +(Optional) +

Whether to scrape a classic histogram that is also exposed as a native histogram. +It requires Prometheus >= v2.45.0.

+ + + + +nativeHistogramBucketLimit
+ +uint64 + + + +(Optional) +

If there are more than this many buckets in a native histogram, +buckets will be merged to stay within the limit. +It requires Prometheus >= v2.45.0.

+ + + + +nativeHistogramMinBucketFactor
+ +k8s.io/apimachinery/pkg/api/resource.Quantity + + + +(Optional) +

If the growth factor of one bucket to the next is smaller than this, +buckets will be merged to increase the factor sufficiently. +It requires Prometheus >= v2.50.0.

+ + + + keepDroppedTargets
uint64 @@ -10704,25 +11599,41 @@ For more information see -[]EnableFeature + +[]RemoteWriteMessageVersion (Optional) -

Enable access to Prometheus feature flags. By default, no features are enabled.

-

Enabling features which are disabled by default is entirely outside the -scope of what the maintainers will support and by doing so, you accept -that this behaviour may break at any time without notice.

-

For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/

+

List of the protobuf message versions to accept when receiving the +remote writes.

+

It requires Prometheus >= v2.54.0.

-externalUrl
+enableFeatures
+ + +[]EnableFeature + + + + +(Optional) +

Enable access to Prometheus feature flags. By default, no features are enabled.

+

Enabling features which are disabled by default is entirely outside the +scope of what the maintainers will support and by doing so, you accept +that this behaviour may break at any time without notice.

+

For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/

+ + + + +externalUrl
string @@ -10958,6 +11869,21 @@ Kubernetes core/v1.Affinity +otlp
+ + +OTLPConfig + + + + +(Optional) +

Settings related to the OTLP receiver feature. +It requires Prometheus >= v2.55.0.

+ + + + securityContext
@@ -10973,6 +11899,34 @@ This defaults to the default PodSecurityContext.

+dnsPolicy
+ +
+DNSPolicy + + + + +(Optional) +

Defines the DNS policy for the pods.

+ + + + +dnsConfig
+ + +PodDNSConfig + + + + +(Optional) +

Defines the DNS configuration for the pods.

+ + + + listenLocal
bool @@ -11431,7 +12385,8 @@ bool

Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/).

When hostNetwork is enabled, this will set the DNS policy to -ClusterFirstWithHostNet automatically.

+ClusterFirstWithHostNet automatically (unless .spec.DNSPolicy is set +to a different value).

@@ -11617,6 +12572,52 @@ in a breaking way.

+serviceDiscoveryRole
+ + +ServiceDiscoveryRole + + + + +(Optional) +

Defines the service discovery role used to discover targets from +ServiceMonitor objects and Alertmanager endpoints.

+

If set, the value should be either “Endpoints” or “EndpointSlice”. +If unset, the operator assumes the “Endpoints” role.

+ + + + +tsdb
+ + +TSDBSpec + + + + +(Optional) +

Defines the runtime reloadable configuration of the timeseries database(TSDB). +It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.

+ + + + +runtime
+ + +RuntimeConfig + + + + +(Optional) +

RuntimeConfig configures the values for the Prometheus process behavior

+ + + + baseImage
string @@ -11916,6 +12917,21 @@ Default: “30s”

+ruleQueryOffset
+ + +Duration + + + + +(Optional) +

Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. +It requires Prometheus >= v2.53.0.

+ + + + enableAdminAPI
bool @@ -11931,20 +12947,6 @@ ensure only clients authorized to perform these actions can do so.

https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis

- - -tsdb
- - -TSDBSpec - - - - -

Defines the runtime reloadable configuration of the timeseries database -(TSDB).

- -

PrometheusStatus @@ -12264,7 +13266,7 @@ A zero value means that Prometheus doesn’t accept any incoming connection.

ProxyConfig

-(Appears on:RemoteReadSpec, RemoteWriteSpec, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec) +(Appears on:HTTPConfig, OAuth2, RemoteReadSpec, RemoteWriteSpec, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, HTTPConfig)

@@ -12286,7 +13288,6 @@ string (Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

@@ -12301,7 +13302,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -12313,9 +13314,8 @@ bool (Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -12331,7 +13331,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -12750,6 +13750,7 @@ Duration
+(Optional)

Timeout for requests to the remote read endpoint.

@@ -12875,7 +13876,6 @@ string (Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

@@ -12890,7 +13890,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -12902,9 +13902,8 @@ bool (Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -12920,7 +13919,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -12951,6 +13950,28 @@ bool +

RemoteWriteMessageVersion +(string alias)

+

+(Appears on:CommonPrometheusFields, RemoteWriteSpec) +

+
+
+ + + + + + + + + + + + +
ValueDescription

"V1.0"

Remote Write message’s version 1.0.

+

"V2.0"

Remote Write message’s version 2.0.

+

RemoteWriteSpec

@@ -12987,6 +14008,7 @@ string +(Optional)

The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues.

It requires Prometheus >= v2.15.0.

@@ -12994,6 +14016,27 @@ name is used in metrics and logging in order to differentiate queues.

+messageVersion
+ + +RemoteWriteMessageVersion + + + + +(Optional) +

The Remote Write message’s version to use when writing to the endpoint.

+

Version1.0 corresponds to the prometheus.WriteRequest protobuf message introduced in Remote Write 1.0. +Version2.0 corresponds to the io.prometheus.write.v2.Request protobuf message introduced in Remote Write 2.0.

+

When Version2.0 is selected, Prometheus will automatically be +configured to append the metadata of scraped metrics to the WAL.

+

Before setting this field, consult with your remote storage provider +what message version it supports.

+

It requires Prometheus >= v2.54.0.

+ + + + sendExemplars
bool @@ -13002,7 +14045,7 @@ bool (Optional)

Enables sending of exemplars over remote write. Note that -exemplar-storage itself must be enabled using the spec.enableFeature +exemplar-storage itself must be enabled using the spec.enableFeatures option for exemplars to be scraped in the first place.

It requires Prometheus >= v2.27.0.

@@ -13031,6 +14074,7 @@ Duration
+(Optional)

Timeout for requests to the remote write endpoint.

@@ -13190,7 +14234,6 @@ string (Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

@@ -13205,7 +14248,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -13217,9 +14260,8 @@ bool (Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -13235,7 +14277,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -13443,6 +14485,22 @@ Duration +query_offset
+ + +Duration + + + + +(Optional) +

Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past.

+

It requires Prometheus >= v2.53.0. +It is not supported for ThanosRuler.

+ + + + rules
@@ -13569,10 +14627,41 @@ Alertmanager.

+

RuntimeConfig +

+

+(Appears on:PrometheusSpec) +

+
+

RuntimeConfig configures the values for the process behavior.

+
+ + + + + + + + + + + + + +
FieldDescription
+goGC
+ +int32 + +
+(Optional) +

The Go garbage collection target percentage. Lowering this number may increase the CPU usage. +See: https://tip.golang.org/doc/gc-guide#GOGC

+

SafeAuthorization

-(Appears on:AlertmanagerEndpoints, Authorization, Endpoint, HTTPConfig, PodMetricsEndpoint, ProbeSpec, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig) +(Appears on:AlertmanagerEndpoints, Authorization, Endpoint, HTTPConfig, PodMetricsEndpoint, ProbeSpec, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)

SafeAuthorization specifies a subset of the Authorization struct, that is @@ -13618,7 +14707,7 @@ Kubernetes core/v1.SecretKeySelector

SafeTLSConfig

-(Appears on:HTTPConfig, PodMetricsEndpoint, ProbeSpec, TLSConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EmailConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OpenStackSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, EmailConfig, HTTPConfig) +(Appears on:HTTPConfig, OAuth2, PodMetricsEndpoint, ProbeSpec, TLSConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EmailConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OpenStackSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, EmailConfig, HTTPConfig)

SafeTLSConfig specifies safe TLS configuration parameters.

@@ -13694,6 +14783,36 @@ bool

Disable target certificate validation.

+ + +minVersion
+ + +TLSVersion + + + + +(Optional) +

Minimum acceptable TLS version.

+

It requires Prometheus >= v2.35.0.

+ + + + +maxVersion
+ + +TLSVersion + + + + +(Optional) +

Maximum acceptable TLS version.

+

It requires Prometheus >= v2.41.0.

+ +

ScrapeClass @@ -13790,6 +14909,22 @@ Then the Operator adds namespace enforcement relabeling rule, specified in &lsqu

More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs

+ + +attachMetadata
+ + +AttachMetadata + + + + +(Optional) +

AttachMetadata configures additional metadata to the discovered targets. +When the scrape object defines its own configuration, it takes +precedence over the scrape class configuration.

+ +

ScrapeProtocol @@ -13849,6 +14984,26 @@ Kubernetes core/v1.ConfigMapKeySelector +

ServiceDiscoveryRole +(string alias)

+

+(Appears on:CommonPrometheusFields) +

+
+
+ + + + + + + + + + + + +
ValueDescription

"EndpointSlice"

"Endpoints"

ServiceMonitorSpec

@@ -13919,8 +15074,9 @@ associated Kubernetes Pod object onto the ingested metrics.

-(Optional) -

List of endpoints part of this ServiceMonitor.

+

List of endpoints part of this ServiceMonitor. +Defines how to scrape metrics from Kubernetes Endpoints objects. +In most cases, an Endpoints object is backed by a Kubernetes Service object with the same name and labels.

@@ -13933,7 +15089,7 @@ Kubernetes meta/v1.LabelSelector -

Label selector to select the Kubernetes Endpoints objects.

+

Label selector to select the Kubernetes Endpoints objects to scrape metrics from.

@@ -13946,8 +15102,8 @@ NamespaceSelector -

Selector to select which namespaces the Kubernetes Endpoints objects -are discovered from.

+

namespaceSelector defines in which namespace(s) Prometheus should discover the services. +By default, the services are discovered in the same namespace as the ServiceMonitor object but it is possible to select pods across different/all namespaces.

@@ -14034,59 +15190,100 @@ uint64 -keepDroppedTargets
+scrapeClassicHistograms
-uint64 +bool (Optional) -

Per-scrape limit on the number of targets dropped by relabeling -that will be kept in memory. 0 means no limit.

-

It requires Prometheus >= v2.47.0.

+

Whether to scrape a classic histogram that is also exposed as a native histogram. +It requires Prometheus >= v2.45.0.

-attachMetadata
+nativeHistogramBucketLimit
- -AttachMetadata - +uint64 (Optional) -

attachMetadata defines additional metadata which is added to the -discovered targets.

-

It requires Prometheus >= v2.37.0.

+

If there are more than this many buckets in a native histogram, +buckets will be merged to stay within the limit. +It requires Prometheus >= v2.45.0.

-scrapeClass
+nativeHistogramMinBucketFactor
-string +k8s.io/apimachinery/pkg/api/resource.Quantity (Optional) -

The scrape class to apply.

+

If the growth factor of one bucket to the next is smaller than this, +buckets will be merged to increase the factor sufficiently. +It requires Prometheus >= v2.50.0.

-bodySizeLimit
+keepDroppedTargets
- -ByteSize - +uint64 (Optional) -

When defined, bodySizeLimit specifies a job level limit on the size -of uncompressed response body that will be accepted by Prometheus.

+

Per-scrape limit on the number of targets dropped by relabeling +that will be kept in memory. 0 means no limit.

+

It requires Prometheus >= v2.47.0.

+ + + + +attachMetadata
+ + +AttachMetadata + + + + +(Optional) +

attachMetadata defines additional metadata which is added to the +discovered targets.

+

It requires Prometheus >= v2.37.0.

+ + + + +scrapeClass
+ +string + + + +(Optional) +

The scrape class to apply.

+ + + + +bodySizeLimit
+ + +ByteSize + + + + +(Optional) +

When defined, bodySizeLimit specifies a job level limit on the size +of uncompressed response body that will be accepted by Prometheus.

It requires Prometheus >= v2.28.0.

@@ -14409,6 +15606,36 @@ bool +minVersion
+ + +TLSVersion + + + + +(Optional) +

Minimum acceptable TLS version.

+

It requires Prometheus >= v2.35.0.

+ + + + +maxVersion
+ + +TLSVersion + + + + +(Optional) +

Maximum acceptable TLS version.

+

It requires Prometheus >= v2.41.0.

+ + + + caFile
string @@ -14442,10 +15669,34 @@ string +

TLSVersion +(string alias)

+

+(Appears on:SafeTLSConfig) +

+
+
+ + + + + + + + + + + + + + + + +
ValueDescription

"TLS10"

"TLS11"

"TLS12"

"TLS13"

TSDBSpec

-(Appears on:PrometheusSpec) +(Appears on:CommonPrometheusFields)

@@ -14467,13 +15718,14 @@ Duration
+(Optional)

Configures how old an out-of-order/out-of-bounds sample can be with respect to the TSDB max time.

An out-of-order/out-of-bounds sample is ingested into the TSDB as long as the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow).

This is an experimental feature, it may change in any upcoming release in a breaking way.

-

It requires Prometheus >= v2.39.0.

+

It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.

@@ -14668,6 +15920,34 @@ This defaults to the default PodSecurityContext.

+dnsPolicy
+ + +DNSPolicy + + + + +(Optional) +

Defines the DNS policy for the pods.

+ + + + +dnsConfig
+ + +PodDNSConfig + + + + +(Optional) +

Defines the DNS configuration for the pods.

+ + + + priorityClassName
string @@ -15284,7 +16564,7 @@ int32 (Optional) -

The current state of the Alertmanager object.

+

The current state of the ThanosRuler object.

@@ -16083,20 +17363,20 @@ domain and subdomains over HTTPS. -keySecret
+cert
- -Kubernetes core/v1.SecretKeySelector + +SecretOrConfigMap -

Secret containing the TLS key for the server.

+

Contains the TLS certificate for the server.

-cert
+client_ca
SecretOrConfigMap @@ -16104,33 +17384,33 @@ SecretOrConfigMap -

Contains the TLS certificate for the server.

+

Contains the CA certificate for client certificate authentication to the server.

-clientAuthType
+keySecret
-string +
+Kubernetes core/v1.SecretKeySelector + -

Server policy for client authentication. Maps to ClientAuth Policies. -For more detail on clientAuth options: -https://golang.org/pkg/crypto/tls/#ClientAuthType

+

Secret containing the TLS key for the server.

-client_ca
+clientAuthType
- -SecretOrConfigMap - +string -

Contains the CA certificate for client certificate authentication to the server.

+

Server policy for client authentication. Maps to ClientAuth Policies. +For more detail on clientAuth options: +https://golang.org/pkg/crypto/tls/#ClientAuthType

@@ -16195,6 +17475,42 @@ order. Available curves are documented in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID

+ + +keyFile
+ +string + + + +

Path to the TLS key file in the Prometheus container for the server. +Mutually exclusive with keySecret.

+ + + + +certFile
+ +string + + + +

Path to the TLS certificate file in the Prometheus container for the server. +Mutually exclusive with cert.

+ + + + +clientCAFile
+ +string + + + +

Path to the CA certificate file for client certificate authentication to the server. +Mutually exclusive with client_ca.

+ +
@@ -16332,7 +17648,8 @@ the resource’s namespace.

PrometheusAgent

-

PrometheusAgent defines a Prometheus agent deployment.

+

The PrometheusAgent custom resource definition (CRD) defines a desired Prometheus Agent setup to run in a Kubernetes cluster.

+

The CRD is very similar to the Prometheus CRD except for features which aren’t available in agent mode like rule evaluation, persistent storage and Thanos sidecar.

@@ -16816,6 +18133,22 @@ For more information see +[]RemoteWriteMessageVersion + + + + + + + + + + + + + + + + + + + @@ -17727,6 +19104,38 @@ PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.

in a breaking way.

+ + + + + + + +
+(Optional) +

List of the protobuf message versions to accept when receiving the +remote writes.

+

It requires Prometheus >= v2.54.0.

+
enableFeatures
@@ -17070,6 +18403,21 @@ Kubernetes core/v1.Affinity
+otlp
+ + +OTLPConfig + + +
+(Optional) +

Settings related to the OTLP receiver feature. +It requires Prometheus >= v2.55.0.

+
securityContext
@@ -17085,6 +18433,34 @@ This defaults to the default PodSecurityContext.

+dnsPolicy
+ + +DNSPolicy + + +
+(Optional) +

Defines the DNS policy for the pods.

+
+dnsConfig
+ + +PodDNSConfig + + +
+(Optional) +

Defines the DNS configuration for the pods.

+
listenLocal
bool @@ -17543,7 +18919,8 @@ bool

Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/).

When hostNetwork is enabled, this will set the DNS policy to -ClusterFirstWithHostNet automatically.

+ClusterFirstWithHostNet automatically (unless .spec.DNSPolicy is set +to a different value).

+serviceDiscoveryRole
+ + +ServiceDiscoveryRole + + +
+(Optional) +

Defines the service discovery role used to discover targets from +ServiceMonitor objects and Alertmanager endpoints.

+

If set, the value should be either “Endpoints” or “EndpointSlice”. +If unset, the operator assumes the “Endpoints” role.

+
+tsdb
+ + +TSDBSpec + + +
+(Optional) +

Defines the runtime reloadable configuration of the timeseries database(TSDB). +It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.

+
@@ -18046,7 +19455,7 @@ operator to prevent duplicate job names, which Prometheus does not allow. Instea -NomadSDConfigs
+nomadSDConfigs
[]NomadSDConfig @@ -18116,6 +19525,34 @@ operator to prevent duplicate job names, which Prometheus does not allow. Instea +scalewaySDConfigs
+ +
+[]ScalewaySDConfig + + + + +(Optional) +

ScalewaySDConfigs defines a list of Scaleway instances and baremetal service discovery configurations.

+ + + + +ionosSDConfigs
+ + +[]IonosSDConfig + + + + +(Optional) +

IonosSDConfigs defines a list of IONOS service discovery configurations.

+ + + + relabelings
@@ -18296,7 +19733,21 @@ SafeAuthorization -tlsConfig
+oauth2
+ +
+OAuth2 + + + + +(Optional) +

OAuth2 configuration to use on every scrape request.

+ + + + +tlsConfig
SafeTLSConfig @@ -18373,6 +19824,47 @@ Only valid in Prometheus versions 2.27.0 and newer.

+scrapeClassicHistograms
+ +bool + + + +(Optional) +

Whether to scrape a classic histogram that is also exposed as a native histogram. +It requires Prometheus >= v2.45.0.

+ + + + +nativeHistogramBucketLimit
+ +uint64 + + + +(Optional) +

If there are more than this many buckets in a native histogram, +buckets will be merged to stay within the limit. +It requires Prometheus >= v2.45.0.

+ + + + +nativeHistogramMinBucketFactor
+ +k8s.io/apimachinery/pkg/api/resource.Quantity + + + +(Optional) +

If the growth factor of one bucket to the next is smaller than this, +buckets will be merged to increase the factor sufficiently. +It requires Prometheus >= v2.50.0.

+ + + + keepDroppedTargets
uint64 @@ -18409,7 +19901,6 @@ string (Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

@@ -18424,7 +19915,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -18436,9 +19927,8 @@ bool (Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -18454,7 +19944,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -18480,9 +19970,12 @@ string (Appears on:
AlertmanagerConfig)

-

AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. -By definition, the Alertmanager configuration only applies to alerts for which -the namespace label is equal to the namespace of the AlertmanagerConfig resource.

+

AlertmanagerConfigSpec is a specification of the desired behavior of the +Alertmanager configuration. +By default, the Alertmanager configuration only applies to alerts for which +the namespace label is equal to the namespace of the AlertmanagerConfig +resource (see the .spec.alertmanagerConfigMatcherStrategy field of the +Alertmanager CRD).

@@ -18940,7 +20433,6 @@ string @@ -18955,7 +20447,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -18967,9 +20459,8 @@ bool @@ -18985,7 +20476,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -19030,6 +20521,32 @@ SafeTLSConfig
(Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

(Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+

DNSRecordType +(string alias)

+

+(Appears on:DNSSDConfig) +

+
+
+ + + + + + + + + + + + + + + + + + +
ValueDescription

"A"

"AAAA"

"MX"

"NS"

"SRV"

DNSSDConfig

@@ -19078,21 +20595,24 @@ If not set, Prometheus uses its default value.

type
-string + +DNSRecordType + (Optional)

The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. If not set, Prometheus uses its default value.

-

When set to NS, It requires Prometheus >= 2.49.0.

+

When set to NS, it requires Prometheus >= v2.49.0. +When set to MX, it requires Prometheus >= v2.38.0

port
-int +int32 @@ -19201,7 +20721,6 @@ string (Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

@@ -19216,7 +20735,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -19228,9 +20747,8 @@ bool (Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -19246,7 +20764,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -19399,44 +20917,6 @@ HTTPConfig -

DockerFilter -

-

-(Appears on:DockerSDConfig) -

-
-

DockerFilter is the configuration to limit the discovery process to a subset of available resources.

-
- - - - - - - - - - - - - - - - - -
FieldDescription
-name
- -string - -
-
-values
- -[]string - -
-

DockerSDConfig

@@ -19477,7 +20957,6 @@ string (Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

@@ -19492,7 +20971,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -19504,9 +20983,8 @@ bool (Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -19522,7 +21000,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -19565,10 +21043,24 @@ string +matchFirstNetwork
+ +bool + + + +(Optional) +

Configure whether to match the first network if the container has multiple networks defined. +If unset, Prometheus uses true by default. +It requires Prometheus >= v2.54.1.

+ + + + filters
- -DockerFilter + +Filters @@ -19661,46 +21153,6 @@ bool -

DockerSwarmFilter -

-

-(Appears on:DockerSwarmSDConfig) -

-
-

Filter is the configuration to limit the discovery process to a subset of available resources.

-
- - - - - - - - - - - - - - - - - -
FieldDescription
-name
- -string - -
-

Name is the key of the field to check against.

-
-values
- -[]string - -
-

Values is the value or set of values to check for a match.

-

DockerSwarmSDConfig

@@ -19757,8 +21209,8 @@ tasks and services that don’t have published ports.

filters
- -[]DockerSwarmFilter + +Filters @@ -19839,7 +21291,6 @@ string (Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

@@ -19854,7 +21305,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -19866,9 +21317,8 @@ bool (Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -19884,7 +21334,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -19927,44 +21377,6 @@ bool -

EC2Filter -

-

-(Appears on:EC2SDConfig) -

-
-

EC2Filter is the configuration for filtering EC2 instances.

-
- - - - - - - - - - - - - - - - - -
FieldDescription
-name
- -string - -
-
-values
- -[]string - -
-

EC2SDConfig

@@ -19975,6 +21387,8 @@ string The private IP address is used by default, but may be changed to the public IP address with relabeling. The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config

+

The EC2 service discovery requires AWS API keys or role ARN for authentication. +BasicAuth, Authorization and OAuth2 fields are not present on purpose.

@@ -19993,7 +21407,7 @@ string @@ -20038,37 +21452,37 @@ string @@ -20077,80 +21491,178 @@ instead be specified in the relabeling rule.

Filters can be used optionally to filter the instance list by other criteria. Available filter criteria can be found here: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html -Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html

+Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html +It requires Prometheus >= v2.3.0

- -
(Optional) -

The AWS region

+

The AWS region.

-refreshInterval
+port
- -Duration - +int32
(Optional) -

RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.

+

The port to scrape metrics from. If using the public IP address, this must +instead be specified in the relabeling rule.

-port
+refreshInterval
-int + +Duration +
(Optional) -

The port to scrape metrics from. If using the public IP address, this must -instead be specified in the relabeling rule.

+

RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.

filters
- -[]EC2Filter + +Filters
-

EmailConfig -

-

-(Appears on:Receiver) -

-
-

EmailConfig configures notifications via Email.

-
- - - - - - - - + + + + + + + + + + + +
FieldDescription
-sendResolved
+proxyUrl
-bool +string
(Optional) -

Whether or not to notify about resolved alerts.

+

proxyURL defines the HTTP proxy server to use.

-to
+noProxy
string
(Optional) -

The email address to send notifications to.

+

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names +that should be excluded from proxying. IP and domain names can +contain port numbers.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

-from
+proxyFromEnvironment
-string +bool
(Optional) -

The sender address.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

-hello
+proxyConnectHeader
-string + +map[string][]k8s.io/api/core/v1.SecretKeySelector +
(Optional) -

The hostname to identify to the SMTP server.

+

ProxyConnectHeader optionally specifies headers to send to +proxies during CONNECT requests.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

-smarthost
+tlsConfig
-string + +SafeTLSConfig + + +
+(Optional) +

TLS configuration to connect to the AWS EC2 API. +It requires Prometheus >= v2.41.0

+
+followRedirects
+ +bool + +
+(Optional) +

Configure whether HTTP requests follow HTTP 3xx redirects. +It requires Prometheus >= v2.41.0

+
+enableHTTP2
+ +bool + +
+(Optional) +

Whether to enable HTTP2. +It requires Prometheus >= v2.41.0

+
+

EmailConfig +

+

+(Appears on:Receiver) +

+
+

EmailConfig configures notifications via Email.

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + @@ -20390,7 +21901,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -20402,9 +21913,8 @@ bool @@ -20420,7 +21930,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -20512,6 +22022,50 @@ Duration
FieldDescription
+sendResolved
+ +bool + +
+(Optional) +

Whether or not to notify about resolved alerts.

+
+to
+ +string + +
+(Optional) +

The email address to send notifications to.

+
+from
+ +string + +
+(Optional) +

The sender address.

+
+hello
+ +string + +
+(Optional) +

The hostname to identify to the SMTP server.

+
+smarthost
+ +string
@@ -20375,7 +21887,6 @@ string (Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

(Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+

Filter +

+
+

Filter name and value pairs to limit the discovery process to a subset of available resources.

+
+ + + + + + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +
+

Name of the Filter.

+
+values
+ +[]string + +
+

Value to filter on.

+
+

Filters +([]github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1.Filter alias)

+

+(Appears on:DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig) +

+
+

GCESDConfig

@@ -20717,6 +22271,63 @@ string (Optional)

Optional proxy URL.

+

If defined, this field takes precedence over proxyUrl.

+ + + + +proxyUrl
+ +string + + + +(Optional) +

proxyURL defines the HTTP proxy server to use.

+ + + + +noProxy
+ +string + + + +(Optional) +

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names +that should be excluded from proxying. IP and domain names can +contain port numbers.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+ + + + +proxyFromEnvironment
+ +bool + + + +(Optional) +

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+ + + + +proxyConnectHeader
+ + +map[string][]k8s.io/api/core/v1.SecretKeySelector + + + + +(Optional) +

ProxyConnectHeader optionally specifies headers to send to +proxies during CONNECT requests.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -20788,7 +22399,8 @@ BasicAuth (Optional)

BasicAuth information to authenticate against the target HTTP endpoint. -More info: https://prometheus.io/docs/operating/configuration/#endpoints

+More info: https://prometheus.io/docs/operating/configuration/#endpoints +Cannot be set at the same time as authorization, or oAuth2.

@@ -20802,21 +22414,23 @@ SafeAuthorization (Optional) -

Authorization header configuration to authenticate against the target HTTP endpoint.

+

Authorization header configuration to authenticate against the target HTTP endpoint. +Cannot be set at the same time as oAuth2, or basicAuth.

-tlsConfig
+oauth2
- -SafeTLSConfig + +OAuth2 (Optional) -

TLS configuration applying to the target HTTP endpoint.

+

Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. +Cannot be set at the same time as authorization, or basicAuth.

@@ -20829,7 +22443,6 @@ string (Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

@@ -20844,7 +22457,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -20856,9 +22469,8 @@ bool (Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -20874,7 +22486,45 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+ + + + +tlsConfig
+ + +SafeTLSConfig + + + + +(Optional) +

TLS configuration applying to the target HTTP endpoint.

+ + + + +followRedirects
+ +bool + + + +(Optional) +

Configure whether HTTP requests follow HTTP 3xx redirects.

+ + + + +enableHTTP2
+ +bool + + + +(Optional) +

Whether to enable HTTP2.

@@ -20963,7 +22613,6 @@ string (Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

@@ -20978,7 +22627,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -20990,9 +22639,8 @@ bool (Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -21008,7 +22656,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -21138,13 +22786,14 @@ the inhibition to take effect.

-

K8SSelectorConfig +

IonosSDConfig

-(Appears on:KubernetesSDConfig) +(Appears on:ScrapeConfigSpec)

-

K8SSelectorConfig is Kubernetes Selector Config

+

IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. +See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config

@@ -21156,25 +22805,192 @@ the inhibition to take effect.

+(Optional) +

Port to scrape the metrics from.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
-role
+datacenterID
- -Role - +string
+

The unique ID of the IONOS data center.

-label
+port
-string +int32
-
+refreshInterval
+ + +Duration + + +
+(Optional) +

Refresh interval to re-read the list of resources.

+
+authorization
+ + +SafeAuthorization + + +
+

Authorization` header configuration, required when using IONOS.

+
+proxyUrl
+ +string + +
+(Optional) +

proxyURL defines the HTTP proxy server to use.

+
+noProxy
+ +string + +
+(Optional) +

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names +that should be excluded from proxying. IP and domain names can +contain port numbers.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+
+proxyFromEnvironment
+ +bool + +
+(Optional) +

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+
+proxyConnectHeader
+ + +map[string][]k8s.io/api/core/v1.SecretKeySelector + + +
+(Optional) +

ProxyConnectHeader optionally specifies headers to send to +proxies during CONNECT requests.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+
+tlsConfig
+ + +SafeTLSConfig + + +
+(Optional) +

TLS configuration to use when connecting to the IONOS API.

+
+followRedirects
+ +bool + +
+(Optional) +

Configure whether the HTTP requests should follow HTTP 3xx redirects.

+
+enableHTTP2
+ +bool + +
+(Optional) +

Configure whether to enable HTTP2.

+
+

K8SSelectorConfig +

+

+(Appears on:KubernetesSDConfig) +

+
+

K8SSelectorConfig is Kubernetes Selector Config

+
+ + + + + + + + + + + + + + + @@ -21228,6 +23047,34 @@ string
FieldDescription
+role
+ + +KubernetesRole + + +
+

Role specifies the type of Kubernetes resource to limit the service discovery to. +Accepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress.

+
+label
+ +string + +
+(Optional) +

An optional label selector to limit the service discovery to resources with specific labels and label values. +e.g: node.kubernetes.io/instance-type=master

+
@@ -21184,6 +23000,9 @@ string +(Optional) +

An optional field selector to limit the service discovery to resources which have fields with specific values. +e.g: metadata.name=foobar

+

KubernetesRole +(string alias)

+

+(Appears on:K8SSelectorConfig, KubernetesSDConfig) +

+
+
+ + + + + + + + + + + + + + + + + + + + +
ValueDescription

"Endpoints"

"EndpointSlice"

"Ingress"

"Node"

"Pod"

"Service"

KubernetesSDConfig

@@ -21265,13 +23112,59 @@ CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceac role
- -Role + +KubernetesRole + + + + +

Role of the Kubernetes entities that should be discovered. +Role Endpointslice requires Prometheus >= v2.21.0

+ + + + +namespaces
+ + +NamespaceDiscovery + + + + +(Optional) +

Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces.

+ + + + +attachMetadata
+ + +AttachMetadata + + + + +(Optional) +

Optional metadata to attach to discovered targets. +It requires Prometheus >= v2.35.0 when using the Pod role and +Prometheus >= v2.37.0 for Endpoints and Endpointslice roles.

+ + + + +selectors
+ + +[]K8SSelectorConfig -

Role of the Kubernetes entities that should be discovered.

+(Optional) +

Selector to select objects. +It requires Prometheus >= v2.17.0

@@ -21329,7 +23222,6 @@ string (Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

@@ -21344,7 +23236,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -21356,9 +23248,8 @@ bool (Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -21374,7 +23265,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -21412,88 +23303,44 @@ SafeTLSConfig (Optional) -

TLS configuration to use on every scrape request.

+

TLS configuration to connect to the Kubernetes API.

+ + +

KumaSDConfig +

+

+(Appears on:ScrapeConfigSpec) +

+
+

KumaSDConfig allow retrieving scrape targets from Kuma’s control plane. +See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config

+
+ + + + + + + + - - - - - - - -
FieldDescription
-namespaces
+server
- -NamespaceDiscovery - +string
-(Optional) -

Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces.

+

Address of the Kuma Control Plane’s MADS xDS server.

-attachMetadata
+clientID
- -AttachMetadata - - -
-(Optional) -

Optional metadata to attach to discovered targets. -It requires Prometheus >= v2.35.0 for pod role and -Prometheus >= v2.37.0 for endpoints and endpointslice roles.

-
-selectors
- - -[]K8SSelectorConfig - - -
-(Optional) -

Selector to select objects.

-
-

KumaSDConfig -

-

-(Appears on:ScrapeConfigSpec) -

-
-

KumaSDConfig allow retrieving scrape targets from Kuma’s control plane. -See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config

-
- - - - - - - - - - - - - - @@ -21554,7 +23400,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -21566,9 +23412,8 @@ bool @@ -21584,7 +23429,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -21833,7 +23678,6 @@ string @@ -21848,7 +23692,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -21860,9 +23704,8 @@ bool @@ -21878,7 +23721,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -22027,7 +23870,6 @@ string @@ -22042,7 +23884,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -22054,9 +23896,8 @@ bool @@ -22072,7 +23913,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -22419,7 +24260,7 @@ bool @@ -22590,7 +24431,6 @@ string @@ -22605,7 +24445,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -22617,9 +24457,8 @@ bool @@ -22635,7 +24474,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -24118,6 +25957,22 @@ For more information see +[]RemoteWriteMessageVersion + + + + + + + + + + + + + + + + + + + @@ -25029,6 +26928,38 @@ PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.

in a breaking way.

+ + + + + + + +
FieldDescription
-server
- -string - -
-

Address of the Kuma Control Plane’s MADS xDS server.

-
-clientID
- -string +string
@@ -21539,7 +23386,6 @@ string (Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

(Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

(Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

(Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

(Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

(Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

(Optional) -

Includes the namespace in which the Prometheus pod exists to the list of watched namesapces.

+

Includes the namespace in which the Prometheus pod runs to the list of watched namespaces.

(Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

(Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+(Optional) +

List of the protobuf message versions to accept when receiving the +remote writes.

+

It requires Prometheus >= v2.54.0.

+
enableFeatures
@@ -24372,6 +26227,21 @@ Kubernetes core/v1.Affinity
+otlp
+ + +OTLPConfig + + +
+(Optional) +

Settings related to the OTLP receiver feature. +It requires Prometheus >= v2.55.0.

+
securityContext
@@ -24387,6 +26257,34 @@ This defaults to the default PodSecurityContext.

+dnsPolicy
+ + +DNSPolicy + + +
+(Optional) +

Defines the DNS policy for the pods.

+
+dnsConfig
+ + +PodDNSConfig + + +
+(Optional) +

Defines the DNS configuration for the pods.

+
listenLocal
bool @@ -24845,7 +26743,8 @@ bool

Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/).

When hostNetwork is enabled, this will set the DNS policy to -ClusterFirstWithHostNet automatically.

+ClusterFirstWithHostNet automatically (unless .spec.DNSPolicy is set +to a different value).

+serviceDiscoveryRole
+ + +ServiceDiscoveryRole + + +
+(Optional) +

Defines the service discovery role used to discover targets from +ServiceMonitor objects and Alertmanager endpoints.

+

If set, the value should be either “Endpoints” or “EndpointSlice”. +If unset, the operator assumes the “Endpoints” role.

+
+tsdb
+ + +TSDBSpec + + +
+(Optional) +

Defines the runtime reloadable configuration of the timeseries database(TSDB). +It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.

+

PuppetDBSDConfig @@ -25165,7 +27096,6 @@ string (Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

@@ -25180,7 +27110,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -25192,9 +27122,8 @@ bool (Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -25210,7 +27139,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -25696,14 +27625,6 @@ It requires Alertmanager >= 0.26.0.

-

Role -(string alias)

-

-(Appears on:K8SSelectorConfig, KubernetesSDConfig) -

-
-

Role is role of the service in Kubernetes.

-

Route

@@ -25799,224 +27720,481 @@ Example: “4h”

-(Optional) -

List of matchers that the alert’s labels should match. For the first -level route, the operator removes any existing equality and regexp -matcher on the namespace label and adds a namespace: <object -namespace> matcher.

+(Optional) +

List of matchers that the alert’s labels should match. For the first +level route, the operator removes any existing equality and regexp +matcher on the namespace label and adds a namespace: <object +namespace> matcher.

+ + + + +continue
+ +bool + + + +(Optional) +

Boolean indicating whether an alert should continue matching subsequent +sibling nodes. It will always be overridden to true for the first-level +route by the Prometheus operator.

+ + + + +routes
+ + +[]k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON + + + + +

Child routes.

+ + + + +muteTimeIntervals
+ +[]string + + + +(Optional) +

Note: this comment applies to the field definition above but appears +below otherwise it gets included in the generated manifest. +CRD schema doesn’t support self-referential types for now (see +https://github.com/kubernetes/kubernetes/issues/62872). We have to use +an alternative type to circumvent the limitation. The downside is that +the Kube API can’t validate the data beyond the fact that it is a valid +JSON representation. +MuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched,

+ + + + +activeTimeIntervals
+ +[]string + + + +(Optional) +

ActiveTimeIntervals is a list of MuteTimeInterval names when this route should be active.

+ + + + +

SDFile +(string alias)

+

+(Appears on:FileSDConfig) +

+
+

SDFile represents a file used for service discovery

+
+

SNSConfig +

+

+(Appears on:Receiver) +

+
+

SNSConfig configures notifications via AWS SNS. +See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+sendResolved
+ +bool + +
+(Optional) +

Whether or not to notify about resolved alerts.

+
+apiURL
+ +string + +
+(Optional) +

The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. +If not specified, the SNS API URL from the SNS SDK will be used.

+
+sigv4
+ + +Sigv4 + + +
+(Optional) +

Configures AWS’s Signature Verification 4 signing process to sign requests.

+
+topicARN
+ +string + +
+(Optional) +

SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic +If you don’t specify this value, you must specify a value for the PhoneNumber or TargetARN.

+
+subject
+ +string + +
+(Optional) +

Subject line when the message is delivered to email endpoints.

+
+phoneNumber
+ +string + +
+(Optional) +

Phone number if message is delivered via SMS in E.164 format. +If you don’t specify this value, you must specify a value for the TopicARN or TargetARN.

+
+targetARN
+ +string + +
+(Optional) +

The mobile platform endpoint ARN if message is delivered via mobile notifications. +If you don’t specify this value, you must specify a value for the topic_arn or PhoneNumber.

+
+message
+ +string + +
+(Optional) +

The message content of the SNS notification.

+
+attributes
+ +map[string]string + +
+(Optional) +

SNS message attributes.

+
+httpConfig
+ + +HTTPConfig + + +
+(Optional) +

HTTP client configuration.

+
+

ScalewayRole +(string alias)

+

+(Appears on:ScalewaySDConfig) +

+
+

Role of the targets to retrieve. Must be Instance or Baremetal.

+
+ + + + + + + + + + + + +
ValueDescription

"Baremetal"

"Instance"

+

ScalewaySDConfig +

+

+(Appears on:ScrapeConfigSpec) +

+
+

ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services. +See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config +TODO: Need to document that we will not be supporting the _file fields.

+
+ + + + + + + + + + + + + + + - -
FieldDescription
+accessKey
+ +string + +
+

Access key to use. https://console.scaleway.com/project/credentials

+
+secretKey
+ + +Kubernetes core/v1.SecretKeySelector + + +
+

Secret key to use when listing targets.

-continue
+projectID
-bool +string
-(Optional) -

Boolean indicating whether an alert should continue matching subsequent -sibling nodes. It will always be overridden to true for the first-level -route by the Prometheus operator.

+

Project ID of the targets.

-routes
+role
- -[]k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON + +ScalewayRole
-

Child routes.

+

Service of the targets to retrieve. Must be Instance or Baremetal.

-muteTimeIntervals
+port
-[]string +int32
(Optional) -

Note: this comment applies to the field definition above but appears -below otherwise it gets included in the generated manifest. -CRD schema doesn’t support self-referential types for now (see -https://github.com/kubernetes/kubernetes/issues/62872). We have to use -an alternative type to circumvent the limitation. The downside is that -the Kube API can’t validate the data beyond the fact that it is a valid -JSON representation. -MuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched,

+

The port to scrape metrics from.

-activeTimeIntervals
+apiURL
-[]string +string
(Optional) -

ActiveTimeIntervals is a list of MuteTimeInterval names when this route should be active.

+

API URL to use when doing the server listing requests.

-

SDFile -(string alias)

-

-(Appears on:FileSDConfig) -

-
-

SDFile represents a file used for service discovery

-
-

SNSConfig -

-

-(Appears on:Receiver) -

-
-

SNSConfig configures notifications via AWS SNS. -See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs

-
- - - - + + - - @@ -26278,7 +28456,7 @@ operator to prevent duplicate job names, which Prometheus does not allow. Instea + + + + + + + + + + + + + + + + + + + + + + + + @@ -26656,7 +28916,7 @@ string

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -26668,9 +28928,8 @@ bool @@ -26686,7 +28945,7 @@ map[string][]k8s.io/api/core/v1.SecretKeySelector (Optional)

ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

-

It requires Prometheus >= v2.43.0.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -27222,7 +29481,6 @@ See labels
-map[github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.LabelName]string +map[string]string
FieldDescription +zone
+ +string + +
+(Optional) +

Zone is the availability zone of your targets (e.g. fr-par-1).

+
-sendResolved
+nameFilter
-bool +string
(Optional) -

Whether or not to notify about resolved alerts.

+

NameFilter specify a name filter (works as a LIKE) to apply on the server listing request.

-apiURL
+tagsFilter
-string +[]string
(Optional) -

The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. -If not specified, the SNS API URL from the SNS SDK will be used.

+

TagsFilter specify a tag filter (a server needs to have all defined tags to be listed) to apply on the server listing request.

-sigv4
+refreshInterval
- -Sigv4 + +Duration
(Optional) -

Configures AWS’s Signature Verification 4 signing process to sign requests.

+

Refresh interval to re-read the list of instances.

-topicARN
+proxyUrl
string
(Optional) -

SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic -If you don’t specify this value, you must specify a value for the PhoneNumber or TargetARN.

+

proxyURL defines the HTTP proxy server to use.

-subject
+noProxy
string
(Optional) -

Subject line when the message is delivered to email endpoints.

+

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names +that should be excluded from proxying. IP and domain names can +contain port numbers.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

-phoneNumber
+proxyFromEnvironment
-string +bool
(Optional) -

Phone number if message is delivered via SMS in E.164 format. -If you don’t specify this value, you must specify a value for the TopicARN or TargetARN.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

-targetARN
+proxyConnectHeader
-string + +map[string][]k8s.io/api/core/v1.SecretKeySelector +
(Optional) -

The mobile platform endpoint ARN if message is delivered via mobile notifications. -If you don’t specify this value, you must specify a value for the topic_arn or PhoneNumber.

+

ProxyConnectHeader optionally specifies headers to send to +proxies during CONNECT requests.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

-message
+followRedirects
-string +bool
(Optional) -

The message content of the SNS notification.

+

Configure whether HTTP requests follow HTTP 3xx redirects.

-attributes
+enableHTTP2
-map[string]string +bool
(Optional) -

SNS message attributes.

+

Whether to enable HTTP2.

-httpConfig
+tlsConfig
- -HTTPConfig + +SafeTLSConfig
(Optional) -

HTTP client configuration.

+

TLS configuration to use on every scrape request

-NomadSDConfigs
+nomadSDConfigs
[]NomadSDConfig @@ -26348,6 +28526,34 @@ operator to prevent duplicate job names, which Prometheus does not allow. Instea
+scalewaySDConfigs
+ + +[]ScalewaySDConfig + + +
+(Optional) +

ScalewaySDConfigs defines a list of Scaleway instances and baremetal service discovery configurations.

+
+ionosSDConfigs
+ + +[]IonosSDConfig + + +
+(Optional) +

IonosSDConfigs defines a list of IONOS service discovery configurations.

+
relabelings
@@ -26528,6 +28734,20 @@ SafeAuthorization
+oauth2
+ + +OAuth2 + + +
+(Optional) +

OAuth2 configuration to use on every scrape request.

+
tlsConfig
@@ -26605,6 +28825,47 @@ Only valid in Prometheus versions 2.27.0 and newer.

+scrapeClassicHistograms
+ +bool + +
+(Optional) +

Whether to scrape a classic histogram that is also exposed as a native histogram. +It requires Prometheus >= v2.45.0.

+
+nativeHistogramBucketLimit
+ +uint64 + +
+(Optional) +

If there are more than this many buckets in a native histogram, +buckets will be merged to stay within the limit. +It requires Prometheus >= v2.45.0.

+
+nativeHistogramMinBucketFactor
+ +k8s.io/apimachinery/pkg/api/resource.Quantity + +
+(Optional) +

If the growth factor of one bucket to the next is smaller than this, +buckets will be merged to increase the factor sufficiently. +It requires Prometheus >= v2.50.0.

+
keepDroppedTargets
uint64 @@ -26641,7 +28902,6 @@ string
(Optional)

proxyURL defines the HTTP proxy server to use.

-

It requires Prometheus >= v2.43.0.

(Optional) -

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). -If unset, Prometheus uses its default value.

-

It requires Prometheus >= v2.43.0.

+

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

@@ -27246,7 +29504,8 @@ map[github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.La (Appears on:StaticConfig)

-

Target represents a target for Prometheus to scrape

+

Target represents a target for Prometheus to scrape +kubebuilder:validation:MinLength:=1

TelegramConfig

@@ -28056,8 +30315,8 @@ Resource Types:

AlertmanagerConfig

-

AlertmanagerConfig configures the Prometheus Alertmanager, -specifying how alerts should be grouped, inhibited and notified to external systems.

+

The AlertmanagerConfig custom resource definition (CRD) defines how Alertmanager objects process Prometheus alerts. It allows to specify alert grouping and routing, notification receivers and inhibition rules.

+

Alertmanager objects select AlertmanagerConfig objects using label and namespace selectors.

@@ -28677,6 +30936,63 @@ string + + + + + + + + + + + + + + + + diff --git a/Documentation/compatibility.md b/Documentation/compatibility.md index b69e8d2ff1a..2f494b901db 100644 --- a/Documentation/compatibility.md +++ b/Documentation/compatibility.md @@ -1,10 +1,10 @@ --- -weight: 202 +weight: 103 toc: true title: Compatibility menu: docs: - parent: operator + parent: prologue lead: The Prometheus Operator supports a number of Kubernetes and Prometheus releases. images: [] draft: false @@ -22,7 +22,7 @@ The Prometheus Operator uses the official [Go client](https://github.com/kuberne The current version of the Prometheus operator uses the following Go client version: ```$ mdox-exec="go list -m -f '{{ .Version }}' k8s.io/client-go" -v0.30.2 +v0.31.2 ``` ## Prometheus @@ -71,13 +71,20 @@ Prometheus Operator supports all Prometheus versions >= v2.0.0. The operator's e * v2.51.1 * v2.51.2 * v2.52.0 +* v2.52.1 * v2.53.0 +* v2.53.1 +* v2.54.0 +* v2.54.1 +* v2.55.0 +* v3.0.0-beta.0 +* v3.0.0-beta.1 ``` The end-to-end tests are mostly tested against ```$ mdox-exec="go run ./cmd/po-docgen/. compatibility defaultPrometheusVersion" -* v2.53.0 +* v2.55.0 ``` ## Alertmanager @@ -97,5 +104,5 @@ The Prometheus Operator is compatible with Thanos v0.10 and above. The end-to-end tests are mostly tested against ```$ mdox-exec="go run ./cmd/po-docgen/. compatibility defaultThanosVersion" -* v0.35.1 +* v0.36.1 ``` diff --git a/Documentation/design.md b/Documentation/design.md index 253da64aa19..a4a7f27aaf4 100644 --- a/Documentation/design.md +++ b/Documentation/design.md @@ -1,10 +1,10 @@ --- -weight: 201 +weight: 104 toc: true title: Design menu: docs: - parent: operator + parent: prologue images: [] draft: false description: This document describes the design and interaction between the custom resource definitions that the Prometheus Operator manages. @@ -17,140 +17,70 @@ The custom resources managed by the Prometheus Operator are: * [Prometheus](#prometheus) * [Alertmanager](#alertmanager) * [ThanosRuler](#thanosruler) +* [PrometheusAgent](#prometheus-agent) * [ServiceMonitor](#servicemonitor) * [PodMonitor](#podmonitor) * [Probe](#probe) -* [PrometheusRule](#prometheusrule) +* [ScrapeConfig](#scrapeconfig) * [AlertmanagerConfig](#alertmanagerconfig) -* [PrometheusAgent](#prometheusagent) - -## Prometheus - -The `Prometheus` custom resource definition (CRD) declaratively defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It provides options to configure the number of replicas, persistent storage, and Alertmanagers to which the deployed Prometheus instances send alerts to. - -For each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace (the number of statefulsets is equal to the number of shards but by default it is 1). - -The CRD defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor` and `Probe` objects should be associated to the deployed Prometheus instances. The CRD also defines which `PrometheusRules` objects should be reconciled. The operator continuously reconciles the custom resources and generates one or several `Secret` objects holding the Prometheus configuration. A `config-reloader` container running as a sidecar in the Prometheus pod detects any change to the configuration and reloads Prometheus if needed. - -## Alertmanager - -The `Alertmanager` custom resource definition (CRD) declaratively defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It provides options to configure the number of replicas and persistent storage. - -For each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. The Alertmanager pods are configured to mount a `Secret` called `alertmanager-` which holds the Alertmanager configuration under the key `alertmanager.yaml`. - -When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode. - -## ThanosRuler - -The `ThanosRuler` custom resource definition (CRD) declaratively defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster. With Thanos Ruler recording and alerting rules can be processed across multiple Prometheus instances. - -A `ThanosRuler` instance requires at least one query endpoint which points to the location of Thanos Queriers or Prometheus instances. - -Further information can also be found in the [Thanos section]({{< ref "thanos.md" >}}). +* [PrometheusRule](#prometheusrule) -## ServiceMonitor +For a better understanding of all these custom resources, let us classify them into two major groups: -The `ServiceMonitor` custom resource definition (CRD) allows to declaratively define how a dynamic set of services should be monitored. Which services are selected to be monitored with the desired configuration is defined using label selections. This allows an organization to introduce conventions around how metrics are exposed, and then following these conventions new services are automatically discovered, without the need to reconfigure the system. +### Instance-Based Resources -For Prometheus to monitor any application within Kubernetes an `Endpoints` object needs to exist. `Endpoints` objects are essentially lists of IP addresses. Typically an `Endpoints` object is populated by a `Service` object. A `Service` object discovers `Pod`s by a label selector and adds those to the `Endpoints` object. +![Instances based resources](img/instance-based-resources.png) -A `Service` may expose one or more service ports, which are backed by a list of multiple endpoints that point to a `Pod` in the common case. This is reflected in the respective `Endpoints` object as well. +Instance-based resources are used to manage the deployment and lifecycle of different components in the Prometheus ecosystem, as shown in the above figure. Let us look into the features of each of these custom resources: -The `ServiceMonitor` object introduced by the Prometheus Operator in turn discovers those `Endpoints` objects and configures Prometheus to monitor those `Pod`s. +#### Prometheus -The `endpoints` section of the `ServiceMonitorSpec`, is used to configure which ports of these `Endpoints` are going to be scraped for metrics, and with which parameters. For advanced use cases one may want to monitor ports of backing `Pod`s, which are not directly part of the service endpoints. Therefore when specifying an endpoint in the `endpoints` section, they are strictly used. +The `Prometheus` CRD sets up a [Prometheus](https://prometheus.io/docs/prometheus) instance in a Kubernetes cluster. It allows configuration of replicas, persistent storage, and Alertmanagers for sending alerts. For each Prometheus resource, the Operator deploys `StatefulSet` objects (one per shard, default is 1) in the same namespace. -> Note: `endpoints` (lowercase) is the field in the `ServiceMonitor` CRD, while `Endpoints` (capitalized) is the Kubernetes object kind. +#### Alertmanager -Both `ServiceMonitors` as well as discovered targets may come from any namespace. This is important to allow cross-namespace monitoring use cases, e.g. for meta-monitoring. Using the `ServiceMonitorNamespaceSelector` of the `PrometheusSpec`, one can restrict the namespaces `ServiceMonitor`s are selected from by the respective Prometheus server. Using the `namespaceSelector` of the `ServiceMonitorSpec`, one can restrict the namespaces the `Endpoints` objects are allowed to be discovered from. +The `Alertmanager` CRD sets up a [Alertmanager](https://prometheus.io/docs/alerting) instance in a Kubernetes cluster. It provides options to configure the number of replicas and persistent storage. For each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. For multiple replicas, the operator runs the Alertmanager instances in high availability mode. -One can discover targets in all namespaces like this: +#### ThanosRuler -```yaml -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: example-app -spec: - selector: - matchLabels: - app: example-app - endpoints: - - port: web - namespaceSelector: - any: true -``` +The `ThanosRuler` CRD sets up a [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) instance in a Kubernetes cluster. It enables the processing of recording and alerting rules across multiple Prometheus instances. A `ThanosRuler` instance needs at least one `query endpoint` that connects to Thanos Queriers or Prometheus instances. More details can be found in the [Thanos section]({{}}). -## PodMonitor +#### Prometheus Agent -The `PodMonitor` custom resource definition (CRD) allows to declaratively define how a dynamic set of pods should be monitored. -Which pods are selected to be monitored with the desired configuration is defined using label selections. -This allows an organization to introduce conventions around how metrics are exposed, and then following these conventions new pods are automatically discovered, without the need to reconfigure the system. +The `Prometheus Agent` CRD sets up a [Prometheus Agent](https://prometheus.io/blog/2021/11/16/agent/) instance in a Kubernetes cluster. While similar to the `Prometheus` CR, the `Prometheus Agent` has several configuration options redacted, including alerting, PrometheusRules selectors, remote-read, storage, and Thanos sidecars. To understand why Agent support was introduced, read the [proposal here](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/proposals/202201-prometheus-agent.md). -A `Pod` is a collection of one or more containers which can expose Prometheus metrics on a number of ports. +### Config-Based Resources -The `PodMonitor` object introduced by the Prometheus Operator discovers these pods and generates the relevant configuration for the Prometheus server in order to monitor them. +Config-based resources focus on managing the monitoring of resources and scraping metrics within a Kubernetes cluster. They define how metrics are collected, processed, and managed, rather than managing the deployment of the monitoring components themselves. For a clear picture, let us look at the relation of config-based resources with instance based resources. -The `PodMetricsEndpoints` section of the `PodMonitorSpec`, is used to configure which ports of a pod are going to be scraped for metrics, and with which parameters. +![Config based resources](img/config-based-resources.png) -Both `PodMonitors` as well as discovered targets may come from any namespace. This is important to allow cross-namespace monitoring use cases, e.g. for meta-monitoring. -Using the `namespaceSelector` of the `PodMonitorSpec`, one can restrict the namespaces the `Pods` are allowed to be discovered from. +The `Prometheus` and `PrometheusAgent` CRDs use the `podMonitorSelector`, `serviceMonitorSelector`, `probeSelector`, and `scrapeConfigSelector` fields to determine which `ServiceMonitor`, `PodMonitor`, `Probe`, and `ScrapeConfig` configurations should be included in the `Prometheus` and `PrometheusAgent` instances for scraping. -Once can discover targets in all namespaces like this: +#### ServiceMonitor -```yaml -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: example-app -spec: - selector: - matchLabels: - app: example-app - podMetricsEndpoints: - - port: web - namespaceSelector: - any: true -``` +The `ServiceMonitor` CRD defines how a dynamic set of services should be monitored. A `Service` object discovers pods by a label selector and adds those to the `EndpointSlice` or `Endpoints` object. The `ServiceMonitor` object discovers those `EndpointSlice` or `Endpoints` objects and configures Prometheus to monitor those pods. The services selected to be monitored with the desired configuration are defined using label selections. -## Probe +#### PodMonitor -The `Probe` custom resource definition (CRD) allows to declarative define how groups of ingresses and static targets should be monitored. Besides the target, the `Probe` object requires a `prober` which is the service that monitors the target and provides metrics for Prometheus to scrape. Typically, this is achieved using the [blackbox exporter](https://github.com/prometheus/blackbox_exporter). +The `PodMonitor` CRD defines how a dynamic set of pods should be monitored. The `PodMonitor` object discovers these pods and generates the relevant configuration for the Prometheus server to monitor them. The pods selected to be monitored with the desired configuration is defined using label selections. -## PrometheusRule +#### Probe -The `PrometheusRule` custom resource definition (CRD) declaratively defines desired Prometheus rules to be consumed by Prometheus or Thanos Ruler instances. +The `Probe` CRD defines how groups of ingresses and static targets should be monitored. Besides the target, the `Probe` object requires a `prober` which is the service that monitors the target and provides metrics for Prometheus to scrape. Typically, this is achieved using the [blackbox exporter](https://github.com/prometheus/blackbox_exporter). -Alerts and recording rules are reconciled by the Operator and dynamically loaded without requiring any restart of Prometheus/Thanos Ruler. +#### ScrapeConfig -## AlertmanagerConfig +The `ScrapeConfig` CRD allows you to define how Prometheus should discover and scrape metrics from target services. You can use the `ScrapeConfig` CRD to scrape targets external to the Kubernetes cluster or to create scrape configurations that are not possible with the higher-level `ServiceMonitor`, `Probe`, or `PodMonitor` resources. Both the `Prometheus` and `PrometheusAgent` CRDs have a `scrapeConfigSelector` field, which needs to be set to a list of labels to match ScrapeConfigs. -The `AlertmanagerConfig` custom resource definition (CRD) declaratively specifies subsections of the Alertmanager configuration, allowing routing of alerts to custom receivers, and setting inhibition rules. The `AlertmanagerConfig` can be defined on a namespace level providing an aggregated configuration to Alertmanager. An example on how to use it is provided below. Please be aware that this CRD is not stable yet. +#### AlertmanagerConfig -```yaml mdox-exec="cat example/user-guides/alerting/alertmanager-config-example.yaml" -apiVersion: monitoring.coreos.com/v1alpha1 -kind: AlertmanagerConfig -metadata: - name: config-example - labels: - alertmanagerConfig: example -spec: - route: - groupBy: ['job'] - groupWait: 30s - groupInterval: 5m - repeatInterval: 12h - receiver: 'webhook' - receivers: - - name: 'webhook' - webhookConfigs: - - url: 'http://example.com/' -``` +![AlertmanagerConfig](img/alertmanager-config.png) -## PrometheusAgent +The `AlertmanagerConfig` CRD allows us to configure `Alertmanager` instances in a Kubernetes cluster. It specifies subsections of the Alertmanager configuration, enabling the routing of alerts to custom receivers and the setting of inhibition rules. -The `PrometheusAgent` custom resource definition (CRD) declaratively defines a desired [Prometheus Agent](https://prometheus.io/blog/2021/11/16/agent/) setup to run in a Kubernetes cluster. +#### PrometheusRule -Similar to the binaries of Prometheus Server and Prometheus Agent, the `Prometheus` and `PrometheusAgent` CRs are also similar. Inspired in the Agent binary, the Agent CR has several configuration options redacted when compared with regular Prometheus CR, e.g. alerting, PrometheusRules selectors, remote-read, storage and thanos sidecars. +![Prometheus Rule](img/prometheus-rule.png) -A more extensive read explaining why Agent support was done with a whole new CRD can be seen [here](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/designs/prometheus-agent.md). +The `PrometheusRule` CRD allows the definition of alerting and recording rules to be consumed by Prometheus or Thanos Ruler instances. Alerts and recording rules are reconciled by the Operator and dynamically loaded without requiring a restart of Prometheus or Thanos Ruler. diff --git a/Documentation/high-availability.md b/Documentation/high-availability.md index c82d5b2c580..999f35da30a 100644 --- a/Documentation/high-availability.md +++ b/Documentation/high-availability.md @@ -1,5 +1,5 @@ --- -weight: 203 +weight: 207 toc: true title: High Availability menu: diff --git a/Documentation/img/alertmanager-config.png b/Documentation/img/alertmanager-config.png new file mode 100644 index 00000000000..c748dcbed54 Binary files /dev/null and b/Documentation/img/alertmanager-config.png differ diff --git a/Documentation/img/config-based-resources.png b/Documentation/img/config-based-resources.png new file mode 100644 index 00000000000..a0be1e6362e Binary files /dev/null and b/Documentation/img/config-based-resources.png differ diff --git a/Documentation/img/instance-based-resources.png b/Documentation/img/instance-based-resources.png new file mode 100644 index 00000000000..dadfc10eb08 Binary files /dev/null and b/Documentation/img/instance-based-resources.png differ diff --git a/Documentation/img/prometheus-rule.png b/Documentation/img/prometheus-rule.png new file mode 100644 index 00000000000..77708e7017b Binary files /dev/null and b/Documentation/img/prometheus-rule.png differ diff --git a/Documentation/img/service-and-podMonitor.svg b/Documentation/img/service-and-podMonitor.svg new file mode 100644 index 00000000000..f14b8727856 --- /dev/null +++ b/Documentation/img/service-and-podMonitor.svg @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Documentation/installation.md b/Documentation/installation.md new file mode 100644 index 00000000000..dfe0c0affe6 --- /dev/null +++ b/Documentation/installation.md @@ -0,0 +1,110 @@ +--- +weight: 102 +toc: true +title: Installing Prometheus Operator +menu: + docs: + parent: getting-started +images: [] +draft: false +description: Installation guide listing all the installation methods of Prometheus Operator. +date: "2020-11-16T13:59:39+01:00" +--- + +There are different approaches to install Prometheus Operator in your Kubernetes cluster: + +- [Install using YAML files](#install-using-yaml-files) +- [Install using Kube-Prometheus](#install-using-kube-prometheus) +- [Install using Helm Chart](#install-using-helm-chart) + +### Pre-requisites + +For all the approaches listed on this page, you require access to a **Kubernetes cluster!** For this, you can check the official docs of Kubernetes available [here](https://kubernetes.io/docs/tasks/tools/). + +Version `>=0.39.0` of the Prometheus Operator requires a Kubernetes cluster of version `>=1.16.0`. If you are just starting out with the Prometheus Operator, it is **highly recommended** to use the latest version. If you have an older version of Kubernetes and the Prometheus Operator running, we recommend upgrading Kubernetes first and then the Prometheus Operator. + +> Check the appropriate versions of each of the components in the [Compatibility]({{}}) page. + +### Install using YAML files + +The first step is to install the operator's Custom Resource Definitions (CRDs) as well as the operator itself with the required RBAC resources. + +Run the following commands to install the CRDs and deploy the operator in the `default` namespace: + +```bash +LATEST=$(curl -s https://api.github.com/repos/prometheus-operator/prometheus-operator/releases/latest | jq -cr .tag_name) +curl -sL https://github.com/prometheus-operator/prometheus-operator/releases/download/${LATEST}/bundle.yaml | kubectl create -f - +``` + +The [Kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/) tool is required to install the operator into a namespace different than the `default` namespace: + +```bash +NAMESPACE=my_namespace +TMPDIR=$(mktemp -d) +LATEST=$(curl -s https://api.github.com/repos/prometheus-operator/prometheus-operator/releases/latest | jq -cr .tag_name) +curl -s "https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/refs/tags/$LATEST/kustomization.yaml" > "$TMPDIR/kustomization.yaml" +curl -s "https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/refs/tags/$LATEST/bundle.yaml" > "$TMPDIR/bundle.yaml" +(cd $TMPDIR && kustomize edit set namespace $NAMESPACE) && kubectl create -k "$TMPDIR" +``` + +It can take a few minutes for the operator to be up and running. You can check for completion with the following command: + +```bash +kubectl wait --for=condition=Ready pods -l app.kubernetes.io/name=prometheus-operator +``` + +### Install using Kube-Prometheus + +The easiest way of starting with the Prometheus Operator is by deploying it as part of kube-prometheus. kube-prometheus deploys the Prometheus Operator and already schedules a Prometheus called `prometheus-k8s` with alerts and rules by default. + +We are going to deploy a compiled version of the Kubernetes [manifests](https://github.com/prometheus-operator/kube-prometheus/tree/main/manifests). + +You can either clone the kube-prometheus from GitHub: + +```shell +git clone https://github.com/prometheus-operator/kube-prometheus.git +``` + +or download the current main branch as zip file and extract its contents: + +[github.com/prometheus-operator/kube-prometheus/archive/main.zip](https://github.com/prometheus-operator/kube-prometheus/archive/main.zip) + +Once you have the files on your machine change into the project's root directory and run the following commands: + +```shell +# Create the namespace and CRDs, and then wait for them to be available before creating the remaining resources +kubectl create -f manifests/setup + +# Wait until the "servicemonitors" CRD is created. The message "No resources found" means success in this context. +until kubectl get servicemonitors --all-namespaces ; do date; sleep 1; echo ""; done + +kubectl create -f manifests/ +``` + +We create the namespace and CustomResourceDefinitions first to avoid race conditions when deploying the monitoring components. Alternatively, the resources in both folders can be applied with a single command: + +``` +kubectl create -f manifests/setup -f manifests +``` + +But it may be necessary to run the command multiple times for all components to be created successfully. + +> Note: For versions before Kubernetes v1.20.z refer to the [Kubernetes compatibility matrix](https://github.com/prometheus-operator/kube-prometheus#kubernetes-compatibility-matrix) in order to choose a compatible branch. + +> Note: If you used Kube-Prometheus as the installation method, we would recommend you to follow this [page](http://prometheus-operator.dev/kube-prometheus/kube/access-ui/) to learn how to access the resources provided. + +### Remove Kube-Prometheus + +If you're done experimenting with kube-prometheus and the Prometheus Operator you can simply teardown the deployment by running: + +```shell +kubectl delete --ignore-not-found=true -f manifests/ -f manifests/setup +``` + +### Install Using Helm Chart + +Install the [Kube-Prometheus-Stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) helm chart which provides a collection of Kubernetes manifests, [Grafana](https://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the Prometheus Operator. + +To see more details, please check the [chart's README](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#kube-prometheus-stack). + +> This Helm chart is no longer part of Prometheus-Operator and is now maintained by [Prometheus Community Helm Charts](https://github.com/prometheus-community/helm-charts). diff --git a/Documentation/introduction.md b/Documentation/introduction.md new file mode 100644 index 00000000000..dc5a09dc621 --- /dev/null +++ b/Documentation/introduction.md @@ -0,0 +1,80 @@ +--- +weight: 101 +toc: true +title: Introduction +menu: + docs: + parent: getting-started +lead: "" +lastmod: "2020-10-06T08:48:57+00:00" +images: [] +draft: false +description: The Prometheus Operator provides Kubernetes native deployment and management of Prometheus and related monitoring components +date: "2020-10-06T08:48:57+00:00" +--- + +Prometheus Operator is a [Kubernetes Operator](https://github.com/cncf/tag-app-delivery/blob/main/operator-wg/whitepaper/Operator-WhitePaper_v1-0.md#foundation) that provides Kubernetes native deployment and management of [Prometheus](https://prometheus.io/) and related monitoring components. + +The Prometheus operator includes, but is not limited to, the following features: + +- **Kubernetes Custom Resources**: Use Kubernetes custom resources to deploy and manage Prometheus, Alertmanager, and related components. + +- **Simplified Deployment Configuration**: Configure the fundamentals of Prometheus like versions, persistence, retention policies, and replicas from a native Kubernetes resource. + +- **Prometheus Target Configuration**: Automatically generate monitoring target configurations based on familiar Kubernetes label queries; no need to learn a Prometheus specific configuration language. + +Prometheus Operator provides a set of Custom Resource Definitions(CRDs) that allows you to configure your Prometheus and related instances. Currently, the CRDs provided by Prometheus Operator are: + +- Prometheus +- Alertmanager +- ThanosRuler +- ServiceMonitor +- PodMonitor +- Probe +- PrometheusRule +- AlertmanagerConfig +- PrometheusAgent +- ScrapeConfig + +> Check the [Design]({{}}) page for an overview of all the resources provided by Prometheus Operator. + +### Goals + +- To significantly reduce the effort required to configure, implement and manage all components of Prometheus based monitoring stack. + +- **Automation** - Automate the management of Prometheus monitoring targets, ultimately increasing efficiency. This automation is performed by the use of Kubernetes [Custom Resource Definition](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/). The Operator introduces custom resources like `Prometheus`, `Alertmanager`, `ThanosRuler`, and others, which help automate the deployment and configuration of these resources. + +- **Configuration Abstraction and Validation** - Instead of learning and manually writing Prometheus Relabeling rules (which can be time consuming), you can simply use Kubernetes [Label Selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors). `ServiceMonitor`, `PodMonitor` and `Probe` custom resources provide this abstraction. The Operator also removes the complexity of validating the configuration of `AlertmanagerConfig` and `PrometheusRule` objects. + +- **Scaling** - There are many scaling-related features provided by the Operator like [ThanosRuler](https://prometheus-operator.dev/docs/platform/thanos/#thanos-ruler) custom resource for rule evaluation, workload distribution across multiple Prometheus instances using scrape target sharding, and running [Thanos sidecar](https://thanos.io/v0.4/components/sidecar/) in Prometheus instance for long-term storage. + +### Next Steps + +By now, you have the basic idea about Prometheus Operator!! + +Take a look at these guides to get into action with Prometheus Operator. + + + +{{< +link-card title="Getting-Started" href="https://prometheus-operator.dev/docs/getting-started/introduction/" description="Get started with Prometheus-Operator.">}} + + + +{{< +link-card title="API Reference" href="https://prometheus-operator.dev/docs/api-reference/api/" description="Reference for different fields of Custom Resources in Prometheus-Operator.">}} + + + +{{< +link-card title="Platform Guide" href="https://prometheus-operator.dev/docs/platform/webhook/" description="Set up, configure and manage instances of Prometheus-Operator, Prometheus, Alertmanager and ThanosRuler resources.">}} + + + +{{< +link-card title="Developer Guide" href="https://prometheus-operator.dev/docs/developer/getting-started/" description="Learn how to configure scraping, alerting, and recording rules for your applications.">}} + + + +{{< +link-card title="Community" href="https://prometheus-operator.dev/docs/community/contributing/" description="Join and interact with Prometheus-Operator community.">}} diff --git a/Documentation/operator.md b/Documentation/operator.md index 96bae3e0d0d..dd7ed387350 100644 --- a/Documentation/operator.md +++ b/Documentation/operator.md @@ -1,5 +1,5 @@ --- -weight: 212 +weight: 210 toc: false title: CLI reference menu: @@ -57,6 +57,10 @@ Usage of ./operator: PrometheusAgentDaemonSet: Enables the DaemonSet mode for PrometheusAgent (enabled: false) -key-file string - NOT RECOMMENDED FOR PRODUCTION - Path to private TLS certificate file. + -kubelet-endpoints + Create Endpoints objects for kubelet targets. (default true) + -kubelet-endpointslice + Create EndpointSlice objects for kubelet targets. -kubelet-node-address-priority value Node address priority used by kubelet. Either 'internal' or 'external'. Default: 'internal'. -kubelet-selector value @@ -74,7 +78,7 @@ Usage of ./operator: -namespaces value Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list). This is mutually exclusive with --deny-namespaces. -prometheus-config-reloader string - Prometheus config reloader image (default "quay.io/prometheus-operator/prometheus-config-reloader:v0.75.2") + Prometheus config reloader image (default "quay.io/prometheus-operator/prometheus-config-reloader:v0.78.2") -prometheus-default-base-image string Prometheus default base image (path without tag/version) (default "quay.io/prometheus/prometheus") -prometheus-instance-namespaces value @@ -83,6 +87,8 @@ Usage of ./operator: Label selector to filter Prometheus and PrometheusAgent Custom Resources to watch. -secret-field-selector value Field selector to filter Secrets to watch + -secret-label-selector value + Label selector to filter Secrets to watch -short-version Print just the version number. -thanos-default-base-image string diff --git a/Documentation/platform-guide.md b/Documentation/platform-guide.md new file mode 100644 index 00000000000..c592db3171e --- /dev/null +++ b/Documentation/platform-guide.md @@ -0,0 +1,183 @@ +--- +weight: 201 +toc: true +title: Getting Started +menu: + docs: + parent: user-guides +lead: "" +images: [] +draft: false +description: Getting started page for Platform Guide +--- + +This guide assumes you have a basic understanding of the Prometheus Operator. If you are new to it, please start with the [Introduction](introduction.md) page before proceeding. This guide will walk you through deploying Prometheus and Alertmanager instances. + +## Deploying Prometheus + +To deploy a Prometheus instance, you must create the [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/authorization/) rules for the Prometheus service account. + +First, create a ServiceAccount for Prometheus. + +```yaml mdox-exec="cat example/rbac/prometheus/prometheus-service-account.yaml" +apiVersion: v1 +kind: ServiceAccount +metadata: + name: prometheus +``` + +Next, create a ClusterRole that grants Prometheus the necessary permissions to discover and scrape the targets within the cluster. + +```yaml mdox-exec="cat example/rbac/prometheus/prometheus-cluster-role.yaml" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: prometheus +rules: +- apiGroups: [""] + resources: + - nodes + - nodes/metrics + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: + - configmaps + verbs: ["get"] +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: ["get", "list", "watch"] +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: ["get", "list", "watch"] +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +``` + +Now, create a ClusterRoleBinding to bind the ClusterRole to the Prometheus ServiceAccount. + +```yaml mdox-exec="cat example/rbac/prometheus/prometheus-cluster-role-binding.yaml" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: prometheus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus +subjects: +- kind: ServiceAccount + name: prometheus + namespace: default +``` + +Apply all these manifests to create the necessary RBAC resources. Now you are all set to deploy a Prometheus instance. Here is an example of a basic Prometheus instance manifest. + +```yaml mdox-exec="cat example/user-guides/getting-started/prometheus.yaml" +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: prometheus +spec: + serviceAccountName: prometheus +``` + +To verify that the instance is up and running, run: + +```bash +kubectl get -n default prometheus prometheus -w +``` + +For more information, see the [Prometheus Operator RBAC guide]({{< ref "rbac" >}}). + +## Deploying Alertmanager + +Let us take a simple example that creates 3 replicas of Alertmanager. + +```yaml mdox-exec="cat example/user-guides/alerting/alertmanager-example.yaml" +apiVersion: monitoring.coreos.com/v1 +kind: Alertmanager +metadata: + name: example +spec: + replicas: 3 +``` + +Wait for all Alertmanager pods to be ready: + +```bash +kubectl get pods -l alertmanager=example -w +``` + +However, Alertmanager as it is now is of no use to us. To properly use Alertmanager, it is important to understand the relationship between Prometheus and Alertmanager. Alertmanager is used to: + +* Deduplicate alerts received from Prometheus. +* Silence alerts. +* Route and send grouped notifications to various integrations (PagerDuty, OpsGenie, mail, chat, …). + +So, to put Alertmanager instances to use, you would need to integrate it with Prometheus. + +## Integrating Alertmanager With Prometheus + +### Exposing the Alertmanager service + +To access the Alertmanager interface, you have to expose the service to the outside. For +simplicity, we use a `NodePort` Service. + +```yaml mdox-exec="cat example/user-guides/alerting/alertmanager-example-service.yaml" +apiVersion: v1 +kind: Service +metadata: + name: alertmanager-example +spec: + type: NodePort + ports: + - name: web + nodePort: 30903 + port: 9093 + protocol: TCP + targetPort: web + selector: + alertmanager: example +``` + +Once the Service is created, the Alertmanager web server is available under the +node's IP address on port `30903`. + +> Note: Exposing the Alertmanager web server this way may not be an applicable solution. Read more about the possible options in the [Ingress guide](user-guides/exposing-prometheus-and-alertmanager.md). + +### Configuring Alertmanager in Prometheus + +The Alertmanager cluster is now fully functional and highly available, but no +alerts are fired against it. + +First, create a Prometheus instance that will send alerts to the Alertmanger cluster: + +``` +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: example +spec: + serviceAccountName: prometheus + replicas: 2 + alerting: + alertmanagers: + - namespace: default + name: alertmanager-example + port: web +``` + +The `Prometheus` resource discovers all of the Alertmanager instances behind +the `Service` created before (pay attention to `name`, `namespace` and `port` +fields which should match with the definition of the Alertmanager Service). + +Open the Prometheus web interface, go to the "Status > Runtime & Build +Information" page and check that the Prometheus has discovered 3 Alertmanager +instances. diff --git a/Documentation/proposals/202201-prometheus-agent.md b/Documentation/proposals/202201-prometheus-agent.md new file mode 100644 index 00000000000..a88a7c4f098 --- /dev/null +++ b/Documentation/proposals/202201-prometheus-agent.md @@ -0,0 +1,182 @@ +# Prometheus Agent support + +## Summary + +The Prometheus 2.32.0 release introduces the Prometheus Agent, a mode optimized for remote-write dominant scenarios. This document proposes extending the Prometheus Operator to allow running a Prometheus Agent with different deployment strategies. + +## Background + +The Prometheus Operator in its current state does not allow a simple way of deploying the Prometheus agent. A potential workaround has been described in a [Github comment](https://github.com/prometheus-operator/prometheus-operator/issues/3989#issuecomment-974137486), where the agent can be deployed through the existing Prometheus CRD by explicitly setting command-line arguments specific to the agent mode. + +As described in the comment, one significant problem with this approach is that the Prometheus Operator always generates `alerts` and `rules` sections in the Prometheus config file. These sections are not allowed when running the agent so users need to take additional actions to pause reconciliation of the Prometheus CR, tweak the generated secret and then unpause reconciliation in order to resolve the problem. Alternatively, users can apply a strategic merge patch to the prometheus container as described in the kube-prometheus docs: [https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/customizations/prometheus-agent.md](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/customizations/prometheus-agent.md) + +While this workaround can be used as a stop-gap solution to unblock users in the short term, it has the drawback of needing additional steps which require understanding implementation details of the operator itself. In addition to this, overriding the value of the argument `--config.file` also requires knowledge of Prometheus Operator internals. + +A lot of the fields supported by the current PrometheusSpec are not applicable to the agent mode. These fields are documented in the PrometheusAgent CRD section. + +Finally, the Prometheus agent is significantly different from the Prometheus server in the way that it fits in a monitoring stack. Therefore, running it as a StatefulSet might not be the only possible deployment strategy, users might want to run it as a DaemonSet or a Deployment instead. + +## Proposal + +This document proposes introducing a PrometheusAgent CRD to allow users to run Prometheus in agent mode. Having a separate CRD allows the Prometheus and PrometheusAgent CRDs to evolve independently and expose parameters specific to each Prometheus mode. + +For example, the PrometheusAgent CRD could have a `strategy` field indicating the deployment strategy for the agent, but no `alerting` field since alerts are not supported in agent mode. Even though there will be an upfront cost for introducing a new CRD, having separate APIs would simplify long-term maintenance by allowing the use of CRD validation mechanisms provided by Kubernetes. + +In addition, dedicated APIs with mode-specific fields are self documenting since they remove the need to explicitly document which fields and field values are allowed or required for each individual mode. Users will also be able to get an easier overview of the different parameters they could set for each mode, which leads to a better user experience when using the operator. + +Finally, the advantage of using a separate CRD is the possibility of using an alpha API version, which would clearly indicate that the CRD is still under development. The Prometheus CRD, on the other hand, has already been declared as v1 and adding experimental fields to it will be challenging from both documentation and implementation aspects. + +### Prometheus Agent CRD + +The PrometheusAgent CRD would be similar to the Prometheus CRD, with the exception of removing fields which are not applicable to the prometheus agent mode. + +Here is the list of fields we want to exclude: +* `retention` +* `retentionSize` +* `disableCompaction` +* `evaluationInterval` +* `rules` +* `query` +* `ruleSelector` +* `ruleNamespaceSelector` +* `alerting` +* `remoteRead` +* `additionalAlertRelabelConfigs` +* `additionalAlertManagerConfigs` +* `thanos` +* `prometheusRulesExcludedFromEnforce` +* `queryLogFile` +* `allowOverlappingBlocks` + +The `enabledFeatures` field can be validated for agent-specific features only, which include: `expand-external-labels`, `extra-scrape-metrics` and `new-service-discovery-manager`. + +Finally, the `remoteWrite` field should be made required only for the agent since it is a mandatory configuration section in agent mode. + +### Deployment Strategies + +When using Prometheus in server mode, scraped samples are stored in memory and on disk. These samples need to be preserved during disruptions, such as pod replacements or cluster maintenance operations which cause evictions. Because of this, the Prometheus Operator currently deploys Prometheus instances as Kubernetes StatefulSets. + +On the other hand, when running Prometheus in agent mode, samples are sent to a remote write target immediately, and are not kept locally for a long time. The only use-case for storing samples locally is to allow retries when remote write targets are not available. This is achieved by keeping scraped samples in a WAL for 2h at most. Samples which have been successfully sent to remote write targets are immediately removed from local storage. + +Since the Prometheus agent has slightly different storage requirements, this proposal suggests allowing users to choose different deployment strategies. + +#### Running the agent with cluster-wide scope + +Even though the Prometheus agent has very little need for storage, there are still scenarios where sample data can be lost if persistent storage is not used. If a remote write target is unavailable and an agent pod is evicted at the same time, the samples collected during the unavailability window of the remote write target will be completely lost. + +For this reason, the cluster-wide strategy would be implemented by deploying a StatefulSet, similarly to how `Prometheus` CRs are currently reconciled. This also allows for reusing existing code from the operator and delivering a working solution faster and with fewer changes. Familiarity with how StatefulSets work, together with the possibility to reuse existing code, were the primary reasons for choosing StatefulSets for this strategy over Deployments. + +The following table documents the problems that could occur with a Deployment and StatefulSet strategy in different situations. + +
(Optional)

Optional proxy URL.

+

If defined, this field takes precedence over proxyUrl.

+
+proxyUrl
+ +string + +
+(Optional) +

proxyURL defines the HTTP proxy server to use.

+
+noProxy
+ +string + +
+(Optional) +

noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names +that should be excluded from proxying. IP and domain names can +contain port numbers.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+
+proxyFromEnvironment
+ +bool + +
+(Optional) +

Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+
+proxyConnectHeader
+ + +map[string][]k8s.io/api/core/v1.SecretKeySelector + + +
+(Optional) +

ProxyConnectHeader optionally specifies headers to send to +proxies during CONNECT requests.

+

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Pod update + Network outage during pod update + Network outage during node drain + Cloud k8s node rotation + Non-graceful pod deletion +
Deployment with emptyDir volume + No delay in scrapes if the new pod is created before the old one is terminated + Unsent samples will be lost. +

+EmptyDir is tied to a pod and node, and data from the old pod will not be preserved. +

Unsent samples will be lost. +

+EmptyDir is tied to a pod and node, and data from the old pod will not be preserved. +

Unsent samples will be lost + Unsent samples will be lost. +

+EmptyDir is tied to a pod and node, and data from the old pod will not be preserved. +

Statefulset with a PVC + Potential delay in a subsequent scrape due to recreation of the pod + No data loss, the volume will contain all unsent data + No data loss, the volume will contain all unsent data + No data loss if a new pod scheduled to the same AZ node. May be stuck in pending state otherwise + No data loss, the volume will contain all unsent data +
Deployment or STS with replicas + No delay, mitigated by replicas + Unsent data will be lost if last replica terminated before network outage resolves + No data loss, as other replicas are running on other nodes + No data loss, as other replicas running on other nodes + No data loss as other replicas untouched +
+ +#### Running the agent with node-specific scope + +This strategy has a built-in auto-scaling mechanism since each agent will scrape only a subset of the targets. As the cluster grows and more nodes are added to it, new agent instances will automatically be scheduled to scrape pods on those nodes. Even though the load distribution will not be perfect (targets on certain nodes might produce far more metrics than targets on other nodes), it is a simple way of adding some sort of load management. + +Another advantage is that persistent storage can now be handled by mounting a host volume, a strategy commonly used by log collectors. The need for persistent storage is described in the StatefulSet strategy section. + +The Grafana Agent config exposes a `host_filter` boolean flag which, when enabled, instructs the agent to only filter targets from the same node, in addition to the scrape config already provided. With this option, the same config can be used for agents running on multiple nodes, and the agents will automatically scrape targets from their own nodes. Such a config option is not yet available in Prometheus. An issue has already been raised [[3]](https://github.com/prometheus/prometheus/issues/9637) and there is an open PR for addressing it [[4]](https://github.com/prometheus/prometheus/pull/10004). + +Until the upstream work has been completed, it could be possible to implement this strategy with a few tweaks: +* the operator could use the [downward API](https://kubernetes.io/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/#capabilities-of-the-downward-api) to inject the node name in the pods. +* the operator's config reloader already supports expansion of environment variables. + +With this setup, the unexpanded Prometheus configuration would look as follows + +```yaml +relabel_configs: +- source_labels: [__meta_kubernetes_pod_node_name] + action: keep + regex: $NODE_NAME + +in the pod definition: +spec: +- container: config-reloader + env: +- name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName +``` + +## Additional implementation details + +There has been a suggestion in [a Github comment](https://github.com/prometheus-operator/prometheus-operator/issues/3989#issuecomment-821249404) to introduce a ScrapeConfig CRD in parallel to adding the PrometheusAgent CRD, and “translate” PrometheusAgent CRs to ScrapeConfig CRs. The main challenge with this approach is that it significantly increases the scope of the work that needs to be done to support deploying Prometheus agents. + +A leaner alternative would be to focus on implementing the PrometheusAgent CRD by reusing code from the existing Prometheus controller. The ScrapeConfig can then be introduced separately, and the PrometheusAgent can be the first CRD which gets migrated to it. + +### Implementation steps + +The first step in the implementation process would include creating the PrometheusAgent CRD and deploying the agent as a StatefulSet, similar to how the Prometheus CRD is currently reconciled. This will allow for reusing a lot of the existing codebase from the Prometheus controller and the new CRD can be released in a timely manner. + +Subsequent steps would include iterating on users' feedback and either implementing different deployment strategies, or refining the existing one. + +## References +* [1] [https://github.com/grafana/agent/blob/5bf8cf452fa76c75387e30b6373630923679221c/production/kubernetes/agent-bare.yaml#L43](https://github.com/grafana/agent/blob/5bf8cf452fa76c75387e30b6373630923679221c/production/kubernetes/agent-bare.yaml#L43) +* [2] [https://github.com/open-telemetry/opentelemetry-operator#deployment-modes](https://github.com/open-telemetry/opentelemetry-operator#deployment-modes) +* [3] [https://github.com/prometheus/prometheus/issues/9637](https://github.com/prometheus/prometheus/issues/9637) +* [4] [https://github.com/prometheus/prometheus/pull/10004](https://github.com/prometheus/prometheus/pull/10004) diff --git a/Documentation/proposals/202310-shard-autoscaling.md b/Documentation/proposals/202310-shard-autoscaling.md index a8afd54061a..1a68834ec2a 100644 --- a/Documentation/proposals/202310-shard-autoscaling.md +++ b/Documentation/proposals/202310-shard-autoscaling.md @@ -129,7 +129,7 @@ We intentionally don't want to spin up new instances while others that are marke Prometheus Agents are different than servers since queries are not available in this mode. Their only responsibility is scraping metrics and pushing them via remote-write to a long-term storage backend, making the scale-down experience much easier to handle. -When receiving the SIGTERM signal, the Prometheus Agent should gracefully handle the signal by finishing all remote-write queues before ending the process. Prometheus-Operator, by default, adjusts the [Graceful Termination Period](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination) of Prometheus/PrometheusAgent pods to 600s. Ten minutes should be enough for them to flush the remote-write queue, but, if needed, users can redefine Graceful Termination Period using [Strategic Merge Patch](https://prometheus-operator.dev/docs/operator/strategic-merge-patch/). +When receiving the SIGTERM signal, the Prometheus Agent should gracefully handle the signal by finishing all remote-write queues before ending the process. Prometheus-Operator, by default, adjusts the [Graceful Termination Period](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination) of Prometheus/PrometheusAgent pods to 600s. Ten minutes should be enough for them to flush the remote-write queue, but, if needed, users can redefine Graceful Termination Period using [Strategic Merge Patch](https://prometheus-operator.dev/docs/platform/strategic-merge-patch/). Since there's no use case for retaining Prometheus Agents, its CRD will not be extended with the `RetentionPolicy` mentioned in [Graceful scale-down of Prometheus Servers](#graceful-scale-down-of-prometheus-servers) diff --git a/Documentation/proposals/202405-agent-daemonset.md b/Documentation/proposals/202405-agent-daemonset.md index 08c40222831..99b28cd9b34 100644 --- a/Documentation/proposals/202405-agent-daemonset.md +++ b/Documentation/proposals/202405-agent-daemonset.md @@ -64,7 +64,7 @@ Currently, we already have a PrometheusAgent CRD that supports StatefulSet deplo The reason for enhancing existing CRD (instead of introducing a new CRD) is it would take less time to finish the MVP. We’ll let users experiment with the MVP, and in case users report a separate CRD is needed, we’ll separate the logic of DaemonSet deployment into a new CRD later. -The current [PrometheusAgent CRD](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1alpha1.PrometheusAgent) already has sufficient fields for the DaemonSet deployment. The DaemonSet deployment can use all the existing fields in the CRD except the ones related to: +The current [PrometheusAgent CRD](https://prometheus-operator.dev/docs/platform/prometheus-agent/) already has sufficient fields for the DaemonSet deployment. The DaemonSet deployment can use all the existing fields in the CRD except the ones related to: * Selectors for service, probe, ScrapeConfig * Replica * Shard diff --git a/Documentation/proposals/202405-docs-restructuring.md b/Documentation/proposals/202405-docs-restructuring.md new file mode 100644 index 00000000000..1ca37d3f992 --- /dev/null +++ b/Documentation/proposals/202405-docs-restructuring.md @@ -0,0 +1,121 @@ +# Revamping Documentation Structure + +- Owners: + - [AshwinSriram11](https://github.com/AshwinSriram11) +- Related Tickets: + - [#3553](https://github.com/prometheus-operator/prometheus-operator/issues/3553#issuecomment-726733177) + - [#6046](https://github.com/prometheus-operator/prometheus-operator/issues/6046) +- Other docs: + - N/A + +This document proposes restructuring the documentation of the Prometheus-Operator website, aiming for better content organization and better experience for new users and old veterans. + +# Why + +Restructuring the documentation will help in improving user experience and may save time for a user to search for relevant information effectively. This will encourage a newcomer to get familiar with the project in an efficient manner. The end goal of a good documentation is to follow the industrial best practices and provide accurate information to a user. + +I believe that by restructuring, we can group the related topics together in an organized way and use cross-references to link topics that are difficult to group but are relevant for understanding. This makes the documentation more user-friendly and also ensures uniform flow of content. + +After we have a proper structure, it will become relatively easy to add information about new features. Maintainers will be able to save time on deciding the best place for adding new content. Also, improving documentation will help in improving Search Engine Optimization(SEO) and increase the engagement of the project. + +# Pitfalls of the current solution + +A good documentation is one that is easy to understand for a newcomer and provides the exact amount of information that is needed according to the need. But looking at the current documentation structure, a lot of topics seem misplaced. For example, there is no need for a **"Contributing"** page in the prologue section. Prologue section should only give the introduction and the prerequisites for the project. Due to this, a user might need to put more effort to search for relevant information and this might decrease the user's productivity. + +Currently, there is some unnecessary information from the documentation creating misconceptions in the user's mind. For example, let us look at [#6046](https://github.com/prometheus-operator/prometheus-operator/issues/6046) which tells us that there is no Ingress Guide present in the current documentation. But, if we look at the website, there are links to the **“Ingress Guide”** on the [Getting-Started](https://prometheus-operator.dev/docs/developer/getting-started/#exposing-the-prometheus-service) and [Alerting page](https://prometheus-operator.dev/docs/developer/alerting/#exposing-the-alertmanager-service) in **User-Guide**. Due to this, many users will report the same issue and it will take time for maintainers to resolve them. + +Incorporation of new topics is also difficult if the structure is not up to mark because more time and effort is needed to decide the best place to add a topic which can often lead to decrease in productivity of a maintainer. For example, in issue [#3553](https://github.com/prometheus-operator/prometheus-operator/issues/3553#issuecomment-726733177), it has been mentioned that basic architecture needs to be worked upon before adding the diagram as there is no section talking about **“namespace selection”** in the current documentation. + +# Goals + +- To improve readability and make the documentation easier to understand. +- To ensure a uniform flow of content. +- To remove irrelevant information from the documentation. +- To ensure that all new features get documented properly in the future. + +# Audience + +- Developers who want to configure monitoring for their applications. +- Developers who want to set up alerts for their application. +- Platform engineers who want to monitor Prometheus and Alertmanager instances and manage the infrastructure. +- Maintainers who are responsible for optimizing Prometheus Operator. +- Contributors who want to engage and want to contribute effectively to the project. + +# Non-Goals + +- Adding extra documentation about new features, enhancements, troubleshooting, or other information that might be missing today. + +# How + +I believe a basic structure for the website should be as given below: + +### 1. Getting Started + +- **Introduction** - This section will introduce us to Prometheus-Operator and will talk about goals and the problems that are being solved by this project. +- **Installation Guide** - This section will contain all the methods of installation of Prometheus-Operator in the production environment. +- **Compatibility** - This section will provide information about compatibility of Prometheus-Operator with Kubernetes, Prometheus, Alertmanager and Thanos. +- **Design** - This section will describe the design of Prometheus-Operator focusing on the various custom resource definitions(CRDs) it manages. + +### 2. API Reference + +This section will provide detailed information about different fields of the Custom Resources in Prometheus-Operator(config, spec, status and other information). + +### 3. Developer Guide + +This section will provide detailed information for developers on how to configure monitoring for their applications. This section will teach on how to define and manage `ServiceMonitor`, `PodMonitor` and `PrometheusRule` objects. + +From the current documentation,following topics will come under this section: + +- **Getting Started** +- **ScrapeConfig CRD** +- **Alerting** + +### 4. Platform Guide + +This section will explain how to set up, configure and manage Prometheus Operator infrastructure. It will explain about managing Prometheus, Alertmanager instances, setting up persistent storage for different resources, instructions on implementing Role-Based Access Control (RBAC) and much more. + +From the current documentation, following topics will come under this section: + +- **Admission Webhook** +- **Prometheus Agent** +- **Thanos** +- **RBAC** +- **RBAC for CRDs** +- **High Availability** +- **Storage** +- **Strategic Merge Patch** +- **CLI Reference** + +### 5. Community + +- **Contributing** +- **Testing** +- **DCO** +- **Code of Conduct** +- **Release** + +The reasoning behind the new structure is given below - + +- The **“Getting-Started”** section should only serve information on how to begin your journey with the project. So, the first thing that comes to mind should be a basic overview followed by the installation. It won’t make sense to have the installation section appear in the User-Guide(in the current model) because installation is the foremost important thing to begin working on a project. With installation, users would also like to know the different releases and their compatibility, thus it makes more sense to add this topic just below the installation section. At last, Design doc should be present to give an overview of how different components interact and what their purpose is in a concise manner. + +- API Reference is of extreme importance and is something needed by developers to implement the functionalities they need. It is something needed by both a **Developer** and a **Platform Engineer**. As it is common for both personas, I think rather than duplicating this page in both sections, we should have a separate section for it due to its relevance. Further, looking at the current API reference page, it contains too much information for a single page. This makes the page look overly crowded and searching for any particular field becomes a tedious task. We can convert this page into multiple pages by grouping sections and cross-reference properly which will provide a better experience for a user. + +- I felt that **Developer-Guide** is placed before **Platform-Guide** keeping in mind the difficulties a newcomer faces when he/she starts working on a project. Developer-Guide contains relatively easier examples and provides a beginner level experience. But when we move on to the Platform-Guide, we will find more advanced situations like security, storage which would be more complex compared to topics mentioned in Developer Guide. Thus, this structure provides a uniform flow with context to difficulty level for a newcomer as well as segregates relevant information according to the persona. + +- As mentioned in the audience, we also have people who want to contribute to the project. So, making a **“Community”** section serves the purpose of providing users to find how to contribute to the project. Also, it provides other community related information like release, code od conduct, and other topics which are not provided in the current model. + +- We will move the **Kube-Prometheus** section as separate docs but on the same website. We will provide a link for Kube-Prometheus (beside Docs and Adopters) in the top-navigation bar which will direct us to dedicated docs for Kube-Prometheus. This is being done to avoid overlapping the concepts of Prometheus Operator with those of Kube-Prometheus. However, we can mention the method of deploying Prometheus-Operator with Kube-Prometheus in the installation section due to its ease and popularity among users. + +- To make the documentation organization better according to the new structure and keep things in sync with the **prometheus-operator/website** repository, we should reorganize the folders as they are in the **website** repository. This will make it easier to work with both the repositories for a contributor and will help in better organization. This will also make it easier to locate the file in which changes need to be made. + +# Action Plan + +1. Making sections and organizing files as described above. +2. If needed, splitting the content of one file into multiple files to improve readability or changing the location of content wherever required. +3. Removing content that is unnecessary for the project. + +# Follow-Ups + +After we successfully complete the Goals of this proposal, we can move on with the Non-Goals section. As mentioned, the next step would be to add the documentation for the topics that are currently missing. + +Another follow-up to this proposal would be to integrate version-specific documentation. diff --git a/Documentation/proposals/202405-scrapeconfig-graduation.md b/Documentation/proposals/202405-scrapeconfig-graduation.md new file mode 100644 index 00000000000..2104e4f1fb4 --- /dev/null +++ b/Documentation/proposals/202405-scrapeconfig-graduation.md @@ -0,0 +1,185 @@ +# Graduate ScrapeConfig CRD To Beta + +* Owners: + * [mviswanathsai](https://github.com/mviswanathsai) +* Related Tickets: + * [Graduate The `ScrapeConfig` CRD To `v1beta1`](https://github.com/prometheus-operator/prometheus-operator/issues/6697) +* Other docs: + * [ScrapeConfig Design Proposal](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/proposals/202212-scrape-config.md) + * [Kubernetes API versioning](https://kubernetes.io/docs/reference/using-api/#api-versioning) + +## Why + +The goal of this proposal is to pave the way to graduate the ScrapeConfig CRD in the Prometheus Operator to beta. We aim to do this by building +a 1:1 relationship with the Prometheus `scrape_config`. By enhancing the Service Discovery support, aligning the CRD fields, and standardizing +configurations. + +## Pitfalls of the Current Solution + +- The CRD is currently in v1alpha1 version, this hinders its adoption among the users of Prometheus-Operator. + +## Goals + +- Pave the way for graduating the ScrapeConfig CRD to v1beta1 by aligning on the graduation criteria. +- Enhance the Service Discovery support by adding more Service Discovery configurations. +- Ensure all fields in Prometheus `scrape_config` are supported in the ScrapeConfig CRD. +- Maintain naming conventions and field consistency across existing and new Service Discoveries. +- Identify inconsistencies in validations. +- Outline the migration strategy from `v1alpha1` to `v1beta1`. + +## Audience + +- Prometheus Operator maintainers and contributors. +- Users and developers relying on the Prometheus Operator for creating monitoring configurations. +- Stakeholders interested in the evolution and improvement of the Prometheus Operator. + +## Non-Goals + +- Implementing the 28 Service Discovery configurations currently supported by Prometheus. +- To plan out a detailed graduation strategy. +- Convert existing monitor objects to low-level ScrapeConfig objects. + +## How + +In order to provide a more comprehensive and versatile monitoring solution, enhancing the +Service Discovery support in the Prometheus Operator is crucial. This will address current +limitations and better serve diverse user needs. The following steps outline our approach to achieving this goal: + +### Support Statement For Service Discovery Mechanisms + +By adding more Service Discovery configurations, we increase the flexibility and utility of the CRD for various user scenarios. +Kubernetes being the sole target for Prometheus-Operator, we think it is fitting to provide complete support for Kubernetes service discovery, this includes +supporting all fields present in the Prometheus configuration, example use cases and keeping the Service Discovery robustly maintained in general. We believe that the Kubernetes service discovery +along with the other existing service discoveries that we offer should be sufficient for most user's needs and so implementing all the Service discoveries +is not a priority. However, this does not imply service discovery support is limited to what exists today. +It would be a better use of time to add the service discoveries that the users need as we get feature requests for them. + +The following is the list of Service Discoveries which we want to support before graduation: + +- *`azure_sd_config`* +- *`consul_sd_config`* +- *`digitalocean_sd_config`* +- *`docker_sd_config`* +- *`dockerswarm_sd_config`* +- *`dns_sd_config`* +- *`ec2_sd_config`* +- *`openstack_sd_config`* +- *`puppetdb_sd_config`* +- *`file_sd_config`* +- *`gce_sd_config`* +- *`hetzner_sd_config`* +- *`http_sd_config`* +- *`kubernetes_sd_config`* +- *`kuma_sd_config`* +- *`lightsail_sd_config`* +- *`linode_sd_config`* +- *`nomad_sd_config`* +- *`eureka_sd_config`* +- *`ovhcloud_sd_config`* +- *`scaleway_sd_config`* +- *`ionos_sd_config`* + +If we were to categorize the Service Discoveries based on the amount of effort we are willing to put in maintaining them: + +**Tier-1:** +Project maintainers fully support the service discovery in this group. It includes the Kubernetes SD since the Operator requires a Kubernetes control plane to run. It also includes core service discoveries based on well-established protocols. +- Kubernetes Service Discovery +- File Service Discovery +- Static Config +- DNS Service Discovery +- HTTP Service Discovery + +**Tier-2:** +This group includes service discoveries which are related to Kubernetes, cloud-native environments and widely used solutions. The project maintainers don't actively support them but they are happy to review issues and pull requests. +- DigitalOcean Service Discovery +- Consul Service Discovery +- Azure Service Discovery +- EC2 Service Discovery +- Lightsail Service Discovery +- Kuma Service Discovery +- OVHCloud Service Discovery +- Scaleway Service Discovery +- Ionos Service Discovery +- OpenStack Service Discovery +- GCE Service Discovery + +The project maintainers do not commit to actively maintaining any service discoveries that are not listed above. We don't mean that other service discoveries are ignored, but +they are not a priority. They will be supported on a best-effort basis, meaning they will be maintained as time and resources allow, without a firm commitment from the +maintainers. + +At the time of writing this document, the following Service Discoveries are not supported but may be added in the future on user requests and contributions: + +- **`uyuni_sd_config`** +- **`vultr_sd_config`** + +We don't plan to support the following Service Discoveries, due to them being deprecated or inactive: + +- **`marathon_sd_config`** +- **`nerve_sd_config`** +- **`serverset_sd_config`** +- **`triton_sd_config`** + +### Fill Existing Gaps From The Prometheus Configuration + +We intend to support all fields that the Prometheus `scrape_config` contains, in the ScrapeConfig CRD. However, there might be exceptions like `job_name` for example which need to be +implemented in a slightly different manner to prevent issues related to non-unique job names. + +### Improve API Consistency + +The idea is to make the API as restrictive as possible against the user making wrong/redundant configurations. To that extent, the CRD contains a number +of inconsistencies both in naming conventions and field validations that need to be rectified. Some of the noted inconsistencies are: +- Missing validations on `URL` and `Host` fields. +- Missing validations on maximum and minimum value acceptable for `Port` field. +- Missing Prometheus version check for various Service Discoveries. +- Missing length validation on multiple string fields. + +We propose that once the above mentioned Service discoveries which are planned to be implemented before graduation are added, we +restructur the ScrapeConfig API one Service discovery at a time to achieve a tightly knit API surface. To that extent, the general rule +of thumb will be: "Make the API as strict as possible." This allows us to lower the level of restrictions in the future if need be, whereas +the converse might not always be feasible. + +Through these efforts, we aim to achieve a 1:1 relationship with the Prometheus `scrape_config` (minus the Service Discoveries), enhancing the usability and completeness of the ScrapeConfig CRD. This alignment ensures that users have access to the full range of configurations offered by Prometheus, making the Prometheus Operator a more powerful and flexible tool for monitoring and observability beyond Kubernetes. + +### Graduation Strategy + +#### Requirements for Graduation + +We propose to graduate the CRD to beta when the following milestones are all achieved: +1. The Service Discoveries which we have listed are all supported. +2. There is consensus among the maintainers about the API consistency. +3. We are confident about the completeness of the test cases coverage for the API. + +#### Path for Graduation + +From past experience with the graduation of the `AlertmanagerConfig` CRD, we believe that the cost of implementing and maintaining a conversion webhook is too much to bear +and we would like to avoid it when possible. +Keeping this in mind, we recommend that we make all the breaking changes in `v1alpha` and +once there is a consensus in the community about the "readiness"/"completeness" of the`v1alpha1`, we graduate the ScrapeConfig CRD to `v1beta1`. +Note: In this strategy, both the `v1alpha1` and `v1beta1` APIs are expected to be identical to eachother, thus barring the need for a conversion webhook. + +From the [Kuberenetes CRD docs](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning/#specify-multiple-versions), +the `CustomResourceDefinition` would contain the following lines: + +``` + conversion: + # None conversion assumes the same schema for all versions and only sets the apiVersion + # field of custom resources to the proper value + strategy: None +``` + +### Testing and Verification + +- **Covering All Test Cases For Kubernetes Service Discovery**: Since Kubernetes is our main player, make sure all testcases for unit tests and e2e tests have been covered for the Kubernetes Service Discovery. + +- **Implement Comprehensive Unit Tests**: Ensure that unit tests are added for all new and existing Service Discovery configurations to ensure that the expected configuration is generated and validations are in place. + +## Alternatives + +- **Introduce v1alpha2 Before Beta** + - Strategy: Create a `v1alpha2` version incorporating all necessary breaking changes and refinements. Transition from `v1alpha2` to `v1beta1` when ready. + - Con: additional complexity for users without real benefit. + +- **Implement v1alpha1 to v1beta1 Conversion Webhook** + - Strategy: Graduate to `v1beta1` from `v1alpha1` with all the necessary changes/improvements and handle any breaking changes in the API between the two versions + with a conversion webhook. This ensures that users can automatically transition their configurations without manual intervention. + - Con: Greatly increases complexity for the maintainers as well as the users. diff --git a/Documentation/proposals/202407-remote-write.md b/Documentation/proposals/202407-remote-write.md new file mode 100644 index 00000000000..28360280003 --- /dev/null +++ b/Documentation/proposals/202407-remote-write.md @@ -0,0 +1,147 @@ +# RemoteWrite CRD + +- Owners: + - [@superbrothers](https://github.com/superbrothers) +- Related Tickets: + - [#6508](https://github.com/prometheus-operator/prometheus-operator/issues/6508) +- Other docs: + - n/a + +## TL;DR + +This design doc proposes RemoteWrite CRD, which enables cluster admins to delegate the ability to configure Prometheus remote_rewrite configuration to application developers/operators. + +## Why + +The Prometheus remote_write configuration is defined in the Prometheus CRD. Currently, the configuration data generation is the responsibility of cluster admins. + +## Goals + +The main goal is to enable application developers/operators to self-service the remote write, and configure how the client sends metrics to the remote endpoint. + +This means exposing a new CRD to configure Prometheus remote_write configuration. + +## Non-goals + +Prometheus has two APIs for integrating with remote storage: 'remote write' and 'remote read'. Since no confirmed demand exists to treat remote read as a CRD, we do not cover "RemoteRead" CRD here. We can still implement it later if needed. + +## How + +### RemoteWrite CRD + +The RemoteWrite CRD represents one of the Prometheus remote_write configuration scoped to the resource’s namespace. + +```yaml +apiVersion: monitoring.coreos.com/v1alpha1 +kind: RemoteWrite +metadata: + name: example + namespace: default +spec: + url: "https://aps-workspaces.us-west-2.amazonaws.com/workspaces//api/v1/remote_write" + sigv4: + region: us-west-2 + accessKey: + # Secret object references will be resolved in the namespace of this remoteWrite object. + # In this manifest it is the "default" namespace. + name: aws_access + key: access_key + secretKey: + name: aws_access + key: secret_key +``` + +```go +package v1alpha1 + +import ( + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +type RemoteWrite struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec monitoringv1.RemoteWriteSpec `json:"spec"` +} +``` + +### Prometheus CRD + +The Prometheus CRD is extended with 2 new fields (remoteWriteSelector and remoteWriteNamespaceSelector) that define which RemoteWrite resources are associated with this Prometheus instance. + +```yaml +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: example + namespace: default +spec: + # RemoteWrite objects to be selected. An empty label selector matches all + # objects. A null label selector matches no objects. + remoteWriteSelector: {} + # Namespaces to match for RemoteWrite discovery. An empty label selector + # matches all namespaces. A null label selector matches the current namespace + # only. + remoteWriteNamespaceSelector: {} + ... +``` + +#### Respect enforceNamespaceLabel and excludedFromEnforcement + +The RemoteWrite CRD should respect the Prometheus `.spec.enforcedNamespaceLabel` field. + +The object’s namespace is added as the first item in the `write_relabel_config` of the remote_write configuration. + +```yaml +write_relabel_configs: +- sourceLabels: + - namespace + regex: + action: keep + ... +``` + +The item is inserted in the first position by the operator before any other user relabelings, so there's no way that users can have access to metrics labeled with namespaces other than the one in which the RemoteWrite object is created. + +The RemoteWrite CRD should also respect the Prometheus `.spec.excludedFromEnforcement` field. It is a list of references to objects to be excluded from `enforcedNamespaceLabel`. + +### Configuration generation + +The Prometheus operator will generate the Prometheus configuration including remote_write configuration from the Prometheus CRD and the RemoteWrite resources matching remoteWriteSelector from the namespace(s) selected by remoteWriteNamespaceSelector for additional remote_rewrite configuration. + +The operator will respect the --namespaces and --deny-namespaces flags when looking for RemoteWrite objects. + +### Administrative limits + +Similar to what exists for scrape resources (e.g. `enforcedSampleLimit` for `ServiceMonitor`), we will allow the Prometheus resource's owners to setup upper-bound limits on the remote write options. For example, it will be possible to disable metadata sending or limit the queue capacity: + +```yaml +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: example + namespace: default +spec: + remoteWriteLimits: + metadataConfig: + send: false + queueConfig: + capacity: 1024 + maxShards: 16 +``` + +## PrometheusAgent CRD + +The PrometheusAgent CRD also supports the RemoteWrite CRD. Everything explained about the Prometheus CRD works in the same way for the PrometheusAgent. + +## Alternatives + +### Prometheus per namespace or team + +An application developer/operator can deploy Prometheus instances directly. However, Prometheus instances may be provided as managed by cluster admins. + +### The team responsible for the Prometheus object configuring individual remote write destinations on behalf of each "tenant" + +An application developer/operator will somehow share the remote_write configuration with the team responsible for Prometheus objects. This includes credential information for remote_write. diff --git a/Documentation/proposals/202409-status-subresource.md b/Documentation/proposals/202409-status-subresource.md new file mode 100644 index 00000000000..8e07fd2e1b0 --- /dev/null +++ b/Documentation/proposals/202409-status-subresource.md @@ -0,0 +1,331 @@ +# Status subresource for Prometheus operator CRDs + +* **Owners:** + * [simonpasquier](https://github.com/simonpasquier) + +* **Related Tickets:** + * [#3335](https://github.com/prometheus-operator/prometheus-operator/issues/3335) + +* **Other docs:** + * N/A + +This proposal describes how we will extend the Prometheus operator Custom +Resource Definitions (CRDs) with a Status subresource field. + +## Why + +Core Kubernetes resources differentiate between the desired state of an object +(the `spec` field) and the current status of the object (the `status` field) +([details][https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)). +Before this proposal, the current status of the objects was never reflected by +the Prometheus operator which makes it harder for external actors to know if +the underlying resource is available or not. + +### Pitfalls of the current solution + +Though some of the custom resource definitions expose already a `Status` +subresource, the Prometheus operator never updates the status subresource and +it is only possible to retrieve the information via the custom API exposed by +the operator’s web service. This makes it harder than necessary for users to +know if the declared resources are ready and to understand why if they aren’t. + +## Goals + +* Define the structure of the status subresource for the custom resource + definitions that materialize as Pod objects. + * `Alertmanager` + * `Prometheus` + * `PrometheusAgent` + * `ThanosRuler` +* Define how the operator would reconcile the status subresource. + +## Non-goals + +* Implement the status subresource for configuration objects like + `ServiceMonitor`, `PodMonitor`, `PrometheusRule`, `Probe` and `ScrapeConfig`. + * The main difficulty is that a `ServiceMonitor` object for instance can be + reconciled by different objects. It brings more complexity in terms of API + definition as well as implementation. + * This will be addressed in a separate proposal. +* Extend the status subresource beyond what the operator can infer from the + core Kubernetes API. +* Emit events on resource updates. + * Once the operator implements status subresources, it seems a natural + evolution to generate events on status changes but this isn't in the scope + of this proposal. + +## Background + +The status subresource is a well-defined concept in Kubernetes: +* [Kubernetes documentation](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#status-subresource) about custom resource definitions. +* [Kubernetes API conventions](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties). +* [kubebuilder](https://book-v1.book.kubebuilder.io/basics/status_subresource.html) documentation. +* [OperatorSDK](https://sdk.operatorframework.io/docs/building-operators/golang/advanced-topics/#manage-cr-status-conditions) documentation. + +As much as possible, the proposal follows the recommendations established by the Kubernetes community. + +## API + +### Prometheus + +The Prometheus CRD has a `Status` subresource that exposes the following fields: +* `Paused` +* `Replicas` +* `UpdatedReplicas` +* `AvailableReplicas` +* `UnavailableReplicas` + +We propose to add the following new fields: +* `Conditions` as recommended by the document describing the [Kubernetes API conventions](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties). +* `ShardStatuses` which is a drilled-down status for each Prometheus shard. + +```golang +type PrometheusStatus struct { + // Represents whether any actions on the underlying managed objects are + // being performed. Only delete actions will be performed. + Paused bool `json:"paused"` + // Total number of non-terminated pods targeted by this Prometheus deployment + // (their labels match the selector). + Replicas int32 `json:"replicas"` + // Total number of non-terminated pods targeted by this Prometheus deployment + // that have the desired version spec. + UpdatedReplicas int32 `json:"updatedReplicas"` + // Total number of available pods (ready for at least minReadySeconds) + // targeted by this Prometheus deployment. + AvailableReplicas int32 `json:"availableReplicas"` + // Total number of unavailable pods targeted by this Prometheus deployment. + UnavailableReplicas int32 `json:"unavailableReplicas"` + // The current state of the Prometheus deployment. + // +listType=map + // +listMapKey=type + // +optional + Conditions []Condition `json:"conditions,omitempty"` + // The list has one entry per shard. Each entry provides a summary of the shard status. + // +listType=map + // +listMapKey=shardID + // +optional + ShardStatuses []ShardStatus `json:"shardStatuses,omitempty"` + // Shards is the most recently observed number of shards. + Shards int32 `json:"shards,omitempty"` + // The selector used to match the pods targeted by this Prometheus resource. + Selector string `json:"selector,omitempty"` +} + + +// Condition represents the state of the resources associated with the +// Prometheus, Alertmanager or ThanosRuler resource. +// +k8s:deepcopy-gen=true +type Condition struct { + // Type of the condition being reported. + // +required + Type ConditionType `json:"type"` + // Status of the condition. + // +required + Status ConditionStatus `json:"status"` + // lastTransitionTime is the time of the last update to the current status property. + // +required + LastTransitionTime metav1.Time `json:"lastTransitionTime"` + // Reason for the condition's last transition. + // +optional + Reason string `json:"reason,omitempty"` + // Human-readable message indicating details for the condition's last transition. + // +optional + Message string `json:"message,omitempty"` + // ObservedGeneration represents the .metadata.generation that the + // condition was set based upon. For instance, if `.metadata.generation` is + // currently 12, but the `.status.conditions[].observedGeneration` is 9, the + // condition is out of date with respect to the current state of the + // instance. + ObservedGeneration int64 `json:"observedGeneration,omitempty"` +} + +type ConditionType string + +const ( + // Available indicates whether enough pods are ready to provide the + // service. + // The possible status values for this condition type are: + // - True: all pods are running and ready, the service is fully available. + // - Degraded: some pods aren't ready, the service is partially available. + // - False: no pods are running, the service is totally unavailable. + // - Unknown: the operator couldn't determine the condition status. + Available ConditionType = "Available" + // Reconciled indicates whether the operator has reconciled the state of + // the underlying resources with the object's spec. + // The possible status values for this condition type are: + // - True: the reconciliation was successful. + // - False: the reconciliation failed. + // - Unknown: the operator couldn't determine the condition status. + Reconciled ConditionType = "Reconciled" +) + +type ConditionStatus string + +const ( + ConditionTrue ConditionStatus = "True" + ConditionDegraded ConditionStatus = "Degraded" + ConditionFalse ConditionStatus = "False" + ConditionUnknown ConditionStatus = "Unknown" +) +``` + +Example of a Prometheus resource's status for which all pods are up and running: + +```yaml +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: prometheus + namespace: default +spec: + replicas: 2 + shards: 2 +status: +status: + availableReplicas: 4 + conditions: + - lastTransitionTime: "2024-09-10T14:24:26Z" + message: "" + observedGeneration: 4 + reason: "" + status: "True" + type: Available + - lastTransitionTime: "2024-09-10T14:24:26Z" + message: "" + observedGeneration: 4 + reason: "" + status: "True" + type: Reconciled + paused: false + replicas: 4 + selector: app.kubernetes.io/instance=prometheus,app.kubernetes.io/managed-by=prometheus-operator,app.kubernetes.io/name=prometheus,operator.prometheus.io/name=prometheus,prometheus=prometheus + shardStatuses: + - availableReplicas: 2 + replicas: 2 + shardID: "0" + unavailableReplicas: 0 + updatedReplicas: 2 + - availableReplicas: 2 + replicas: 2 + shardID: "1" + unavailableReplicas: 0 + updatedReplicas: 2 + shards: 2 + unavailableReplicas: 0 + updatedReplicas: 4 +``` + +Example of a Prometheus resource's status for which some pods are missing due to scheduling issues: + +```yaml +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: monitoring +spec: + replicas: 2 + shards: 2 +status: + availableReplicas: 2 + conditions: + - lastTransitionTime: "2024-09-10T14:31:29Z" + message: |- + shard 0: pod prometheus-prometheus-1: 0/1 nodes are available: 1 node(s) didn't match pod anti-affinity rules. preemption: 0/1 nodes are available: 1 No preemption victims found for incoming pod. + shard 1: pod prometheus-prometheus-shard-1-1: 0/1 nodes are available: 1 node(s) didn't match pod anti-affinity rules. preemption: 0/1 nodes are available: 1 No preemption victims found for incoming pod. + observedGeneration: 5 + reason: SomePodsNotReady + status: Degraded + type: Available + - lastTransitionTime: "2024-09-10T14:31:29Z" + message: "" + observedGeneration: 5 + reason: "" + status: "True" + type: Reconciled + paused: false + replicas: 4 + selector: app.kubernetes.io/instance=prometheus,app.kubernetes.io/managed-by=prometheus-operator,app.kubernetes.io/name=prometheus,operator.prometheus.io/name=prometheus,prometheus=prometheus + shardStatuses: + - availableReplicas: 1 + replicas: 2 + shardID: "0" + unavailableReplicas: 1 + updatedReplicas: 1 + - availableReplicas: 1 + replicas: 2 + shardID: "1" + unavailableReplicas: 1 + updatedReplicas: 1 + shards: 2 + unavailableReplicas: 2 + updatedReplicas: 2 +``` + +### Alertmanager + +The subresource status for the Alertmanager custom resource definition should +be very similar to the API defined for the Prometheus CRD. The main difference +is that we don't need the `shardStatuses` field. + +```golang +type AlertmanagerStatus struct { + // Represents whether any actions on the underlying managed objects are + // being performed. Only delete actions will be performed. + Paused bool `json:"paused"` + // Total number of non-terminated pods targeted by this Alertmanager + // object (their labels match the selector). + Replicas int32 `json:"replicas"` + // Total number of non-terminated pods targeted by this Alertmanager + // object that have the desired version spec. + UpdatedReplicas int32 `json:"updatedReplicas"` + // Total number of available pods (ready for at least minReadySeconds) + // targeted by this Alertmanager cluster. + AvailableReplicas int32 `json:"availableReplicas"` + // Total number of unavailable pods targeted by this Alertmanager object. + UnavailableReplicas int32 `json:"unavailableReplicas"` + // The selector used to match the pods targeted by this Alertmanager object. + Selector string `json:"selector,omitempty"` + // The current state of the Alertmanager object. + // +listType=map + // +listMapKey=type + // +optional + Conditions []Condition `json:"conditions,omitempty"` +} +``` + +### Thanos Ruler + +The subresource status for the Thanos Ruler custom resource definition is +identical to the Alertmanager CRD. + +```golang +type ThanosRulerStatus struct { + // Represents whether any actions on the underlying managed objects are + // being performed. Only delete actions will be performed. + Paused bool `json:"paused"` + // Total number of non-terminated pods targeted by this ThanosRuler deployment + // (their labels match the selector). + Replicas int32 `json:"replicas"` + // Total number of non-terminated pods targeted by this ThanosRuler deployment + // that have the desired version spec. + UpdatedReplicas int32 `json:"updatedReplicas"` + // Total number of available pods (ready for at least minReadySeconds) + // targeted by this ThanosRuler deployment. + AvailableReplicas int32 `json:"availableReplicas"` + // Total number of unavailable pods targeted by this ThanosRuler deployment. + UnavailableReplicas int32 `json:"unavailableReplicas"` + // The current state of the ThanosRuler object. + // +listType=map + // +listMapKey=type + // +optional + Conditions []Condition `json:"conditions,omitempty"` +} +``` + +## Alternatives + +N/A + +## Action Plan + +N/A diff --git a/Documentation/proposals/template.md b/Documentation/proposals/template.md new file mode 100644 index 00000000000..c48ec0282ac --- /dev/null +++ b/Documentation/proposals/template.md @@ -0,0 +1,79 @@ +## Your Proposal Title + +* **Owners:** + * `<@author: single champion for the moment of writing>` + +* **Related Tickets:** + * `` + +* **Other docs:** + * `` + +> TL;DR: Give a summary of what this document is proposing and what components it is touching. +> +> *For example: This design doc is proposing a consistent design template for “example.com” organization.* + +## Why + +Provide a motivation behind the change proposed by this design document, give context. + +*For example: It’s important to clearly explain the reasons behind certain design decisions in order to have a +consensus between team members, as well as external stakeholders. +Such a design document can also be used as a reference and for knowledge-sharing purposes. +That’s why we are proposing a consistent style of the design document that will be used for future designs.* + +### Pitfalls of the current solution + +What specific problems are we hitting with the current solution? Why is it not enough? + +*For example: We were missing a consistent design doc template, so each team/person was creating their own. +Because of inconsistencies, those documents were harder to understand, and it was easy to miss important sections. +This was causing certain engineering time to be wasted.* + +## Goals + +Goals and use cases for the solution as proposed in [How](#how): + +* Allow easy collaboration and decision making on design ideas. +* Have a consistent design style that is readable and understandable. +* Have a design style that is concise and covers all the essential information. + +### Audience + +If this is not clear already, provide the target audience for this change. + +## Non-Goals + +* Move old designs to the new format. +* Not doing X,Y,Z. + +## How + +Explain the full overview of the proposed solution. Some guidelines: + +* Make it concise and **simple**; put diagrams; be concrete, avoid using “really”, “amazing” and “great” (: +* How will you test and verify? +* How will you migrate users, without downtime. How do we solve incompatibilities? +* What open questions are left? (“Known unknowns”) + +## Alternatives + +This section should state potential alternatives. +Highlight the objections the reader should have towards your proposal as they read it. +Tell them why you still think you should take this path. + +1. This is why not solution Z... + +## Action Plan + +The tasks to do in order to migrate to the new idea. + +* [ ] Task one + + + +* [ ] Task two + + + + ... diff --git a/Documentation/rbac-crd.md b/Documentation/rbac-crd.md index cedf83be8a9..aeadea110da 100644 --- a/Documentation/rbac-crd.md +++ b/Documentation/rbac-crd.md @@ -1,5 +1,5 @@ --- -weight: 205 +weight: 206 toc: true title: RBAC for CRDs menu: diff --git a/Documentation/rbac.md b/Documentation/rbac.md index 542ce27b11c..ad35141f418 100644 --- a/Documentation/rbac.md +++ b/Documentation/rbac.md @@ -1,5 +1,5 @@ --- -weight: 204 +weight: 205 toc: true title: RBAC menu: @@ -26,7 +26,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.1 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator rules: - apiGroups: @@ -77,7 +77,6 @@ rules: resources: - services - services/finalizers - - endpoints verbs: - get - create @@ -119,6 +118,15 @@ rules: - storageclasses verbs: - get +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - create + - update + - delete ``` > Note: A cluster admin is required to create this `ClusterRole` and create a `ClusterRoleBinding` or `RoleBinding` to the `ServiceAccount` used by the Prometheus Operator `Pod`. The `ServiceAccount` used by the Prometheus Operator `Pod` can be specified in the `Deployment` object used to deploy it. @@ -169,6 +177,11 @@ rules: resources: - configmaps verbs: ["get"] +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: ["get", "list", "watch"] - apiGroups: - networking.k8s.io resources: @@ -194,7 +207,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.1 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator namespace: default ``` @@ -210,7 +223,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.1 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/Documentation/thanos.md b/Documentation/thanos.md index 766cc1856c2..b9d5f3977cd 100644 --- a/Documentation/thanos.md +++ b/Documentation/thanos.md @@ -1,5 +1,5 @@ --- -weight: 208 +weight: 204 toc: true title: Thanos menu: diff --git a/Documentation/troubleshooting.md b/Documentation/troubleshooting.md index bd8b8e77c14..77063908bef 100644 --- a/Documentation/troubleshooting.md +++ b/Documentation/troubleshooting.md @@ -1,5 +1,5 @@ --- -weight: 209 +weight: 211 toc: true title: Troubleshooting menu: @@ -82,6 +82,14 @@ Note: The `ServiceMonitor` references a `Service` (not a `Deployment`, or a `Pod kubectl -n monitoring get secret prometheus-k8s -ojson | jq -r '.data["prometheus.yaml.gz"]' | base64 -d | gunzip | grep "my-service-monitor" ``` +You can also use [port forwarding](https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/) to access the Prometheus web. + +```sh +kubectl -n monitoring port-forward svc/prometheus-operated 9090:9090 +``` + +If the command runs successfully, you should be able to access the [Prometheus server UI](http://localhost:9090/) via localhost. From there you can check the live configuration and the discovered targets. + #### It is in the configuration but not on the Service Discovery page ServiceMonitors pointing to Services that do not exist (e.g. nothing matching `.spec.selector`) will lead to this ServiceMonitor not being added to the Service Discovery page. Check if you can find any Service with the selector you configured. @@ -190,3 +198,64 @@ kubectl get pods --all-namespaces | grep 'prom.*operator' ``` Check the logs of the matching pods to see if they manage the same resource. + +### Configuring Prometheus/PrometheusAgent for Mimir and Grafana Cloud + +Mimir and Grafana Cloud can receive samples via Prometheus remote-write and are able to [deduplicate samples](https://grafana.com/docs/mimir/latest/configure/configure-high-availability-deduplication/) received from HA pairs of Prometheus/PrometheusAgent instances, provided that you configure proper labels. + +By default, the deduplication labels are: +* `cluster`, it identifies the HA pair and should have the same value for both instances. +* `__replica__`, it should have a different value for each instance. + +The Prometheus operator already configures the `prometheus_replica` external label with the same semantic as `__replica__` in Grafana Mimir. The label name can be changed to `__replica__` by setting the `.spec.replicaExternalLabelName` field. When running a self-managed Mimir, it's also possible to configure different deduplication labels on the Mimir side (check the Mimir documentation). + +When it's not possible to change the Prometheus replica external label, a simple solution is to leverage `writeRelabelConfigs`. Here is a full example: + +```yaml +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: example +spec: + podMonitorSelector: {} + ruleSelector: {} + serviceMonitorSelector: {} + externalLabels: + # Configure a `cluster` label identifying the HA pair. + cluster: my-awesome-cluster + remoteWrite: + - url: + writeRelabelConfigs: + # Rename the default `prometheus_replica` label to `__replica__` as expected by Grafana cloud. + # It happens in 2 steps: + # 1. Copy the `prometheus_replica` label value to the `__replica__` label. + - sourceLabels: [prometheus_replica] + targetLabel: __replica__ + # 2. Drop the `prometheus_replica` label. + - regex: prometheus_replica + action: LabelDrop + # Add more relabel configs here. +``` + +For Prometheus/Prometheus resources with multiple shards, there's another modification to be done since the `cluster` label needs to include the shard ID for proper deduplication. + +```yaml +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: example +spec: + podMonitorSelector: {} + ruleSelector: {} + serviceMonitorSelector: {} + externalLabels: + # The config-reloader container will expand the `$(SHARD) string with the actual shard ID. + cluster: my-awesome-cluster-$(SHARD) + remoteWrite: + - url: + writeRelabelConfigs: + - sourceLabels: [prometheus_replica] + targetLabel: __replica__ + - regex: prometheus_replica + action: LabelDrop +``` diff --git a/Documentation/user-guides/alerting.md b/Documentation/user-guides/alerting.md index 505c25df986..c2965b482f8 100644 --- a/Documentation/user-guides/alerting.md +++ b/Documentation/user-guides/alerting.md @@ -1,7 +1,7 @@ --- -weight: 152 +weight: 252 toc: true -title: Alerting +title: Alerting Routes menu: docs: parent: user-guides @@ -11,72 +11,31 @@ draft: false description: Alerting guide --- -This guide assumes that you have a basic understanding of the Prometheus -operator, and that you have already followed the [Getting Started]({{< ref -"getting-started" >}}) guide. +This guide assumes you already have a basic understanding of the Prometheus Operator and have gone through the [Getting Started]({{< ref "getting-started" >}}) guide. We’re also expecting you to know how to run an Alertmanager instance. -{{< alert icon="👉" text="Prometheus Operator requires use of Kubernetes v1.16.x and up."/>}} - -The Prometheus Operator introduces an `Alertmanager` resource, which allows -users to declaratively describe an Alertmanager cluster. To successfully deploy -an Alertmanager cluster, it is important to understand the contract between -Prometheus and Alertmanager. Alertmanager is used to: - -* Deduplicate alerts received from Prometheus. -* Silence alerts. -* Route and send grouped notifications to various integrations (PagerDuty, OpsGenie, mail, chat, ...). - -The Prometheus Operator also introduces an `AlertmanagerConfig` resource, which -allows users to declaratively describe Alertmanager configurations. - -> Note: The AlertmanagerConfig resource is currently v1alpha1, testing and feedback are welcome. +In this guide, we'll explore the various methods for managing Alertmanager configurations within your Kubernetes cluster. Prometheus' configuration also includes "rule files", which contain the [alerting rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/). -When an alerting rule triggers, it fires that alert against *all* Alertmanager -instances, on *every* rule evaluation interval. The Alertmanager instances +When an alerting rule is triggered, it fires that alert to ***all*** Alertmanager +instances, on ***every*** rule evaluation interval. The Alertmanager instances communicate to each other which notifications have already been sent out. For more information on this system design, see the [High Availability]({{< ref "high-availability" >}}) page. -## Pre-requisites - -You have a running Prometheus operator. - -## Deploying Alertmanager - -First, let's create a Alertmanager cluster with three replicas: - -```yaml mdox-exec="cat example/user-guides/alerting/alertmanager-example.yaml" -apiVersion: monitoring.coreos.com/v1 -kind: Alertmanager -metadata: - name: example -spec: - replicas: 3 -``` - -Wait for all Alertmanager pods to be ready: - -```bash -kubectl get pods -l alertmanager=example -w -``` - -## Managing Alertmanager configuration - By default, the Alertmanager instances will start with a minimal configuration which isn't really useful since it doesn't send any notification when receiving alerts. You have several options to provide the [Alertmanager configuration](https://prometheus.io/docs/alerting/configuration/): -1. You can use a native Alertmanager configuration file stored in a Kubernetes secret. -2. You can use `spec.alertmanagerConfiguration` to reference an - AlertmanagerConfig object in the same namespace which defines the main +1. Using a native Alertmanager configuration file stored in a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/). +2. using `spec.alertmanagerConfiguration` to reference an + `AlertmanagerConfig` object in the same namespace which defines the main Alertmanager configuration. -3. You can define `spec.alertmanagerConfigSelector` and +3. Using `spec.alertmanagerConfigSelector` and `spec.alertmanagerConfigNamespaceSelector` to tell the operator which - AlertmanagerConfigs objects should be selected and merged with the main + `AlertmanagerConfig` objects should be selected and merged with the main Alertmanager configuration. ### Using a Kubernetes Secret @@ -205,72 +164,6 @@ will be a global AlertmanagerConfig. When the operator generates the Alertmanager configuration from it, the namespace label will not be enforced for routes and inhibition rules. -## Exposing the Alertmanager service - -To access the Alertmanager interface, you have to expose the service to the outside. For -simplicity, we use a `NodePort` Service. - -```yaml mdox-exec="cat example/user-guides/alerting/alertmanager-example-service.yaml" -apiVersion: v1 -kind: Service -metadata: - name: alertmanager-example -spec: - type: NodePort - ports: - - name: web - nodePort: 30903 - port: 9093 - protocol: TCP - targetPort: web - selector: - alertmanager: example -``` - -Once the Service is created, the Alertmanager web server is available under the -node's IP address on port `30903`. - -> Note: Exposing the Alertmanager web server this way may not be an applicable solution. Read more about the possible options in the [Ingress guide](exposing-prometheus-and-alertmanager.md). - -## Integrating with Prometheus - -### Configuring Alertmanager in Prometheus - -This Alertmanager cluster is now fully functional and highly available, but no -alerts are fired against it. - -First, create a Prometheus instance that will send alerts to the Alertmanger cluster: - -```yaml mdox-exec="cat example/user-guides/alerting/prometheus-example.yaml" -apiVersion: monitoring.coreos.com/v1 -kind: Prometheus -metadata: - name: example -spec: - serviceAccountName: prometheus - replicas: 2 - alerting: - alertmanagers: - - namespace: default - name: alertmanager-example - port: web - serviceMonitorSelector: - matchLabels: - team: frontend - ruleSelector: - matchLabels: - role: alert-rules - prometheus: example -``` - -The `Prometheus` resource discovers all of the Alertmanager instances behind -the `Service` created before (pay attention to `name`, `namespace` and `port` -fields which should match with the definition of the Alertmanager Service). - -Open the Prometheus web interface, go to the "Status > Runtime & Build -Information" page and check that the Prometheus has discovered 3 Alertmanager -instances. - ### Deploying Prometheus Rules The `PrometheusRule` CRD allows to define alerting and recording rules. The diff --git a/Documentation/user-guides/getting-started.md b/Documentation/user-guides/getting-started.md index 11e69c7035d..5f3107b43cc 100644 --- a/Documentation/user-guides/getting-started.md +++ b/Documentation/user-guides/getting-started.md @@ -1,5 +1,5 @@ --- -weight: 151 +weight: 251 toc: true title: Getting Started menu: @@ -11,59 +11,23 @@ draft: false description: Getting started guide --- -The Prometheus Operator's goal is to make running Prometheus on top of Kubernetes -as easy as possible, while preserving Kubernetes-native configuration options. - -This guide will show you how to deploy the Prometheus operator, set up a -Prometheus instance, and configure metrics collection for a sample application. - -{{< alert icon="👉" text="Prometheus Operator requires use of Kubernetes v1.16.x and up."/>}} - -> Note: [Operators](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) -> were introduced by CoreOS as a class of software that operates other software, -> putting operational knowledge collected by humans into software. - -## Pre-requisites - -To follow this guide, you will need a Kubernetes cluster with admin permissions. - -## Installing the operator - -The first step is to install the operator's Custom Resource Definitions (CRDs) as well -as the operator itself with the required RBAC resources. - -Run the following commands to install the CRDs and deploy the operator in the `default` namespace: - -```bash -LATEST=$(curl -s https://api.github.com/repos/prometheus-operator/prometheus-operator/releases/latest | jq -cr .tag_name) -curl -sL https://github.com/prometheus-operator/prometheus-operator/releases/download/${LATEST}/bundle.yaml | kubectl create -f - -``` - -It can take a few minutes for the operator to be up and running. You can check for completion with the following command: - -```bash -kubectl wait --for=condition=Ready pods -l app.kubernetes.io/name=prometheus-operator -n default -``` - -The Prometheus Operator introduces custom resources in Kubernetes to declare -the desired state of a Prometheus and Alertmanager cluster as well as the -Prometheus configuration. For this guide, the resources of interest are: - -* `Prometheus` -* `ServiceMonitor` -* `PodMonitor` +This guide explains how to use `PodMonitor` and `ServiceMonitor` objects to monitor targets for a sample application. The `Prometheus` resource declaratively describes the desired state of a Prometheus deployment, while `ServiceMonitor` and `PodMonitor` resources describe the targets to be monitored by Prometheus. - +## Pre-requisites -![Prometheus Operator Architecture](/img/architecture.png) +Before you begin, ensure that you have: -> Note: Check the [Alerting guide]({{< ref "alerting" >}}) for more information about the `Alertmanager` resource. +* A Kubernetes cluster with [admin](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) permissions +* A running Prometheus Operator (refer to the [Installation]({{}}) page) +* A running Prometheus instance (refer to the [Platform Guide]({{}})) -> Note: Check the [Design page]({{< ref "design" >}}) for an overview of all resources introduced by the Prometheus Operator. + + +![Prometheus Operator Architecture](../img/service-and-podMonitor.svg) ## Deploying a sample application @@ -93,9 +57,9 @@ spec: containerPort: 8080 ``` -Let's expose the application with a Service object which selects all the Pods -with the `app` label having the `example-app` value. The Service object also -specifies the port on which the metrics are exposed. +## Using ServiceMonitors + +To monitor the application using a `ServiceMonitor`, we will begin by exposing the application with a Service object that selects all the Pods with the label `app` set to `example-app` and specify the port where the metrics are exposed. ```yaml mdox-exec="cat example/user-guides/getting-started/example-app-service.yaml" kind: Service @@ -112,7 +76,7 @@ spec: port: 8080 ``` -Finally we create a ServiceMonitor object which selects all Service objects +Finally, we create a `ServiceMonitor` object that selects all Service objects with the `app: example-app` label. The ServiceMonitor object also has a `team` label (in this case `team: frontend`) to identify which team is responsible for monitoring the application/service. @@ -132,78 +96,10 @@ spec: - port: web ``` -## Deploying Prometheus - -If -[RBAC](https://kubernetes.io/docs/reference/access-authn-authz/authorization/) -authorization is activated on your cluster, you must first create the RBAC rules -for the Prometheus service account beforehand. - -Apply the following manifests to create the service account and required ClusterRole/ClusterRoleBinding: - -```yaml mdox-exec="cat example/rbac/prometheus/prometheus-service-account.yaml" -apiVersion: v1 -kind: ServiceAccount -metadata: - name: prometheus -``` - -```yaml mdox-exec="cat example/rbac/prometheus/prometheus-cluster-role.yaml" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prometheus -rules: -- apiGroups: [""] - resources: - - nodes - - nodes/metrics - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - configmaps - verbs: ["get"] -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: ["get", "list", "watch"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -``` - -```yaml mdox-exec="cat example/rbac/prometheus/prometheus-cluster-role-binding.yaml" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prometheus -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus -subjects: -- kind: ServiceAccount - name: prometheus - namespace: default -``` - -For more information, see the [Prometheus Operator RBAC guide]({{< ref "rbac" >}}). - -The Prometheus custom resource defines the characteristics of the underlying -concrete StatefulSet (number of replicas, resource requests/limits , ...) as -well as which ServiceMonitors should be included with the +Similarly, the Prometheus object defines which ServiceMonitors get selected with the `spec.serviceMonitorSelector` field. -Previously, we have created the ServiceMonitor object with the `team: frontend` -label and here we define that the Prometheus object should select all -ServiceMonitors with the `team: frontend` label. This enables the frontend team -to create new ServiceMonitors and Services without having to reconfigure the -Prometheus object. - -```yaml mdox-exec="cat example/user-guides/getting-started/prometheus-service-monitor.yaml" +``` apiVersion: monitoring.coreos.com/v1 kind: Prometheus metadata: @@ -213,27 +109,11 @@ spec: serviceMonitorSelector: matchLabels: team: frontend - resources: - requests: - memory: 400Mi - enableAdminAPI: false ``` -To verify that the instance is up and running, run: - -```bash -kubectl get -n default prometheus prometheus -w -``` - -By default, Prometheus will only pick up ServiceMonitors from the current -namespace. To select ServiceMonitors from other namespaces, you can update the -`spec.serviceMonitorNamespaceSelector` field of the Prometheus resource. - ## Using PodMonitors -Instead of a ServiceMonitor, we can use a PodMonitor which doesn't require the -creation of a Kubernetes Service. In practice, the `spec.selector` label tells -Prometheus which Pods should be scraped. +While `ServiceMonitor` requires a `Service` object, `PodMonitor` can bypass the service and find targets based on Pod labels. The `spec.selector` field in the `PodMonitor` resource specifies which Pods Prometheus should scrape. ```yaml mdox-exec="cat example/user-guides/getting-started/example-app-pod-monitor.yaml" apiVersion: monitoring.coreos.com/v1 @@ -250,10 +130,10 @@ spec: - port: web ``` -Similarly the Prometheus object defines which PodMonitors get selected with the +Similarly, the Prometheus object defines which PodMonitors get selected with the `spec.podMonitorSelector` field. -```yaml mdox-exec="cat example/user-guides/getting-started/prometheus-pod-monitor.yaml" +``` apiVersion: monitoring.coreos.com/v1 kind: Prometheus metadata: @@ -263,71 +143,12 @@ spec: podMonitorSelector: matchLabels: team: frontend - resources: - requests: - memory: 400Mi - enableAdminAPI: false ``` -## Exposing the Prometheus service - -To access the Prometheus interface, you have to expose the service to the outside. For -simplicity, we use a `NodePort` Service. - -```yaml mdox-exec="cat example/user-guides/getting-started/prometheus-service.yaml" -apiVersion: v1 -kind: Service -metadata: - name: prometheus -spec: - type: NodePort - ports: - - name: web - nodePort: 30900 - port: 9090 - protocol: TCP - targetPort: web - selector: - prometheus: prometheus -``` - -Once the Service is created, the Prometheus web server is available under the -node's IP address on port `30900`. The Targets page in the web interface should -show that the instances of the example application have successfully been -discovered. - -> Note: Exposing the Prometheus web server this way may not be an applicable solution. Read more about the possible options in the [Ingress guide](exposing-prometheus-and-alertmanager.md). - -## Exposing the Prometheus Admin API - -Prometheus Admin API allows access to delete series for a certain time range, -cleanup tombstones, capture snapshots, etc. More information about the admin -API can be found in [Prometheus official -documentation](https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis) -This API access is disabled by default and can be toggled using this boolean -flag. The following example exposes the admin API: - -> WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, -> shutdown Prometheus, and more. Enabling this should be done with care and the -> user is advised to add additional authentication/authorization via a proxy to -> ensure only clients authorized to perform these actions can do so. - -```yaml mdox-exec="cat example/user-guides/getting-started/prometheus-admin-api.yaml" -apiVersion: monitoring.coreos.com/v1 -kind: Prometheus -metadata: - name: prometheus -spec: - serviceAccountName: prometheus - serviceMonitorSelector: - matchLabels: - team: frontend - resources: - requests: - memory: 400Mi - enableAdminAPI: true -``` +## What's Next -Next: +{{< +link-card title="ServiceMonitor" href="https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.ServiceMonitor" description="Check out the specifications to learn more about ServiceMonitor">}} -* [Alerting]({{< ref "alerting" >}}) describes using the Prometheus Operator to manage Alertmanager clusters. +{{< +link-card title="PodMonitor" href="https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.PodMonitor" description="Check out the specifications to learn more about PodMonitor">}} diff --git a/Documentation/user-guides/prometheus-agent.md b/Documentation/user-guides/prometheus-agent.md index c5b15ab007c..e58104cb67e 100644 --- a/Documentation/user-guides/prometheus-agent.md +++ b/Documentation/user-guides/prometheus-agent.md @@ -1,5 +1,5 @@ --- -weight: 153 +weight: 203 toc: true title: Prometheus Agent menu: @@ -26,7 +26,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.1 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator rules: - apiGroups: @@ -77,7 +77,6 @@ rules: resources: - services - services/finalizers - - endpoints verbs: - get - create @@ -119,6 +118,15 @@ rules: - storageclasses verbs: - get +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - create + - update + - delete ``` Similarly to Prometheus, Prometheus Agent will also require permission to scrape targets. Because of this, we will create a new service account for the Agent with the necessary permissions to scrape targets. @@ -187,4 +195,4 @@ spec: team: frontend ``` -Continue with the [Getting Started page]({{}}) to learn how to monitor applications running on Kubernetes. +Continue with the [Getting Started page]({{}}) to learn how to monitor applications running on Kubernetes. diff --git a/Documentation/user-guides/scrapeconfig.md b/Documentation/user-guides/scrapeconfig.md index 709c91f0196..4ab1fc3a17b 100644 --- a/Documentation/user-guides/scrapeconfig.md +++ b/Documentation/user-guides/scrapeconfig.md @@ -1,5 +1,5 @@ --- -weight: 154 +weight: 253 toc: true title: ScrapeConfig CRD menu: @@ -43,7 +43,7 @@ to generate scrape configurations. * `kubernetes_sd` * `consul_sd` -The following examples are basic and don't cover all the supported service discovery mechanisms. The CRD is constantly evolving, adding new features and support for new Service Discoveries. Check the [API documentation](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1alpha1.ScrapeConfig) to see all supported fields. +The following examples are basic and don't cover all the supported service discovery mechanisms. The CRD is constantly evolving, adding new features and support for new Service Discoveries. Check the [API documentation](https://prometheus-operator.dev/docs/developer/scrapeconfig/) to see all supported fields. If you have an interest in another service discovery mechanism or you see something missing in the implementation, please [open an issue](https://github.com/prometheus-operator/prometheus-operator/issues). diff --git a/Documentation/user-guides/storage.md b/Documentation/user-guides/storage.md index e6b0c11f43a..6918e4f45da 100644 --- a/Documentation/user-guides/storage.md +++ b/Documentation/user-guides/storage.md @@ -1,5 +1,5 @@ --- -weight: 206 +weight: 208 toc: true title: Storage menu: diff --git a/Documentation/user-guides/strategic-merge-patch.md b/Documentation/user-guides/strategic-merge-patch.md index 33688287206..0c9dbfb4a88 100644 --- a/Documentation/user-guides/strategic-merge-patch.md +++ b/Documentation/user-guides/strategic-merge-patch.md @@ -1,5 +1,5 @@ --- -weight: 207 +weight: 209 toc: true title: Strategic Merge Patch menu: diff --git a/Documentation/user-guides/webhook.md b/Documentation/user-guides/webhook.md index df9c0b4ef92..5b4bb918e11 100644 --- a/Documentation/user-guides/webhook.md +++ b/Documentation/user-guides/webhook.md @@ -1,5 +1,5 @@ --- -weight: 155 +weight: 202 toc: true title: Admission webhook menu: @@ -21,7 +21,7 @@ The admission webhook service is able to * Convert `AlertmanagerConfig` objects between `v1alpha1` and `v1beta1` versions. This guide assumes that you have already [deployed the Prometheus -Operator]({{< ref "getting-started" >}}) and that [admission controllers are +Operator]({{< ref "docs/developer/getting-started.md" >}}) and that [admission controllers are enabled](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#how-do-i-turn-on-an-admission-controller) on your cluster. @@ -86,7 +86,7 @@ kind: ServiceAccount metadata: labels: app.kubernetes.io/name: prometheus-operator-admission-webhook - app.kubernetes.io/version: 0.75.1 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator-admission-webhook namespace: default ``` @@ -97,7 +97,7 @@ kind: Deployment metadata: labels: app.kubernetes.io/name: prometheus-operator-admission-webhook - app.kubernetes.io/version: 0.75.1 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator-admission-webhook namespace: default spec: @@ -114,7 +114,7 @@ spec: kubectl.kubernetes.io/default-container: prometheus-operator-admission-webhook labels: app.kubernetes.io/name: prometheus-operator-admission-webhook - app.kubernetes.io/version: 0.75.1 + app.kubernetes.io/version: 0.78.2 spec: affinity: podAntiAffinity: @@ -131,7 +131,7 @@ spec: - --web.enable-tls=true - --web.cert-file=/etc/tls/private/tls.crt - --web.key-file=/etc/tls/private/tls.key - image: quay.io/prometheus-operator/admission-webhook:v0.75.1 + image: quay.io/prometheus-operator/admission-webhook:v0.78.2 name: prometheus-operator-admission-webhook ports: - containerPort: 8443 @@ -179,7 +179,7 @@ kind: Service metadata: labels: app.kubernetes.io/name: prometheus-operator-admission-webhook - app.kubernetes.io/version: 0.75.1 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator-admission-webhook namespace: default spec: diff --git a/LICENSE b/LICENSE index e06d2081865..74e6ec69639 100644 --- a/LICENSE +++ b/LICENSE @@ -176,7 +176,7 @@ Apache License END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. - + To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "{}" replaced with your own identifying information. (Don't include @@ -199,4 +199,3 @@ Apache License WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - diff --git a/MAINTAINERS.md b/MAINTAINERS.md index ed61f768984..311813933cf 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -7,7 +7,7 @@ | Paweł Krupa | paulfantom@gmail.com | `@paulfantom` | [@paulfantom](https://github.com/paulfantom) | AVSystem | | Simon Pasquier | pasquier.simon@gmail.com | `@SimonPasquier` | [@simonpasquier](https://github.com/simonpasquier) | Red Hat | | Kemal Akkoyun | kakkoyun@gmail.com | `@kakkoyun` | [@kakkoyun](https://github.com/kakkoyun) | Fal | -| Arthur Silva Sens | arthursens2005@gmail.com | `@Arthur Silva Sens` | [@ArthurSens](https://github.com/ArthurSens) | Coralogix | +| Arthur Silva Sens | arthursens2005@gmail.com | `@Arthur Silva Sens` | [@ArthurSens](https://github.com/ArthurSens) | Grafana | | Filip Petkovski | filip.petkovsky@gmail.com | `@fpetkovski` | [@fpetkovski](https://github.com/fpetkovski) | Red Hat | | Philip Gough | philip.p.gough@gmail.com | `@pgough` | [@PhilipGough](https://github.com/PhilipGough) | Red Hat | | Guillaume Hérail | github@xiu.io | `@xiu` | [@xiu](https://github.com/xiu) | Sony Interactive Entertainment | diff --git a/Makefile b/Makefile index 591b6bc3820..1add2e3d139 100644 --- a/Makefile +++ b/Makefile @@ -7,6 +7,11 @@ ifeq ($(GOARCH),arm) else ARCH=$(GOARCH) endif +# TODO remove GODEBUG=gotypesalias=0 +# fixed: https://tip.golang.org/doc/go1.23#gotypespkggotypes +GODEBUG := gotypesalias=0 + +CONTAINER_CLI ?= docker CONTAINER_CLI ?= docker @@ -16,6 +21,11 @@ IMAGE_RELOADER?=quay.io/prometheus-operator/prometheus-config-reloader IMAGE_WEBHOOK?=quay.io/prometheus-operator/admission-webhook TAG?=$(shell git rev-parse --short HEAD) VERSION?=$(shell cat VERSION | tr -d " \t\n\r") +GO_VERSION?=$(shell grep golang-version .github/env | sed "s/golang-version=//") + +CRD_OPTIONS ?= "crd:crdVersions=v1" + +KIND_CONTEXT ?= e2e KIND_CONTEXT ?= e2e @@ -47,7 +57,6 @@ MDOX_BINARY=$(TOOLS_BIN_DIR)/mdox API_DOC_GEN_BINARY=$(TOOLS_BIN_DIR)/gen-crd-api-reference-docs TOOLING=$(CONTROLLER_GEN_BINARY) $(GOBINDATA_BINARY) $(JB_BINARY) $(GOJSONTOYAML_BINARY) $(JSONNET_BINARY) $(JSONNETFMT_BINARY) $(SHELLCHECK_BINARY) $(PROMLINTER_BINARY) $(GOLANGCILINTER_BINARY) $(MDOX_BINARY) $(API_DOC_GEN_BINARY) - K8S_GEN_BINARIES:=informer-gen lister-gen client-gen applyconfiguration-gen K8S_GEN_ARGS:=--go-header-file $(shell pwd)/.header --v=1 --logtostderr @@ -68,6 +77,7 @@ else BUILD_BRANCH=$(GITHUB_REF:refs/heads/%=%) BUILD_REVISION=$(GITHUB_SHA) endif +GITHUB_TOKEN?= # The Prometheus common library import path PROMETHEUS_COMMON_PKG=github.com/prometheus/common @@ -133,14 +143,14 @@ k8s-client-gen: $(K8S_GEN_DEPS) rm -rf pkg/client/{versioned,informers,listers,applyconfiguration} @echo ">> generating pkg/client/applyconfiguration..." - $(APPLYCONFIGURATION_GEN_BINARY) \ + GODEBUG=$(GODEBUG) $(APPLYCONFIGURATION_GEN_BINARY) \ $(K8S_GEN_ARGS) \ --output-pkg "$(GO_PKG)/pkg/client/applyconfiguration" \ --output-dir "pkg/client/applyconfiguration" \ "$(GO_PKG)/pkg/apis/monitoring/v1" "$(GO_PKG)/pkg/apis/monitoring/v1alpha1" "$(GO_PKG)/pkg/apis/monitoring/v1beta1" @echo ">> generating pkg/client/versioned..." - $(CLIENT_GEN_BINARY) \ + GODEBUG=$(GODEBUG) $(CLIENT_GEN_BINARY) \ $(K8S_GEN_ARGS) \ --apply-configuration-package "$(GO_PKG)/pkg/client/applyconfiguration" \ --input-base "$(GO_PKG)/pkg/apis" \ @@ -152,14 +162,14 @@ k8s-client-gen: $(K8S_GEN_DEPS) --input monitoring/v1alpha1 @echo ">> generating pkg/client/listers..." - $(LISTER_GEN_BINARY) \ + GODEBUG=$(GODEBUG) $(LISTER_GEN_BINARY) \ $(K8S_GEN_ARGS) \ --output-pkg "$(GO_PKG)/pkg/client/listers" \ --output-dir "pkg/client/listers" \ "$(GO_PKG)/pkg/apis/monitoring/v1" "$(GO_PKG)/pkg/apis/monitoring/v1alpha1" "$(GO_PKG)/pkg/apis/monitoring/v1beta1" @echo ">> generating pkg/client/informers..." - $(INFORMER_GEN_BINARY) \ + GODEBUG=$(GODEBUG) $(INFORMER_GEN_BINARY) \ $(K8S_GEN_ARGS) \ --versioned-clientset-package "$(GO_PKG)/pkg/client/versioned" \ --listers-package "$(GO_PKG)/pkg/client/listers" \ @@ -170,29 +180,38 @@ k8s-client-gen: $(K8S_GEN_DEPS) .PHONY: k8s-gen k8s-gen: $(DEEPCOPY_TARGETS) k8s-client-gen +image-builder-version: .github/env + @echo $(GO_VERSION) + sed -i.bak "s/ARG GOLANG_BUILDER=.*/ARG GOLANG_BUILDER=$(GO_VERSION)/" \ + Dockerfile && rm Dockerfile.bak + sed -i.bak "s/ARG GOLANG_BUILDER=.*/ARG GOLANG_BUILDER=$(GO_VERSION)/" \ + cmd/prometheus-config-reloader/Dockerfile && rm cmd/prometheus-config-reloader/Dockerfile.bak + sed -i.bak "s/ARG GOLANG_BUILDER=.*/ARG GOLANG_BUILDER=$(GO_VERSION)/" \ + cmd/admission-webhook/Dockerfile && rm cmd/admission-webhook/Dockerfile.bak + .PHONY: image image: GOOS := linux # Overriding GOOS value for docker image build image: .hack-operator-image .hack-prometheus-config-reloader-image .hack-admission-webhook-image -.hack-operator-image: Dockerfile operator +.hack-operator-image: Dockerfile # Create empty target file, for the sole purpose of recording when this target # was last executed via the last-modification timestamp on the file. See # https://www.gnu.org/software/make/manual/make.html#Empty-Targets - $(CONTAINER_CLI) build --build-arg ARCH=$(ARCH) --build-arg OS=$(GOOS) -t $(IMAGE_OPERATOR):$(TAG) . + $(CONTAINER_CLI) build --build-arg ARCH=$(ARCH) --build-arg GOARCH=$(GOARCH) --build-arg OS=$(GOOS) -t $(IMAGE_OPERATOR):$(TAG) . touch $@ -.hack-prometheus-config-reloader-image: cmd/prometheus-config-reloader/Dockerfile prometheus-config-reloader +.hack-prometheus-config-reloader-image: cmd/prometheus-config-reloader/Dockerfile # Create empty target file, for the sole purpose of recording when this target # was last executed via the last-modification timestamp on the file. See # https://www.gnu.org/software/make/manual/make.html#Empty-Targets - $(CONTAINER_CLI) build --build-arg ARCH=$(ARCH) --build-arg OS=$(GOOS) -t $(IMAGE_RELOADER):$(TAG) -f cmd/prometheus-config-reloader/Dockerfile . + $(CONTAINER_CLI) build --build-arg ARCH=$(ARCH) --build-arg GOARCH=$(GOARCH) --build-arg OS=$(GOOS) -t $(IMAGE_RELOADER):$(TAG) -f cmd/prometheus-config-reloader/Dockerfile . touch $@ -.hack-admission-webhook-image: cmd/admission-webhook/Dockerfile admission-webhook +.hack-admission-webhook-image: cmd/admission-webhook/Dockerfile # Create empty target file, for the sole purpose of recording when this target # was last executed via the last-modification timestamp on the file. See # https://www.gnu.org/software/make/manual/make.html#Empty-Targets - $(CONTAINER_CLI) build --build-arg ARCH=$(ARCH) --build-arg OS=$(GOOS) -t $(IMAGE_WEBHOOK):$(TAG) -f cmd/admission-webhook/Dockerfile . + $(CONTAINER_CLI) build --build-arg ARCH=$(ARCH) --build-arg GOARCH=$(GOARCH) --build-arg OS=$(GOOS) -t $(IMAGE_WEBHOOK):$(TAG) -f cmd/admission-webhook/Dockerfile . touch $@ .PHONY: update-go-deps @@ -216,7 +235,7 @@ tidy: cd scripts && go mod tidy -v -modfile=go.mod -compat=1.18 .PHONY: generate -generate: k8s-gen generate-crds bundle.yaml example/mixin/alerts.yaml example/thanos/thanos.yaml example/admission-webhook example/alertmanager-crd-conversion generate-docs +generate: k8s-gen generate-crds bundle.yaml example/mixin/alerts.yaml example/thanos/thanos.yaml example/admission-webhook example/alertmanager-crd-conversion generate-docs image-builder-version # For now, the v1beta1 CRDs aren't part of the default bundle because they # require to deploy/run the conversion webhook. @@ -225,17 +244,20 @@ generate: k8s-gen generate-crds bundle.yaml example/mixin/alerts.yaml example/th # be used to patch the "default" jsonnet CRD. .PHONY: generate-crds generate-crds: $(CONTROLLER_GEN_BINARY) $(GOJSONTOYAML_BINARY) $(TYPES_V1_TARGET) $(TYPES_V1ALPHA1_TARGET) $(TYPES_V1BETA1_TARGET) - cd pkg/apis/monitoring && $(CONTROLLER_GEN_BINARY) crd:crdVersions=v1 paths=./v1/. paths=./v1alpha1/. output:crd:dir=$(PWD)/example/prometheus-operator-crd/ + cd pkg/apis/monitoring && $(CONTROLLER_GEN_BINARY) $(CRD_OPTIONS) paths=./v1/. paths=./v1alpha1/. output:crd:dir=$(PWD)/example/prometheus-operator-crd/ VERSION=$(VERSION) ./scripts/generate/append-operator-version.sh find example/prometheus-operator-crd/ -name '*.yaml' -print0 | xargs -0 -I{} sh -c '$(GOJSONTOYAML_BINARY) -yamltojson < "$$1" | jq > "$(PWD)/jsonnet/prometheus-operator/$$(basename $$1 | cut -d'_' -f2 | cut -d. -f1)-crd.json"' -- {} - cd pkg/apis/monitoring && $(CONTROLLER_GEN_BINARY) crd:crdVersions=v1 paths=./... output:crd:dir=$(PWD)/example/prometheus-operator-crd-full + cd pkg/apis/monitoring && $(CONTROLLER_GEN_BINARY) $(CRD_OPTIONS) paths=./... output:crd:dir=$(PWD)/example/prometheus-operator-crd-full echo "// Code generated using 'make generate-crds'. DO NOT EDIT." > $(PWD)/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet echo "{spec+: {versions+: $$($(GOJSONTOYAML_BINARY) -yamltojson < example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagerconfigs.yaml | jq '.spec.versions | map(select(.name == "v1beta1"))')}}" | $(JSONNETFMT_BINARY) - >> $(PWD)/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet .PHONY: generate-remote-write-certs generate-remote-write-certs: mkdir -p test/e2e/remote_write_certs && \ - (cd scripts && GOOS=$(OS) GOARCH=$(ARCH) go run -v ./certs/.) + (cd scripts && GOOS=$(OS) GOARCH=$(GOARCH) go run -v ./certs/.) + +.PHONY: generate-docs +generate-docs: $(shell find Documentation -type f) .PHONY: generate-docs generate-docs: $(shell find Documentation -type f) @@ -284,7 +306,7 @@ Documentation/compatibility.md: pkg/operator/defaults.go $(MDOX_BINARY) fmt $@ Documentation/api.md: $(TYPES_V1_TARGET) $(TYPES_V1ALPHA1_TARGET) $(TYPES_V1BETA1_TARGET) - $(API_DOC_GEN_BINARY) -api-dir "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/" -config "$(PWD)/scripts/docs/config.json" -template-dir "$(PWD)/scripts/docs/templates" -out-file "$(PWD)/Documentation/api.md" + GODEBUG=$(GODEBUG) $(API_DOC_GEN_BINARY) -api-dir "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/" -config "$(PWD)/scripts/docs/config.json" -template-dir "$(PWD)/scripts/docs/templates" -out-file "$(PWD)/Documentation/api.md" ############## # Formatting # @@ -327,12 +349,12 @@ MD_FILES_TO_FORMAT=$(filter-out $(FULLY_GENERATED_DOCS), $(shell find Documentat .PHONY: docs docs: $(MDOX_BINARY) @echo ">> formatting and local/remote link check" - $(MDOX_BINARY) fmt --soft-wraps -l --links.localize.address-regex="https://prometheus-operator.dev/.*" --links.validate.config-file=$(MDOX_VALIDATE_CONFIG) $(MD_FILES_TO_FORMAT) + GITHUB_TOKEN=$(GITHUB_TOKEN) $(MDOX_BINARY) fmt --soft-wraps -l --links.localize.address-regex="https://prometheus-operator.dev/.*" --links.validate.config-file=$(MDOX_VALIDATE_CONFIG) $(MD_FILES_TO_FORMAT) .PHONY: check-docs check-docs: $(MDOX_BINARY) @echo ">> checking formatting and local/remote links" - $(MDOX_BINARY) fmt --soft-wraps --check -l --links.localize.address-regex="https://prometheus-operator.dev/.*" --links.validate.config-file=$(MDOX_VALIDATE_CONFIG) $(MD_FILES_TO_FORMAT) + GITHUB_TOKEN=$(GITHUB_TOKEN) $(MDOX_BINARY) fmt --soft-wraps --check -l --links.localize.address-regex="https://prometheus-operator.dev/.*" --links.validate.config-file=$(MDOX_VALIDATE_CONFIG) $(MD_FILES_TO_FORMAT) ########### # Testing # @@ -366,37 +388,41 @@ test-e2e: test/instrumented-sample-app/certs/cert.pem test/instrumented-sample-a .PHONY: test-e2e-alertmanager test-e2e-alertmanager: - EXCLUDE_PROMETHEUS_TESTS=exclude EXCLUDE_PROMETHEUS_ALL_NS_TESTS=exclude EXCLUDE_THANOSRULER_TESTS=exclude EXCLUDE_OPERATOR_UPGRADE_TESTS=exclude EXCLUDE_FEATURE_GATED_TESTS=exclude EXCLUDE_PROMETHEUS_UPGRADE_TESTS=exclude $(MAKE) test-e2e + EXCLUDE_ALERTMANAGER_TESTS= EXCLUDE_PROMETHEUS_TESTS=exclude EXCLUDE_PROMETHEUS_ALL_NS_TESTS=exclude EXCLUDE_THANOSRULER_TESTS=exclude EXCLUDE_OPERATOR_UPGRADE_TESTS=exclude EXCLUDE_FEATURE_GATED_TESTS=exclude EXCLUDE_PROMETHEUS_UPGRADE_TESTS=exclude $(MAKE) test-e2e .PHONY: test-e2e-prometheus test-e2e-prometheus: - EXCLUDE_ALERTMANAGER_TESTS=exclude EXCLUDE_PROMETHEUS_ALL_NS_TESTS=exclude EXCLUDE_THANOSRULER_TESTS=exclude EXCLUDE_OPERATOR_UPGRADE_TESTS=exclude EXCLUDE_FEATURE_GATED_TESTS=exclude EXCLUDE_PROMETHEUS_UPGRADE_TESTS=exclude $(MAKE) test-e2e + EXCLUDE_ALERTMANAGER_TESTS=exclude EXCLUDE_PROMETHEUS_TESTS= EXCLUDE_PROMETHEUS_ALL_NS_TESTS=exclude EXCLUDE_THANOSRULER_TESTS=exclude EXCLUDE_OPERATOR_UPGRADE_TESTS=exclude EXCLUDE_FEATURE_GATED_TESTS=exclude EXCLUDE_PROMETHEUS_UPGRADE_TESTS=exclude $(MAKE) test-e2e .PHONY: test-e2e-prometheus-all-namespaces test-e2e-prometheus-all-namespaces: - EXCLUDE_ALERTMANAGER_TESTS=exclude EXCLUDE_PROMETHEUS_TESTS=exclude EXCLUDE_THANOSRULER_TESTS=exclude EXCLUDE_OPERATOR_UPGRADE_TESTS=exclude EXCLUDE_FEATURE_GATED_TESTS=exclude EXCLUDE_PROMETHEUS_UPGRADE_TESTS=exclude $(MAKE) test-e2e + EXCLUDE_ALERTMANAGER_TESTS=exclude EXCLUDE_PROMETHEUS_TESTS=exclude EXCLUDE_PROMETHEUS_ALL_NS_TESTS= EXCLUDE_THANOSRULER_TESTS=exclude EXCLUDE_OPERATOR_UPGRADE_TESTS=exclude EXCLUDE_FEATURE_GATED_TESTS=exclude EXCLUDE_PROMETHEUS_UPGRADE_TESTS=exclude $(MAKE) test-e2e .PHONY: test-e2e-thanos-ruler test-e2e-thanos-ruler: - EXCLUDE_ALERTMANAGER_TESTS=exclude EXCLUDE_PROMETHEUS_TESTS=exclude EXCLUDE_PROMETHEUS_ALL_NS_TESTS=exclude EXCLUDE_OPERATOR_UPGRADE_TESTS=exclude EXCLUDE_FEATURE_GATED_TESTS=exclude EXCLUDE_PROMETHEUS_UPGRADE_TESTS=exclude $(MAKE) test-e2e + EXCLUDE_ALERTMANAGER_TESTS=exclude EXCLUDE_PROMETHEUS_TESTS=exclude EXCLUDE_PROMETHEUS_ALL_NS_TESTS=exclude EXCLUDE_THANOSRULER_TESTS= EXCLUDE_OPERATOR_UPGRADE_TESTS=exclude EXCLUDE_FEATURE_GATED_TESTS=exclude EXCLUDE_PROMETHEUS_UPGRADE_TESTS=exclude $(MAKE) test-e2e .PHONY: test-e2e-operator-upgrade test-e2e-operator-upgrade: - EXCLUDE_ALERTMANAGER_TESTS=exclude EXCLUDE_PROMETHEUS_TESTS=exclude EXCLUDE_PROMETHEUS_ALL_NS_TESTS=exclude EXCLUDE_THANOSRULER_TESTS=exclude EXCLUDE_FEATURE_GATED_TESTS=exclude EXCLUDE_PROMETHEUS_UPGRADE_TESTS=exclude $(MAKE) test-e2e + EXCLUDE_ALERTMANAGER_TESTS=exclude EXCLUDE_PROMETHEUS_TESTS=exclude EXCLUDE_PROMETHEUS_ALL_NS_TESTS=exclude EXCLUDE_THANOSRULER_TESTS=exclude EXCLUDE_OPERATOR_UPGRADE_TESTS= EXCLUDE_FEATURE_GATED_TESTS=exclude EXCLUDE_PROMETHEUS_UPGRADE_TESTS=exclude $(MAKE) test-e2e .PHONY: test-e2e-prometheus-upgrade test-e2e-prometheus-upgrade: - EXCLUDE_ALERTMANAGER_TESTS=exclude EXCLUDE_PROMETHEUS_TESTS=exclude EXCLUDE_PROMETHEUS_ALL_NS_TESTS=exclude EXCLUDE_THANOSRULER_TESTS=exclude EXCLUDE_FEATURE_GATED_TESTS=exclude EXCLUDE_OPERATOR_UPGRADE_TESTS=exclude $(MAKE) test-e2e + EXCLUDE_ALERTMANAGER_TESTS=exclude EXCLUDE_PROMETHEUS_TESTS=exclude EXCLUDE_PROMETHEUS_ALL_NS_TESTS=exclude EXCLUDE_THANOSRULER_TESTS=exclude EXCLUDE_OPERATOR_UPGRADE_TESTS=exclude EXCLUDE_FEATURE_GATED_TESTS=exclude EXCLUDE_PROMETHEUS_UPGRADE_TESTS= $(MAKE) test-e2e + +.PHONY: test-e2e-feature-gates +test-e2e-feature-gates: + EXCLUDE_ALERTMANAGER_TESTS=exclude EXCLUDE_PROMETHEUS_TESTS=exclude EXCLUDE_PROMETHEUS_ALL_NS_TESTS=exclude EXCLUDE_THANOSRULER_TESTS=exclude EXCLUDE_OPERATOR_UPGRADE_TESTS=exclude EXCLUDE_FEATURE_GATED_TESTS= EXCLUDE_PROMETHEUS_UPGRADE_TESTS=exclude $(MAKE) test-e2e .PHONY: test-e2e-images test-e2e-images: image ifeq (podman, $(CONTAINER_CLI)) - podman save --quiet -o tmp/$(IMAGE_OPERATOR).tar -n $(KIND_CONTEXT) $(KIND_CONTEXT) $(IMAGE_OPERATOR):$(TAG) - podman save --quiet -o tmp/$(IMAGE_RELOADER).tar -n $(KIND_CONTEXT) $(IMAGE_RELOADER):$(TAG) - podman save --quiet -o tmp/$(IMAGE_WEBHOOK).tar -n $(KIND_CONTEXT) $(IMAGE_WEBHOOK):$(TAG) - kind load image-archive -n $(KIND_CONTEXT) tmp/$(IMAGE_OPERATOR).tar - kind load image-archive -n $(KIND_CONTEXT) tmp/$(IMAGE_RELOADER).tar - kind load image-archive -n $(KIND_CONTEXT) tmp/$(IMAGE_WEBHOOK).tar + podman save --quiet -o tmp/prometheus-operator.tar $(IMAGE_OPERATOR):$(TAG) + podman save --quiet -o tmp/prometheus-config-reloader.tar $(IMAGE_RELOADER):$(TAG) + podman save --quiet -o tmp/admission-webhook.tar $(IMAGE_WEBHOOK):$(TAG) + kind load image-archive -n $(KIND_CONTEXT) tmp/prometheus-operator.tar + kind load image-archive -n $(KIND_CONTEXT) tmp/prometheus-config-reloader.tar + kind load image-archive -n $(KIND_CONTEXT) tmp/admission-webhook.tar else kind load docker-image -n $(KIND_CONTEXT) $(IMAGE_OPERATOR):$(TAG) kind load docker-image -n $(KIND_CONTEXT) $(IMAGE_RELOADER):$(TAG) diff --git a/README.md b/README.md index 0ea9f70f2b9..ead6e781f7c 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ The operator in itself is considered to be production ready. Please refer to the * `monitoring.coreos.com/v1beta1`: **unstable** CRDs and API, changes can happen but the team is focused on avoiding them. We encourage usage in production for users that accept the risk of breaking changes. * `monitoring.coreos.com/v1alpha1`: **unstable** CRDs and API, changes can happen frequently, and we suggest avoiding its usage on mission-critical environments. -## Prometheus Operator vs. kube-prometheus vs. community helm chart +## Prometheus Operator vs. kube-prometheus vs. community Helm chart ### Prometheus Operator @@ -44,20 +44,18 @@ stack based on Prometheus and the Prometheus Operator. This includes deployment metrics exporters such as the node_exporter for gathering node metrics, scrape target configuration linking Prometheus to various metrics endpoints, and example alerting rules for notification of potential issues in the cluster. -### helm chart +### Helm chart The [prometheus-community/kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) -helm chart provides a similar feature set to kube-prometheus. This chart is maintained by the Prometheus community. +Helm chart provides a similar feature set to kube-prometheus. This chart is maintained by the Prometheus community. For more information, please see the [chart's readme](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#kube-prometheus-stack) ## Prerequisites -Version `>=0.39.0` of the Prometheus Operator requires a Kubernetes -cluster of version `>=1.16.0`. If you are just starting out with the -Prometheus Operator, it is highly recommended to use the latest version. - -If you have an older version of Kubernetes and the Prometheus Operator running, -we recommend upgrading Kubernetes first and then the Prometheus Operator. +The Prometheus Operator requires at least Kubernetes version `1.16.0`. If you +are just starting out with the Prometheus Operator, it is highly recommended to +use the latest [stable +release](https://github.com/prometheus-operator/prometheus-operator/releases/latest). ## CustomResourceDefinitions @@ -95,7 +93,7 @@ The Prometheus operator automatically detects changes in the Kubernetes API serv matching deployments and configurations are kept in sync. To learn more about the CRDs introduced by the Prometheus Operator have a look -at the [design](https://prometheus-operator.dev/docs/operator/design/) page. +at the [design](https://prometheus-operator.dev/docs/getting-started/design/) page. ## Dynamic Admission Control @@ -103,7 +101,7 @@ To prevent invalid Prometheus alerting and recording rules from causing failures an [admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) is provided to validate `PrometheusRule` resources upon initial creation or update. -For more information on this feature, see the [user guide](https://prometheus-operator.dev/docs/user-guides/webhook/). +For more information on this feature, see the [user guide](https://prometheus-operator.dev/docs/platform/webhook/). ## Quickstart @@ -111,12 +109,18 @@ For more information on this feature, see the [user guide](https://prometheus-op see the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project. If you want the whole stack, but have already applied the `bundle.yaml`, delete the bundle first (`kubectl delete -f bundle.yaml`). -To quickly try out *just* the Prometheus Operator inside a cluster, **choose a release** and run the following command: +To quickly try out *just* the Prometheus Operator inside a cluster, **choose a release** and run the following command which deploys the operator in the `default` namespace: ```sh kubectl create -f bundle.yaml ``` +If you want to deploy the Prometheus operator in a different namespace, you also need `kustomize`: + +```sh +NAMESPACE=my_namespace kustomize edit set namespace $NAMESPACE && kubectl create -k . +``` + > Note: make sure to adapt the namespace in the ClusterRoleBinding if deploying in a namespace other than the default namespace. To run the Operator outside of a cluster: @@ -156,7 +160,9 @@ kubectl delete --ignore-not-found customresourcedefinitions \ servicemonitors.monitoring.coreos.com \ podmonitors.monitoring.coreos.com \ alertmanagers.monitoring.coreos.com \ - prometheusrules.monitoring.coreos.com + prometheusrules.monitoring.coreos.com \ + alertmanagerconfigs.monitoring.coreos.com \ + scrapeconfigs.monitoring.coreos.com ``` ## Testing diff --git a/RELEASE.md b/RELEASE.md index ad783e78cc3..e7218aadc42 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,3 +1,15 @@ +--- +weight: 506 +toc: true +title: Release +menu: + docs: + parent: community +lead: "" +images: [] +draft: false +--- + # Release schedule Following [Prometheus](https://github.com/prometheus/prometheus/blob/main/RELEASE.md) and [Thanos](https://github.com/thanos-io/thanos/blob/main/docs/release-process.md), this project aims for a predictable release schedule. @@ -6,8 +18,10 @@ The release cycle for cutting releases is every 6 weeks | Release | Date of release (year-month-day) | Release shepherd | |---------|----------------------------------|-------------------------------------------| -| v0.78 | 2024-10-30 | **searching for volunteer** | -| v0.77 | 2024-09-18 | **searching for volunteer** | +| v0.80 | 2025-01-22 | **searching for volunteer** | +| v0.79 | 2024-12-11 | **searching for volunteer** | +| v0.78 | 2024-10-30 | Simon Pasquier (GitHub: @simonpasquier) | +| v0.77 | 2024-09-18 | Jayapriya Pai (Github: @slashpai) | | v0.76 | 2024-08-07 | Nicolas Takashi (Github: @nicolastakashi) | | v0.75 | 2024-06-26 | Jayapriya Pai (Github: @slashpai) | | v0.74 | 2024-05-15 | Simon Pasquier (GitHub: @simonpasquier) | diff --git a/TESTING.md b/TESTING.md index 895982bb67c..ee6bbe326b7 100644 --- a/TESTING.md +++ b/TESTING.md @@ -1,3 +1,15 @@ +--- +weight: 502 +toc: true +title: Testing +menu: + docs: + parent: community +lead: "" +images: [] +draft: false +--- + When contributing code to Prometheus-Operator, you'll notice that every Pull Request will run against an extensive test suite. Among an extensive list of benefits that tests brings to the Project's overall health and reliability, it can be the reviewer's and contributors's best friend during development: * Test cases serve as documentation, providing insights into the expected behavior of the software. @@ -62,7 +74,7 @@ To run e2e-tests locally, first start a Kubernetes cluster. We recommend [KinD]( For manual testing, you can use the utility script [scripts/run-external.sh](scripts/run-external.sh), it will check all the requirements and run your local version of the Prometheus Operator on your Kind cluster: -``` +```shell ./scripts/run-external.sh -c ``` @@ -73,7 +85,7 @@ For manual testing, you can use the utility script [scripts/run-external.sh](scr Before running automated end-to-end tests, you need run the following command to make images and load it in your local cluster: ```shell -KIND_CONTEXT=e2e make test-e2e-image +KIND_CONTEXT=e2e make test-e2e-images ``` #### Using podman with Kind @@ -87,14 +99,14 @@ podman machine init --cpus=4 --memory=8192 --rootful --now Before running automated end-to-end tests, you need run the following command to make images and load it in your local cluster: ```shell -CONTAINER_CLI=podman KIND_CONTEXT=e2e make test-e2e-image +CONTAINER_CLI=podman KIND_CONTEXT=e2e make test-e2e-images ``` ### Running the automated E2E Tests To run the automated end-to-end tests, run the following command: -``` +```shell make test-e2e ``` @@ -116,6 +128,7 @@ The following Makefile targets can run specific end-to-end tests: * `make test-e2e-prometheus-all-namespaces` - Will run regular Prometheus tests. * `make test-e2e-operator-upgrade` - Will validate that a monitoring stack managed by the previous version of Prometheus-Operator will continue to work after an upgrade to the current version. * `make test-e2e-prometheus-upgrade` - Will validate that a series of Prometheus versions can be sequentially upgraded. +* `make test-e2e-feature-gates` - Will validate the features behind a gate. ### Running only one end-to-end test diff --git a/VERSION b/VERSION index be0e1ece7f5..e11834a10db 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.75.2 +0.78.2 diff --git a/bundle.yaml b/bundle.yaml index 49c3132230f..9cf6ddbd90d 100644 --- a/bundle.yaml +++ b/bundle.yaml @@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -45,9 +45,12 @@ spec: type: object spec: description: |- - AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. - By definition, the Alertmanager configuration only applies to alerts for which - the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. + AlertmanagerConfigSpec is a specification of the desired behavior of the + Alertmanager configuration. + By default, the Alertmanager configuration only applies to alerts for which + the `namespace` label is equal to the namespace of the AlertmanagerConfig + resource (see the `.spec.alertmanagerConfigMatcherStrategy` field of the + Alertmanager CRD). properties: inhibitRules: description: |- @@ -212,6 +215,8 @@ spec: type: array type: object type: array + required: + - name type: object type: array receivers: @@ -243,9 +248,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -279,9 +282,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -295,10 +296,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -323,9 +322,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -351,9 +348,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -382,9 +377,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -398,6 +391,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -421,9 +422,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -449,9 +448,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -478,9 +475,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -497,12 +492,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -513,8 +734,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -537,9 +807,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -565,9 +833,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -596,9 +862,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -624,9 +888,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -655,9 +917,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -667,6 +927,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -711,9 +993,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -740,9 +1020,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -819,9 +1097,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -846,9 +1122,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -877,9 +1151,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -904,9 +1176,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -935,9 +1205,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -947,6 +1215,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -989,9 +1279,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1005,10 +1293,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1033,9 +1319,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1061,9 +1345,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1092,9 +1374,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1108,6 +1388,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -1131,9 +1419,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1159,9 +1445,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1188,9 +1472,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1207,12 +1489,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -1223,8 +1731,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -1247,9 +1804,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1275,9 +1830,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1306,9 +1859,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1334,9 +1885,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1365,9 +1914,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1377,6 +1924,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -1411,9 +1980,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1460,9 +2027,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1524,9 +2089,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1540,10 +2103,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1568,9 +2129,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1596,9 +2155,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1627,9 +2184,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1643,6 +2198,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -1666,9 +2229,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1694,9 +2255,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1723,9 +2282,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1742,12 +2299,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -1758,8 +2541,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -1782,9 +2614,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1810,9 +2640,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1841,9 +2669,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1869,9 +2695,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1900,9 +2724,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1912,6 +2734,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -2037,9 +2881,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2053,10 +2895,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -2081,9 +2921,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2109,9 +2947,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2140,9 +2976,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -2156,6 +2990,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -2179,9 +3021,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2207,9 +3047,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2236,9 +3074,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2255,12 +3091,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -2271,8 +3333,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -2295,9 +3406,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2323,9 +3432,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2354,9 +3461,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2382,9 +3487,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2413,9 +3516,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2425,6 +3526,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -2486,9 +3609,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2520,9 +3641,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2588,9 +3707,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2604,10 +3721,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -2632,9 +3747,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2660,9 +3773,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2691,9 +3802,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -2707,6 +3816,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -2730,9 +3847,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2758,9 +3873,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2787,9 +3900,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2806,12 +3917,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -2822,8 +4159,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -2846,9 +4232,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2874,9 +4258,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2905,9 +4287,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2933,9 +4313,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2964,9 +4342,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2976,6 +4352,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -3023,9 +4421,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3071,9 +4467,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3164,9 +4558,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3235,9 +4627,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3251,10 +4641,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -3279,9 +4667,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3307,9 +4693,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3338,9 +4722,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -3354,6 +4736,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -3377,9 +4767,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3405,9 +4793,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3434,9 +4820,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3453,12 +4837,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -3469,8 +5079,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -3493,9 +5152,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3521,9 +5178,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3552,9 +5207,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3580,9 +5233,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3611,9 +5262,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3623,6 +5272,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -3701,9 +5372,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3717,10 +5386,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -3745,9 +5412,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3773,9 +5438,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3804,9 +5467,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -3820,6 +5481,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -3843,9 +5512,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3871,9 +5538,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3900,9 +5565,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3919,12 +5582,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -3935,8 +5824,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -3959,9 +5897,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3987,9 +5923,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4018,9 +5952,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4046,9 +5978,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4077,9 +6007,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4089,6 +6017,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -4126,9 +6076,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4166,9 +6114,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4213,7 +6159,6 @@ spec: The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - Either `botToken` or `botTokenFile` is required. properties: key: @@ -4227,9 +6172,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4244,7 +6187,6 @@ spec: File to read the Telegram bot token from. It is mutually exclusive with `botToken`. Either `botToken` or `botTokenFile` is required. - It requires Alertmanager >= v0.26.0. type: string chatID: @@ -4278,9 +6220,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4294,10 +6234,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -4322,9 +6260,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4350,9 +6286,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4381,9 +6315,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4397,6 +6329,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -4420,9 +6360,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4448,9 +6386,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4477,9 +6413,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4496,12 +6430,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -4512,8 +6672,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -4536,9 +6745,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4564,9 +6771,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4595,9 +6800,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4623,9 +6826,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4654,9 +6855,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4666,6 +6865,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -4685,6 +6906,8 @@ spec: sendResolved: description: Whether to notify about resolved alerts. type: boolean + required: + - chatID type: object type: array victoropsConfigs: @@ -4711,9 +6934,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4770,9 +6991,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4786,10 +7005,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -4814,9 +7031,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4842,9 +7057,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4873,9 +7086,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4889,6 +7100,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -4912,9 +7131,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4940,9 +7157,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4969,9 +7184,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4988,12 +7201,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5004,8 +7443,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -5028,9 +7516,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5056,9 +7542,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5087,9 +7571,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5115,9 +7597,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5146,9 +7626,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5158,6 +7636,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -5223,9 +7723,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5239,10 +7737,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -5267,9 +7763,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5295,9 +7789,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5326,9 +7818,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -5342,6 +7832,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -5365,9 +7863,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5393,9 +7889,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5422,9 +7916,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5441,12 +7933,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5457,8 +8175,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -5481,9 +8248,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5509,9 +8274,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5540,9 +8303,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5568,9 +8329,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5599,9 +8358,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5611,6 +8368,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -5663,9 +8442,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5679,10 +8456,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -5707,9 +8482,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5735,9 +8508,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5766,9 +8537,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -5782,6 +8551,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -5805,9 +8582,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5833,9 +8608,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5862,9 +8635,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5881,12 +8652,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5897,8 +8894,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -5921,9 +8967,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5949,9 +8993,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5980,9 +9022,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6008,9 +9048,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6039,9 +9077,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6051,6 +9087,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -6090,9 +9148,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6130,9 +9186,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6172,9 +9226,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6188,10 +9240,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -6216,9 +9266,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6244,9 +9292,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6275,9 +9321,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -6291,6 +9335,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -6314,9 +9366,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6342,9 +9392,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6371,9 +9419,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6390,12 +9436,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -6406,8 +9678,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -6430,9 +9751,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6458,9 +9777,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6489,9 +9806,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6517,9 +9832,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6548,9 +9861,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6560,6 +9871,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -6702,8 +10035,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -6748,7 +10081,12 @@ spec: name: v1 schema: openAPIV3Schema: - description: Alertmanager describes an Alertmanager cluster. + description: |- + The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more. + + For each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode. + + The resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances. properties: apiVersion: description: |- @@ -7062,7 +10400,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7077,7 +10415,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7243,7 +10581,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7258,7 +10596,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7421,7 +10759,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7436,7 +10774,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7602,7 +10940,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7617,7 +10955,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7700,15 +11038,17 @@ spec: type: object alertmanagerConfigMatcherStrategy: description: |- - The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. - In the future more options may be added. + AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects + process incoming alerts. properties: type: default: OnNamespace description: |- - If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules. - `None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig. - Default is `OnNamespace`. + AlertmanagerConfigMatcherStrategyType defines the strategy used by + AlertmanagerConfig objects to match alerts in the routes and inhibition + rules. + + The default value is `OnNamespace`. enum: - OnNamespace - None @@ -7813,10 +11153,8 @@ spec: description: |- alertmanagerConfiguration specifies the configuration of Alertmanager. - If defined, it takes precedence over the `configSecret` field. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -7847,9 +11185,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -7863,10 +11199,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -7891,9 +11225,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -7919,9 +11251,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -7950,9 +11280,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7966,6 +11294,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -7989,9 +11325,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8016,9 +11350,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8045,9 +11377,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -8064,61 +11394,19 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used - for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch - the token from.' - minLength: 1 + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. properties: key: description: The key of the secret to select @@ -8131,9 +11419,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8143,40 +11429,152 @@ spec: - key type: object x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object - cert: - description: Client certificate to present when doing - client-authentication. + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used + for the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. properties: - configMap: - description: ConfigMap containing data to use - for the targets. + ca: + description: Certificate authority used when verifying + server certificates. properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. properties: key: description: The key of the secret to select @@ -8189,9 +11587,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8201,13 +11597,48 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the + targets. + type: string type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file - for the targets. + tokenUrl: + description: '`tokenURL` configures the URL to fetch + the token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a + Secret. properties: key: description: The key of the secret to select from. Must @@ -8220,9 +11651,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -8232,6 +11661,186 @@ spec: - key type: object x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file + for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -8251,9 +11860,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -8277,9 +11884,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -8313,9 +11918,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -8345,9 +11948,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8371,9 +11972,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8446,9 +12045,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -8472,9 +12069,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -8535,13 +12130,11 @@ spec: Alertmanager object, which contains the configuration for this Alertmanager instance. If empty, it defaults to `alertmanager-`. - The Alertmanager configuration should be available under the `alertmanager.yaml` key. Additional keys from the original secret are copied to the generated secret and mounted into the `/etc/alertmanager/config` directory in the `alertmanager` container. - If either the secret or the `alertmanager.yaml` key is missing, the operator provisions a minimal Alertmanager configuration with one empty receiver (effectively dropping alert notifications). @@ -8629,9 +12222,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -8697,9 +12288,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -8739,9 +12328,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -8763,9 +12350,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -9050,11 +12635,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -9262,11 +12847,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -9414,11 +12999,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -9429,6 +13012,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -9552,7 +13141,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -9634,7 +13223,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -9715,11 +13303,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -9933,10 +13521,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -9944,11 +13530,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -9982,6 +13566,60 @@ spec: - name type: object type: array + dnsConfig: + description: Defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: Name is required and must be unique. + minLength: 1 + type: string + value: + description: Value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: Defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string enableFeatures: description: |- Enable access to Alertmanager feature flags. By default, no features are enabled. @@ -9989,7 +13627,6 @@ spec: scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. - It requires Alertmanager >= 0.27.0. items: type: string @@ -10062,9 +13699,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -10153,9 +13788,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -10221,9 +13854,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -10263,9 +13894,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -10287,9 +13916,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -10574,11 +14201,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -10786,11 +14413,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -10938,11 +14565,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -10953,6 +14578,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -11076,7 +14707,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -11158,7 +14789,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -11239,11 +14869,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -11457,10 +15087,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -11468,11 +15096,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -11550,7 +15176,6 @@ spec: description: |- PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. - The following items are reserved and cannot be overridden: * "alertmanager" label, set to the name of the Alertmanager instance. * "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance. @@ -11611,11 +15236,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -11626,6 +15249,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -11715,12 +15344,10 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -11807,7 +15434,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -11817,18 +15443,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -11947,7 +15583,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -11957,11 +15592,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -12164,7 +15797,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -12420,7 +16053,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -12458,8 +16091,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -12478,12 +16111,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -12503,21 +16136,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -12562,8 +16195,16 @@ spec: status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + PersistentVolumeClaimConditionType defines the condition of PV claim. + Valid values are: + - "Resizing", "FileSystemResizePending" + + If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected: + - "ControllerResizeError", "NodeResizeError" + + If VolumeAttributesClass feature gate is enabled, then following additional values can be expected: + - "ModifyVolumeError", "ModifyingVolume" type: string required: - status @@ -12577,13 +16218,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -12724,7 +16365,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -12764,7 +16404,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -12782,7 +16421,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -12794,7 +16432,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -12877,10 +16514,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -12888,11 +16523,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -12933,7 +16566,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -12973,6 +16605,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -12985,6 +16618,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -13052,9 +16686,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -13096,9 +16728,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -13170,9 +16800,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap or its @@ -13211,9 +16839,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -13350,7 +16976,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -13361,17 +16986,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -13385,7 +17007,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -13395,11 +17016,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -13602,7 +17221,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -13628,7 +17247,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -13696,9 +17314,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -13732,7 +17348,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -13813,9 +17428,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -13832,6 +17444,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -13852,7 +17499,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -13864,6 +17510,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -13896,9 +17543,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -14015,24 +17660,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -14166,9 +17811,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap @@ -14306,9 +17949,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional field specify whether the @@ -14398,7 +18039,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -14406,6 +18046,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -14420,6 +18061,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -14445,13 +18087,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -14466,6 +18107,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -14497,9 +18139,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -14508,6 +18148,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -14621,9 +18262,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -14759,9 +18398,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -14785,9 +18422,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -14798,6 +18433,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -14824,9 +18464,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -14850,9 +18488,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -14869,6 +18505,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -14877,6 +18518,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -14891,9 +18537,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -14918,9 +18562,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object @@ -14990,6 +18631,10 @@ spec: object (their labels match the selector). format: int32 type: integer + selector: + description: The selector used to match the pods targeted by this + Alertmanager object. + type: string unavailableReplicas: description: Total number of unavailable pods targeted by this Alertmanager object. @@ -15014,6 +18659,10 @@ spec: served: true storage: true subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas status: {} --- --- @@ -15021,8 +18670,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -15040,7 +18689,15 @@ spec: - name: v1 schema: openAPIV3Schema: - description: PodMonitor defines monitoring for a set of pods. + description: |- + The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods. + Among other things, it allows to specify: + * The pods to scrape via label selectors. + * The container ports to scrape. + * Authentication credentials to use. + * Target and metric relabeling. + + `Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors. properties: apiVersion: description: |- @@ -15068,13 +18725,15 @@ spec: `attachMetadata` defines additional metadata which is added to the discovered targets. - - It requires Prometheus >= v2.37.0. + It requires Prometheus >= v2.35.0. properties: node: description: |- - When set to true, Prometheus must have the `get` permission on the - `Nodes` objects. + When set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. type: boolean type: object bodySizeLimit: @@ -15082,7 +18741,6 @@ spec: When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus. - It requires Prometheus >= v2.28.0. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string @@ -15092,12 +18750,10 @@ spec: `jobLabel` selects the label from the associated Kubernetes `Pod` object which will be used as the `job` label for all metrics. - For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` label to all ingested metrics. - If the value of this field is empty, the `job` label of the metrics defaults to the namespace and name of the PodMonitor object (e.g. `/`). type: string @@ -15106,7 +18762,6 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. format: int64 type: integer @@ -15114,7 +18769,6 @@ spec: description: |- Per-scrape limit on number of labels that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer @@ -15122,7 +18776,6 @@ spec: description: |- Per-scrape limit on length of labels name that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer @@ -15130,14 +18783,13 @@ spec: description: |- Per-scrape limit on length of labels value that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer namespaceSelector: description: |- - Selector to select which namespaces the Kubernetes `Pods` objects - are discovered from. + `namespaceSelector` defines in which namespace(s) Prometheus should discover the pods. + By default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces. properties: any: description: |- @@ -15150,8 +18802,25 @@ spec: type: string type: array type: object + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true podMetricsEndpoints: - description: List of endpoints part of this PodMonitor. + description: Defines how to scrape metrics from the selected pods. items: description: |- PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by @@ -15162,7 +18831,6 @@ spec: `authorization` configures the Authorization header credentials to use when scraping the target. - Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: @@ -15180,9 +18848,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -15196,10 +18862,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -15208,7 +18872,6 @@ spec: `basicAuth` configures the Basic Authentication credentials to use when scraping the target. - Cannot be set at the same time as `authorization`, or `oauth2`. properties: password: @@ -15227,9 +18890,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -15255,9 +18916,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -15274,7 +18933,6 @@ spec: token for scraping targets. The secret needs to be in the same namespace as the PodMonitor object and readable by the Prometheus Operator. - Deprecated: use `authorization` instead. properties: key: @@ -15288,9 +18946,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -15309,10 +18965,8 @@ spec: When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. - If unset, the filtering is enabled. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase type: boolean followRedirects: @@ -15334,7 +18988,6 @@ spec: description: |- Interval at which Prometheus scrapes the metrics from the target. - If empty, Prometheus uses the global scrape interval. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -15347,7 +19000,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -15355,11 +19007,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -15389,7 +19039,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -15402,7 +19051,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -15425,11 +19073,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -15438,10 +19084,8 @@ spec: description: |- `oauth2` configures the OAuth2 settings to use when scraping the target. - It requires Prometheus >= 2.27.0. - Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: @@ -15463,9 +19107,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -15489,9 +19131,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -15518,9 +19158,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -15537,12 +19175,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -15564,14 +19422,12 @@ spec: description: |- HTTP path from which to scrape for metrics. - If empty, Prometheus uses the default value (e.g. `/metrics`). type: string port: description: |- Name of the Pod port which this endpoint refers to. - It takes precedence over `targetPort`. type: string proxyUrl: @@ -15584,20 +19440,16 @@ spec: `relabelings` configures the relabeling rules to apply the target's metadata labels. - The Operator automatically adds relabelings for a few standard Kubernetes fields. - The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -15605,11 +19457,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -15639,7 +19489,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -15652,7 +19501,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -15675,11 +19523,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -15688,11 +19534,9 @@ spec: description: |- HTTP scheme to use for scraping. - `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. - If empty, Prometheus uses the default value `http`. enum: - http @@ -15702,7 +19546,6 @@ spec: description: |- Timeout after which Prometheus considers the scrape to be failed. - If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ @@ -15715,7 +19558,6 @@ spec: Name or number of the target port of the `Pod` object behind the Service, the port must be specified with container port property. - Deprecated: use 'port' instead. x-kubernetes-int-or-string: true tlsConfig: @@ -15739,9 +19581,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -15765,9 +19605,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -15795,9 +19633,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -15821,9 +19657,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -15852,9 +19686,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -15864,6 +19696,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -15874,7 +19728,6 @@ spec: the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. - It requires Prometheus >= v2.48.0. type: boolean type: object @@ -15896,15 +19749,18 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -15923,7 +19779,8 @@ spec: type: array x-kubernetes-list-type: set selector: - description: Label selector to select the Kubernetes `Pod` objects. + description: Label selector to select the Kubernetes `Pod` objects + to scrape metrics from. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -15988,8 +19845,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -16007,7 +19864,14 @@ spec: - name: v1 schema: openAPIV3Schema: - description: Probe defines monitoring for a set of static targets or ingresses. + description: |- + The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter). + + The `Probe` resource needs 2 pieces of information: + * The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects. + * The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics. + + `Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors. properties: apiVersion: description: |- @@ -16048,9 +19912,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -16064,10 +19926,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -16092,9 +19952,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -16120,9 +19978,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -16150,9 +20006,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -16175,7 +20029,6 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. format: int64 type: integer @@ -16204,7 +20057,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -16212,11 +20064,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -16246,7 +20096,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -16259,7 +20108,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -16281,11 +20129,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -16296,6 +20142,23 @@ spec: Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml type: string + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true oauth2: description: OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. @@ -16318,9 +20181,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -16344,9 +20205,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -16373,9 +20232,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -16392,12 +20249,228 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -16446,15 +20519,18 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -16521,7 +20597,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -16529,11 +20604,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -16563,7 +20636,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -16576,7 +20648,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -16599,11 +20670,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -16678,7 +20747,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -16686,11 +20754,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -16720,7 +20786,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -16733,7 +20798,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -16756,11 +20820,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -16792,9 +20854,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -16818,9 +20878,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -16847,9 +20905,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -16873,9 +20929,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -16903,9 +20957,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -16915,6 +20967,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -16931,8 +21005,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -16977,7 +21051,10 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: PrometheusAgent defines a Prometheus agent deployment. + description: |- + The `PrometheusAgent` custom resource definition (CRD) defines a desired [Prometheus Agent](https://prometheus.io/blog/2021/11/16/agent/) setup to run in a Kubernetes cluster. + + The CRD is very similar to the `Prometheus` CRD except for features which aren't available in agent mode like rule evaluation, persistent storage and Thanos sidecar. properties: apiVersion: description: |- @@ -17005,13 +21082,11 @@ spec: description: |- AdditionalArgs allows setting additional arguments for the 'prometheus' container. - It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. - In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. @@ -17055,9 +21130,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -17350,7 +21423,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17365,7 +21438,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17531,7 +21604,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17546,7 +21619,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17709,7 +21782,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17724,7 +21797,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17890,7 +21963,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17905,7 +21978,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17998,7 +22071,6 @@ spec: description: |- Authorization section for the API server. - Cannot be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`. properties: @@ -18017,9 +22089,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -18037,10 +22107,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -18048,7 +22116,6 @@ spec: description: |- BasicAuth configuration for the API server. - Cannot be set at the same time as `authorization`, `bearerToken`, or `bearerTokenFile`. properties: @@ -18068,9 +22135,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -18096,9 +22161,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -18114,17 +22177,14 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File to read bearer token for accessing apiserver. - Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string host: @@ -18153,9 +22213,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -18179,9 +22237,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -18213,9 +22269,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -18239,9 +22293,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -18278,9 +22330,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -18290,6 +22340,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -18318,7 +22390,6 @@ spec: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn't set, the operator mounts the service account token by default. - **Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. type: boolean @@ -18327,7 +22398,6 @@ spec: BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ @@ -18350,13 +22420,11 @@ spec: container if they share the same name and modifications are done via a strategic merge patch. - The names of containers managed by the operator are: * `prometheus` * `config-reloader` * `thanos-sidecar` - Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. @@ -18433,9 +22501,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -18501,9 +22567,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -18543,9 +22607,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -18567,9 +22629,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -18854,11 +22914,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -19066,11 +23126,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -19218,11 +23278,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -19233,6 +23291,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -19356,7 +23420,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -19438,7 +23502,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -19519,11 +23582,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -19737,10 +23800,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -19748,11 +23809,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -19786,16 +23845,68 @@ spec: - name type: object type: array + dnsConfig: + description: Defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: Name is required and must be unique. + minLength: 1 + type: string + value: + description: Value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: Defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string enableFeatures: description: |- Enable access to Prometheus feature flags. By default, no features are enabled. - Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. - For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ items: minLength: 1 @@ -19807,14 +23918,12 @@ spec: Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. - WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver - It requires Prometheus >= v2.33.0. type: boolean enforcedBodySizeLimit: @@ -19824,10 +23933,8 @@ spec: Targets responding with a body larger than this many bytes will cause the scrape to fail. - It requires Prometheus >= v2.28.0. - When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`. @@ -19843,10 +23950,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is greater than zero and less than `spec.enforcedKeepDroppedTargets`. - It requires Prometheus >= v2.47.0. - When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply: * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`. @@ -19861,10 +23966,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`. @@ -19879,10 +23982,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is greater than zero and less than `spec.enforcedLabelNameLengthLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`. @@ -19897,10 +23998,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is greater than zero and less than `spec.enforcedLabelValueLengthLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`. @@ -19912,16 +24011,13 @@ spec: description: |- When not empty, a label will be added to: - 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. 2. All metrics generated from recording rules defined in `PrometheusRule` objects. 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. - The label will not added for objects referenced in `spec.excludedFromEnforcement`. - The label's name is this field's value. The label's value is the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object. @@ -19934,11 +24030,9 @@ spec: unless `spec.sampleLimit` is greater than zero and less than `spec.enforcedSampleLimit`. - It is meant to be used by admins to keep the overall number of samples/series under a desired limit. - When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`. @@ -19953,11 +24047,9 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. - It is meant to be used by admins to to keep the overall number of targets under a desired limit. - When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`. @@ -19970,7 +24062,6 @@ spec: List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. - It is only applicable if `spec.enforcedNamespaceLabel` set to true. items: description: ObjectReference references a PodMonitor, ServiceMonitor, @@ -20051,13 +24142,12 @@ spec: description: |- Use the host's network namespace if true. - Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). - When hostNetwork is enabled, this will set the DNS policy to - `ClusterFirstWithHostNet` automatically. + `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set + to a different value). type: boolean ignoreNamespaceSelectors: description: |- @@ -20071,11 +24161,9 @@ spec: Container image name for Prometheus. If specified, it takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. - Specifying `spec.version` is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured. - If neither `spec.image` nor `spec.baseImage` are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released. @@ -20107,9 +24195,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -20125,11 +24211,9 @@ spec: containers if they share the same name and modifications are done via a strategic merge patch. - The names of init container name managed by the operator are: * `init-config-reloader`. - Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. @@ -20206,9 +24290,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -20274,9 +24356,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -20316,9 +24396,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -20340,9 +24418,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -20627,222 +24703,222 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - name: - description: |- - Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: |- - List of ports to expose from the container. Not specifying a port here - DOES NOT prevent that port from being exposed. Any port which is - listening on the default "0.0.0.0" address inside a container will be - accessible from the network. - Modifying this array with strategic merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: |- - Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. type: string @@ -20991,11 +25067,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -21006,6 +25080,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -21129,7 +25209,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -21211,7 +25291,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -21292,11 +25371,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -21510,10 +25589,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -21521,11 +25598,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -21564,10 +25639,8 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. format: int64 @@ -21577,7 +25650,6 @@ spec: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. format: int64 @@ -21587,7 +25659,6 @@ spec: Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. format: int64 @@ -21597,7 +25668,6 @@ spec: Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. format: int64 @@ -21637,7 +25707,6 @@ spec: without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) - This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. format: int32 @@ -21647,7 +25716,6 @@ spec: Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). For now this field has no effect. - (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: - StatefulSet @@ -21658,6 +25726,21 @@ spec: type: string description: Defines on which Nodes the Pods are scheduled. type: object + otlp: + description: |- + Settings related to the OTLP receiver feature. + It requires Prometheus >= v2.55.0. + properties: + promoteResourceAttributes: + description: List of OpenTelemetry Attributes that should be promoted + to metric labels, defaults to none. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + type: object overrideHonorLabels: description: |- When true, Prometheus resolves label conflicts by renaming the labels in the scraped data @@ -21704,7 +25787,6 @@ spec: description: |- PodMetadata configures labels and annotations which are propagated to the Prometheus pods. - The following items are reserved and cannot be overridden: * "prometheus" label, set to the name of the Prometheus object. * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. @@ -21797,7 +25879,6 @@ spec: PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -21920,7 +26001,6 @@ spec: Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -21979,7 +26059,6 @@ spec: name. The external label will _not_ be added when the field is set to the empty string (`""`). - Default: "prometheus" type: string reloadStrategy: @@ -22001,10 +26080,8 @@ spec: description: |- Authorization section for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. properties: credentials: @@ -22022,9 +26099,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22042,10 +26117,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -22053,10 +26126,8 @@ spec: description: |- AzureAD for the URL. - It requires Prometheus >= v2.45.0. - Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. properties: cloud: @@ -22083,7 +26154,6 @@ spec: OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity` or `sdk`. - It requires Prometheus >= v2.48.0. properties: clientId: @@ -22108,9 +26178,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -22138,7 +26206,6 @@ spec: See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as `oauth` or `managedIdentity`. - It requires Prometheus >= 2.52.0. properties: tenantId: @@ -22153,7 +26220,6 @@ spec: description: |- BasicAuth configuration for the URL. - Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. properties: password: @@ -22172,9 +26238,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22200,9 +26264,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22218,14 +26280,12 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File from which to read bearer token for the URL. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string enableHTTP2: @@ -22235,7 +26295,6 @@ spec: description: |- Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.26.0. type: boolean headers: @@ -22245,9 +26304,26 @@ spec: Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. - It requires Prometheus >= v2.25.0. type: object + messageVersion: + description: |- + The Remote Write message's version to use when writing to the endpoint. + + `Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0. + `Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0. + + When `Version2.0` is selected, Prometheus will automatically be + configured to append the metadata of scraped metrics to the WAL. + + Before setting this field, consult with your remote storage provider + what message version it supports. + + It requires Prometheus >= v2.54.0. + enum: + - V1.0 + - V2.0 + type: string metadataConfig: description: MetadataConfig configures the sending of series metadata to the remote storage. @@ -22267,7 +26343,6 @@ spec: The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. - It requires Prometheus >= v2.15.0. type: string noProxy: @@ -22276,17 +26351,14 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- OAuth2 configuration for the URL. - It requires Prometheus >= v2.27.0. - Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. properties: clientId: @@ -22308,9 +26380,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -22334,9 +26404,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -22363,9 +26431,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22382,12 +26448,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -22414,9 +26700,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22431,24 +26715,17 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string queueConfig: @@ -22494,7 +26771,6 @@ spec: description: |- Retry upon receiving a 429 status code from the remote-write storage. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. type: boolean @@ -22512,10 +26788,9 @@ spec: sendExemplars: description: |- Enables sending of exemplars over remote write. Note that - exemplar-storage itself must be enabled using the `spec.enableFeature` + exemplar-storage itself must be enabled using the `spec.enableFeatures` option for exemplars to be scraped in the first place. - It requires Prometheus >= v2.27.0. type: boolean sendNativeHistograms: @@ -22523,17 +26798,14 @@ spec: Enables sending of native histograms, also known as sparse histograms over remote write. - It requires Prometheus >= v2.40.0. type: boolean sigv4: description: |- Sigv4 allows to configures AWS's Signature Verification 4 for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. properties: accessKey: @@ -22552,9 +26824,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22590,9 +26860,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22624,9 +26892,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -22650,9 +26916,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -22684,9 +26948,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -22710,9 +26972,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -22749,9 +27009,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22761,12 +27019,35 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object url: description: The URL of the endpoint to send samples to. + minLength: 1 type: string writeRelabelConfigs: description: The list of remote write relabel configurations. @@ -22775,7 +27056,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -22783,11 +27063,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -22817,7 +27095,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -22830,7 +27107,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -22853,11 +27129,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -22866,13 +27140,26 @@ spec: - url type: object type: array + remoteWriteReceiverMessageVersions: + description: |- + List of the protobuf message versions to accept when receiving the + remote writes. + + It requires Prometheus >= v2.54.0. + items: + enum: + - V1.0 + - V2.0 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set replicaExternalLabelName: description: |- Name of Prometheus external label used to denote the replica name. The external label will _not_ be added when the field is set to the empty string (`""`). - Default: "prometheus_replica" type: string replicas: @@ -22881,7 +27168,6 @@ spec: `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. - Default: 1 format: int32 type: integer @@ -22894,11 +27180,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -22909,6 +27193,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -22945,7 +27235,6 @@ spec: description: |- The route prefix Prometheus registers HTTP handlers for. - This is useful when using `spec.externalURL`, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example @@ -22956,7 +27245,6 @@ spec: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. format: int64 @@ -22966,36 +27254,46 @@ spec: List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. items: properties: + attachMetadata: + description: |- + AttachMetadata configures additional metadata to the discovered targets. + When the scrape object defines its own configuration, it takes + precedence over the scrape class configuration. + properties: + node: + description: |- + When set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. + type: boolean + type: object default: description: |- Default indicates that the scrape applies to all scrape objects that don't configure an explicit scrape class name. - Only one scrape class can be set as the default. type: boolean metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. - The Operator adds the scrape class metric relabelings defined here. Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. Then the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -23003,11 +27301,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -23037,7 +27333,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -23050,7 +27345,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -23073,11 +27367,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -23090,20 +27382,17 @@ spec: description: |- Relabelings configures the relabeling rules to apply to all scrape targets. - The Operator automatically adds relabelings for a few standard Kubernetes fields like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. Then the Operator adds the scrape class relabelings defined here. Then the Operator adds the target-specific relabelings defined in the scrape object. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -23111,11 +27400,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -23145,7 +27432,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -23158,7 +27444,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -23181,11 +27466,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -23196,7 +27479,6 @@ spec: scrape objects define their own CA, certificate and/or key, they take precedence over the corresponding scrape class fields. - For now only the `caFile`, `certFile` and `keyFile` fields are supported. properties: ca: @@ -23217,9 +27499,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -23243,9 +27523,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -23277,9 +27555,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -23303,9 +27579,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -23342,9 +27616,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -23354,6 +27626,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -23371,7 +27665,6 @@ spec: matches all namespaces. A null label selector matches the current namespace only. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. properties: matchExpressions: @@ -23422,7 +27715,6 @@ spec: ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -23432,7 +27724,6 @@ spec: of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. properties: matchExpressions: @@ -23483,7 +27774,6 @@ spec: description: |- Interval between consecutive scrapes. - Default: "30s" pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -23492,10 +27782,8 @@ spec: The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -23527,6 +27815,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set securityContext: description: |- SecurityContext holds pod-level security attributes and common container settings. @@ -23561,12 +27850,10 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -23653,7 +27940,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -23663,18 +27949,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -23733,6 +28029,17 @@ spec: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. type: string + serviceDiscoveryRole: + description: |- + Defines the service discovery role used to discover targets from + `ServiceMonitor` objects and Alertmanager endpoints. + + If set, the value should be either "Endpoints" or "EndpointSlice". + If unset, the operator assumes the "Endpoints" role. + enum: + - Endpoints + - EndpointSlice + type: string serviceMonitorNamespaceSelector: description: |- Namespaces to match for ServicedMonitors discovery. An empty label selector @@ -23787,7 +28094,6 @@ spec: ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -23845,18 +28151,15 @@ spec: Number of shards to distribute targets onto. `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. - Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. - Sharding is performed on the content of the `__address__` target meta-label for PodMonitors and ServiceMonitors and `__param_target__` for Probes. - Default: 1 format: int32 type: integer @@ -23911,7 +28214,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -23921,11 +28223,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -24128,7 +28428,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -24384,7 +28684,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -24422,8 +28722,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -24442,12 +28742,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -24467,21 +28767,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -24526,8 +28826,16 @@ spec: status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + PersistentVolumeClaimConditionType defines the condition of PV claim. + Valid values are: + - "Resizing", "FileSystemResizePending" + + If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected: + - "ControllerResizeError", "NodeResizeError" + + If VolumeAttributesClass feature gate is enabled, then following additional values can be expected: + - "ModifyVolumeError", "ModifyingVolume" type: string required: - status @@ -24541,13 +28849,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -24582,7 +28890,6 @@ spec: TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. format: int64 @@ -24697,7 +29004,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -24737,7 +29043,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -24755,7 +29060,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -24767,7 +29071,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -24815,7 +29118,6 @@ spec: description: |- TracingConfig configures tracing in Prometheus. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -24880,9 +29182,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -24906,9 +29206,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -24940,9 +29238,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -24966,9 +29262,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25005,9 +29299,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25017,6 +29309,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -25024,12 +29338,31 @@ spec: required: - endpoint type: object + tsdb: + description: |- + Defines the runtime reloadable configuration of the timeseries database(TSDB). + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + properties: + outOfOrderTimeWindow: + description: |- + Configures how old an out-of-order/out-of-bounds sample can be with + respect to the TSDB max time. + + An out-of-order/out-of-bounds sample is ingested into the TSDB as long as + the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object version: description: |- Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. - If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released. @@ -25038,7 +29371,6 @@ spec: description: |- VolumeMounts allows the configuration of additional VolumeMounts. - VolumeMounts will be appended to other VolumeMounts in the 'prometheus' container, that are generated as a result of StorageSpec objects. items: @@ -25072,10 +29404,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -25083,11 +29413,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -25128,7 +29456,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -25168,6 +29495,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -25180,6 +29508,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -25247,9 +29576,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -25291,9 +29618,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -25365,9 +29690,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap or its @@ -25406,9 +29729,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -25545,7 +29866,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -25556,17 +29876,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -25580,7 +29897,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -25590,11 +29906,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -25797,7 +30111,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -25823,7 +30137,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -25891,9 +30204,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -25927,7 +30238,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -26008,9 +30318,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -26027,6 +30334,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -26047,7 +30389,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -26059,6 +30400,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -26091,9 +30433,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -26210,24 +30550,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -26361,9 +30701,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap @@ -26501,9 +30839,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional field specify whether the @@ -26593,7 +30929,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -26601,6 +30936,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -26615,6 +30951,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -26640,13 +30977,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -26661,6 +30997,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -26692,9 +31029,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -26703,6 +31038,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -26816,9 +31152,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -26870,10 +31204,8 @@ spec: description: |- Configures compression of the write-ahead log (WAL) using Snappy. - WAL compression is enabled by default for Prometheus >= 2.20.0 - Requires Prometheus v2.11.0 and above. type: boolean web: @@ -26962,9 +31294,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -26988,9 +31318,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -27001,6 +31329,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -27027,9 +31360,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -27053,9 +31384,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -27072,6 +31401,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -27080,6 +31414,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -27094,9 +31433,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27121,9 +31458,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object @@ -27276,8 +31610,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27322,7 +31656,14 @@ spec: name: v1 schema: openAPIV3Schema: - description: Prometheus defines a Prometheus deployment. + description: |- + The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more. + + For each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default. + + The resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances. + + The Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed. properties: apiVersion: description: |- @@ -27354,13 +31695,10 @@ spec: Prometheus Operator. They must be formatted according to the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config - The user is responsible for making sure that the configurations are valid - Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break @@ -27377,9 +31715,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -27396,13 +31732,10 @@ spec: Prometheus Operator. They must be formatted according to the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - The user is responsible for making sure that the configurations are valid - Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break @@ -27419,9 +31752,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -27434,13 +31765,11 @@ spec: description: |- AdditionalArgs allows setting additional arguments for the 'prometheus' container. - It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. - In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. @@ -27484,9 +31813,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -27779,7 +32106,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -27794,7 +32121,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -27960,7 +32287,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -27975,7 +32302,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -28138,7 +32465,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -28153,7 +32480,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -28319,7 +32646,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -28334,7 +32661,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -28419,8 +32746,8 @@ spec: description: Defines the settings related to Alertmanager. properties: alertmanagers: - description: AlertmanagerEndpoints Prometheus should fire alerts - against. + description: Alertmanager endpoints where Prometheus should send + alerts to. items: description: |- AlertmanagerEndpoints defines a selection of a single Endpoints object @@ -28435,7 +32762,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -28443,11 +32769,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -28477,7 +32801,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -28490,7 +32813,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -28513,11 +32835,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -28531,7 +32851,6 @@ spec: description: |- Authorization section for Alertmanager. - Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`. properties: credentials: @@ -28549,9 +32868,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -28565,10 +32882,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -28576,7 +32891,6 @@ spec: description: |- BasicAuth configuration for Alertmanager. - Cannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`. properties: password: @@ -28595,9 +32909,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -28623,9 +32935,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -28640,10 +32950,8 @@ spec: description: |- File to read bearer token for Alertmanager. - Cannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string enableHttp2: @@ -28651,9 +32959,15 @@ spec: type: boolean name: description: Name of the Endpoints object in the namespace. + minLength: 1 type: string namespace: - description: Namespace of the Endpoints object. + description: |- + Namespace of the Endpoints object. + + If not set, the object will be discovered in the namespace of the + Prometheus object. + minLength: 1 type: string pathPrefix: description: Prefix for the HTTP path alerts are pushed @@ -28673,7 +32987,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -28681,11 +32994,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -28715,7 +33026,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -28728,7 +33038,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -28751,11 +33060,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -28767,10 +33074,8 @@ spec: description: |- Sigv4 allows to configures AWS's Signature Verification 4 for the URL. - It requires Prometheus >= v2.48.0. - Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`. properties: accessKey: @@ -28789,9 +33094,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -28829,9 +33132,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -28868,9 +33169,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -28895,9 +33194,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -28930,9 +33227,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -28957,9 +33252,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -28996,9 +33289,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -29008,13 +33299,34 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - name - - namespace - port type: object type: array @@ -29026,7 +33338,6 @@ spec: AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. - Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default. type: boolean apiserverConfig: @@ -29041,7 +33352,6 @@ spec: description: |- Authorization section for the API server. - Cannot be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`. properties: @@ -29060,9 +33370,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -29080,10 +33388,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -29091,7 +33397,6 @@ spec: description: |- BasicAuth configuration for the API server. - Cannot be set at the same time as `authorization`, `bearerToken`, or `bearerTokenFile`. properties: @@ -29111,9 +33416,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -29139,9 +33442,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -29157,17 +33458,14 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File to read bearer token for accessing apiserver. - Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string host: @@ -29196,9 +33494,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -29222,9 +33518,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -29256,9 +33550,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -29282,9 +33574,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -29321,9 +33611,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -29333,6 +33621,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -29361,7 +33671,6 @@ spec: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn't set, the operator mounts the service account token by default. - **Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. type: boolean @@ -29373,7 +33682,6 @@ spec: BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ @@ -29396,13 +33704,11 @@ spec: container if they share the same name and modifications are done via a strategic merge patch. - The names of containers managed by the operator are: * `prometheus` * `config-reloader` * `thanos-sidecar` - Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. @@ -29479,9 +33785,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -29547,9 +33851,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -29589,9 +33891,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -29613,9 +33913,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -29900,11 +34198,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -30112,11 +34410,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -30264,11 +34562,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -30279,6 +34575,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -30402,7 +34704,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -30484,7 +34786,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -30565,11 +34866,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -30783,10 +35084,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -30794,11 +35093,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -30835,17 +35132,69 @@ spec: disableCompaction: description: When true, the Prometheus compaction is disabled. type: boolean + dnsConfig: + description: Defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: Name is required and must be unique. + minLength: 1 + type: string + value: + description: Value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: Defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string enableAdminAPI: description: |- Enables access to the Prometheus web admin API. - WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. - For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis type: boolean @@ -30853,12 +35202,10 @@ spec: description: |- Enable access to Prometheus feature flags. By default, no features are enabled. - Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. - For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ items: minLength: 1 @@ -30870,14 +35217,12 @@ spec: Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. - WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver - It requires Prometheus >= v2.33.0. type: boolean enforcedBodySizeLimit: @@ -30887,10 +35232,8 @@ spec: Targets responding with a body larger than this many bytes will cause the scrape to fail. - It requires Prometheus >= v2.28.0. - When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`. @@ -30906,10 +35249,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is greater than zero and less than `spec.enforcedKeepDroppedTargets`. - It requires Prometheus >= v2.47.0. - When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply: * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`. @@ -30924,10 +35265,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`. @@ -30942,10 +35281,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is greater than zero and less than `spec.enforcedLabelNameLengthLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`. @@ -30960,10 +35297,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is greater than zero and less than `spec.enforcedLabelValueLengthLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`. @@ -30975,16 +35310,13 @@ spec: description: |- When not empty, a label will be added to: - 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. 2. All metrics generated from recording rules defined in `PrometheusRule` objects. 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. - The label will not added for objects referenced in `spec.excludedFromEnforcement`. - The label's name is this field's value. The label's value is the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object. @@ -30997,11 +35329,9 @@ spec: unless `spec.sampleLimit` is greater than zero and less than `spec.enforcedSampleLimit`. - It is meant to be used by admins to keep the overall number of samples/series under a desired limit. - When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`. @@ -31016,11 +35346,9 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. - It is meant to be used by admins to to keep the overall number of targets under a desired limit. - When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`. @@ -31040,7 +35368,6 @@ spec: List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. - It is only applicable if `spec.enforcedNamespaceLabel` set to true. items: description: ObjectReference references a PodMonitor, ServiceMonitor, @@ -31086,11 +35413,9 @@ spec: description: |- Maximum number of exemplars stored in memory for all series. - exemplar-storage itself must be enabled using the `spec.enableFeature` option for exemplars to be scraped in the first place. - If not set, Prometheus uses its default value. A value of zero or less than zero disables the storage. format: int64 @@ -31140,13 +35465,12 @@ spec: description: |- Use the host's network namespace if true. - Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). - When hostNetwork is enabled, this will set the DNS policy to - `ClusterFirstWithHostNet` automatically. + `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set + to a different value). type: boolean ignoreNamespaceSelectors: description: |- @@ -31160,11 +35484,9 @@ spec: Container image name for Prometheus. If specified, it takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. - Specifying `spec.version` is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured. - If neither `spec.image` nor `spec.baseImage` are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released. @@ -31196,9 +35518,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -31214,11 +35534,9 @@ spec: containers if they share the same name and modifications are done via a strategic merge patch. - The names of init container name managed by the operator are: * `init-config-reloader`. - Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. @@ -31295,9 +35613,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -31363,9 +35679,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -31405,9 +35719,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -31429,9 +35741,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -31716,11 +36026,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -31928,11 +36238,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -32080,11 +36390,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -32095,6 +36403,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -32218,7 +36532,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -32300,7 +36614,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -32381,11 +36694,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -32599,10 +36912,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -32610,11 +36921,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -32653,10 +36962,8 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. format: int64 @@ -32666,7 +36973,6 @@ spec: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. format: int64 @@ -32676,7 +36982,6 @@ spec: Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. format: int64 @@ -32686,7 +36991,6 @@ spec: Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. format: int64 @@ -32726,7 +37030,6 @@ spec: without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) - This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. format: int32 @@ -32736,6 +37039,21 @@ spec: type: string description: Defines on which Nodes the Pods are scheduled. type: object + otlp: + description: |- + Settings related to the OTLP receiver feature. + It requires Prometheus >= v2.55.0. + properties: + promoteResourceAttributes: + description: List of OpenTelemetry Attributes that should be promoted + to metric labels, defaults to none. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + type: object overrideHonorLabels: description: |- When true, Prometheus resolves label conflicts by renaming the labels in the scraped data @@ -32782,7 +37100,6 @@ spec: description: |- PodMetadata configures labels and annotations which are propagated to the Prometheus pods. - The following items are reserved and cannot be overridden: * "prometheus" label, set to the name of the Prometheus object. * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. @@ -32875,7 +37192,6 @@ spec: PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -32998,7 +37314,6 @@ spec: Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -33057,7 +37372,6 @@ spec: name. The external label will _not_ be added when the field is set to the empty string (`""`). - Default: "prometheus" type: string prometheusRulesExcludedFromEnforce: @@ -33112,7 +37426,6 @@ spec: description: |- queryLogFile specifies where the file to which PromQL queries are logged. - If the filename has an empty path, e.g. 'query.log', The Prometheus Pods will mount the file into an emptyDir volume at `/var/log/prometheus`. If a full path is provided, e.g. '/var/log/prometheus/query.log', you @@ -33142,10 +37455,8 @@ spec: description: |- Authorization section for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: @@ -33163,9 +37474,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -33183,10 +37492,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -33194,7 +37501,6 @@ spec: description: |- BasicAuth configuration for the URL. - Cannot be set at the same time as `authorization`, or `oauth2`. properties: password: @@ -33213,9 +37519,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -33241,9 +37545,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -33259,28 +37561,24 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File from which to read the bearer token for the URL. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string filterExternalLabels: description: |- Whether to use the external labels as selectors for the remote read endpoint. - It requires Prometheus >= v2.34.0. type: boolean followRedirects: description: |- Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.26.0. type: boolean headers: @@ -33297,7 +37595,6 @@ spec: name is used in metrics and logging in order to differentiate read configurations. - It requires Prometheus >= v2.15.0. type: string noProxy: @@ -33306,17 +37603,14 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- OAuth2 configuration for the URL. - It requires Prometheus >= v2.27.0. - Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: @@ -33338,9 +37632,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -33364,9 +37656,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -33393,9 +37683,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -33412,104 +37700,22 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - - It requires Prometheus >= v2.43.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - - It requires Prometheus >= v2.43.0. - type: boolean - proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. - It requires Prometheus >= v2.43.0. - pattern: ^http(s)?://.+$ - type: string - readRecent: - description: |- - Whether reads should be made for queries for time ranges that - the local storage should have complete data for. - type: boolean - remoteTimeout: - description: Timeout for requests to the remote read endpoint. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - requiredMatchers: - additionalProperties: - type: string - description: |- - An optional list of equality matchers which have to be present - in a selector to query the remote read endpoint. - type: object - tlsConfig: - description: TLS Config to use for the URL. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key to select. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: default: "" @@ -33518,20 +37724,311 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + readRecent: + description: |- + Whether reads should be made for queries for time ranges that + the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + requiredMatchers: + additionalProperties: + type: string + description: |- + An optional list of equality matchers which have to be present + in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for the URL. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. properties: key: description: The key of the secret to select from. Must @@ -33544,9 +38041,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -33578,9 +38073,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -33604,9 +38097,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -33643,9 +38134,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -33655,6 +38144,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -33677,10 +38188,8 @@ spec: description: |- Authorization section for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. properties: credentials: @@ -33698,9 +38207,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -33718,10 +38225,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -33729,10 +38234,8 @@ spec: description: |- AzureAD for the URL. - It requires Prometheus >= v2.45.0. - Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. properties: cloud: @@ -33759,7 +38262,6 @@ spec: OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity` or `sdk`. - It requires Prometheus >= v2.48.0. properties: clientId: @@ -33784,9 +38286,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -33814,7 +38314,6 @@ spec: See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as `oauth` or `managedIdentity`. - It requires Prometheus >= 2.52.0. properties: tenantId: @@ -33829,7 +38328,6 @@ spec: description: |- BasicAuth configuration for the URL. - Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. properties: password: @@ -33848,9 +38346,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -33876,9 +38372,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -33894,14 +38388,12 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File from which to read bearer token for the URL. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string enableHTTP2: @@ -33911,7 +38403,6 @@ spec: description: |- Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.26.0. type: boolean headers: @@ -33921,9 +38412,26 @@ spec: Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. - It requires Prometheus >= v2.25.0. type: object + messageVersion: + description: |- + The Remote Write message's version to use when writing to the endpoint. + + `Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0. + `Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0. + + When `Version2.0` is selected, Prometheus will automatically be + configured to append the metadata of scraped metrics to the WAL. + + Before setting this field, consult with your remote storage provider + what message version it supports. + + It requires Prometheus >= v2.54.0. + enum: + - V1.0 + - V2.0 + type: string metadataConfig: description: MetadataConfig configures the sending of series metadata to the remote storage. @@ -33943,7 +38451,6 @@ spec: The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. - It requires Prometheus >= v2.15.0. type: string noProxy: @@ -33952,17 +38459,14 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- OAuth2 configuration for the URL. - It requires Prometheus >= v2.27.0. - Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. properties: clientId: @@ -33984,9 +38488,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -34010,9 +38512,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -34039,9 +38539,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -34058,12 +38556,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -34090,9 +38808,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -34107,24 +38823,17 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string queueConfig: @@ -34170,7 +38879,6 @@ spec: description: |- Retry upon receiving a 429 status code from the remote-write storage. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. type: boolean @@ -34188,10 +38896,9 @@ spec: sendExemplars: description: |- Enables sending of exemplars over remote write. Note that - exemplar-storage itself must be enabled using the `spec.enableFeature` + exemplar-storage itself must be enabled using the `spec.enableFeatures` option for exemplars to be scraped in the first place. - It requires Prometheus >= v2.27.0. type: boolean sendNativeHistograms: @@ -34199,17 +38906,14 @@ spec: Enables sending of native histograms, also known as sparse histograms over remote write. - It requires Prometheus >= v2.40.0. type: boolean sigv4: description: |- Sigv4 allows to configures AWS's Signature Verification 4 for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. properties: accessKey: @@ -34228,9 +38932,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -34266,9 +38968,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -34300,9 +39000,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -34326,9 +39024,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -34360,9 +39056,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -34386,9 +39080,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -34425,9 +39117,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -34437,12 +39127,35 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object url: description: The URL of the endpoint to send samples to. + minLength: 1 type: string writeRelabelConfigs: description: The list of remote write relabel configurations. @@ -34451,7 +39164,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -34459,11 +39171,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -34493,7 +39203,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -34506,7 +39215,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -34529,11 +39237,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -34542,13 +39248,26 @@ spec: - url type: object type: array + remoteWriteReceiverMessageVersions: + description: |- + List of the protobuf message versions to accept when receiving the + remote writes. + + It requires Prometheus >= v2.54.0. + items: + enum: + - V1.0 + - V2.0 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set replicaExternalLabelName: description: |- Name of Prometheus external label used to denote the replica name. The external label will _not_ be added when the field is set to the empty string (`""`). - Default: "prometheus_replica" type: string replicas: @@ -34557,7 +39276,6 @@ spec: `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. - Default: 1 format: int32 type: integer @@ -34570,11 +39288,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -34585,6 +39301,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -34621,7 +39343,6 @@ spec: description: |- How long to retain the Prometheus data. - Default: "24h" if `spec.retention` and `spec.retentionSize` are empty. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -34633,7 +39354,6 @@ spec: description: |- The route prefix Prometheus registers HTTP handlers for. - This is useful when using `spec.externalURL`, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example @@ -34688,6 +39408,12 @@ spec: type: object type: object x-kubernetes-map-type: atomic + ruleQueryOffset: + description: |- + Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. + It requires Prometheus >= v2.53.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string ruleSelector: description: |- PrometheusRule objects to be selected for rule evaluation. An empty @@ -34744,14 +39470,12 @@ spec: description: |- Defines the parameters of the Prometheus rules' engine. - Any update to these parameters trigger a restart of the pods. properties: forGracePeriod: description: |- Minimum duration between alert and restored 'for' state. - This is maintained only for alerts with a configured 'for' time greater than the grace period. type: string @@ -34767,12 +39491,23 @@ spec: type: string type: object type: object + runtime: + description: RuntimeConfig configures the values for the Prometheus + process behavior + properties: + goGC: + description: |- + The Go garbage collection target percentage. Lowering this number may increase the CPU usage. + See: https://tip.golang.org/doc/gc-guide#GOGC + format: int32 + minimum: -1 + type: integer + type: object sampleLimit: description: |- SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. format: int64 @@ -34782,36 +39517,46 @@ spec: List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. items: properties: + attachMetadata: + description: |- + AttachMetadata configures additional metadata to the discovered targets. + When the scrape object defines its own configuration, it takes + precedence over the scrape class configuration. + properties: + node: + description: |- + When set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. + type: boolean + type: object default: description: |- Default indicates that the scrape applies to all scrape objects that don't configure an explicit scrape class name. - Only one scrape class can be set as the default. type: boolean metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. - The Operator adds the scrape class metric relabelings defined here. Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. Then the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -34819,11 +39564,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -34853,7 +39596,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -34866,7 +39608,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -34889,11 +39630,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -34906,20 +39645,17 @@ spec: description: |- Relabelings configures the relabeling rules to apply to all scrape targets. - The Operator automatically adds relabelings for a few standard Kubernetes fields like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. Then the Operator adds the scrape class relabelings defined here. Then the Operator adds the target-specific relabelings defined in the scrape object. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -34927,11 +39663,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -34961,7 +39695,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -34974,7 +39707,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -34997,11 +39729,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -35012,7 +39742,6 @@ spec: scrape objects define their own CA, certificate and/or key, they take precedence over the corresponding scrape class fields. - For now only the `caFile`, `certFile` and `keyFile` fields are supported. properties: ca: @@ -35033,9 +39762,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -35059,9 +39786,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -35093,9 +39818,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -35119,9 +39842,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -35158,9 +39879,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -35170,6 +39889,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -35187,7 +39928,6 @@ spec: matches all namespaces. A null label selector matches the current namespace only. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. properties: matchExpressions: @@ -35238,7 +39978,6 @@ spec: ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -35248,7 +39987,6 @@ spec: of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. properties: matchExpressions: @@ -35299,7 +40037,6 @@ spec: description: |- Interval between consecutive scrapes. - Default: "30s" pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -35308,10 +40045,8 @@ spec: The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -35343,6 +40078,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set securityContext: description: |- SecurityContext holds pod-level security attributes and common container settings. @@ -35377,12 +40113,10 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -35469,7 +40203,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -35479,18 +40212,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -35549,6 +40292,17 @@ spec: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. type: string + serviceDiscoveryRole: + description: |- + Defines the service discovery role used to discover targets from + `ServiceMonitor` objects and Alertmanager endpoints. + + If set, the value should be either "Endpoints" or "EndpointSlice". + If unset, the operator assumes the "Endpoints" role. + enum: + - Endpoints + - EndpointSlice + type: string serviceMonitorNamespaceSelector: description: |- Namespaces to match for ServicedMonitors discovery. An empty label selector @@ -35603,7 +40357,6 @@ spec: ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -35665,18 +40418,15 @@ spec: Number of shards to distribute targets onto. `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. - Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. - Sharding is performed on the content of the `__address__` target meta-label for PodMonitors and ServiceMonitors and `__param_target__` for Probes. - Default: 1 format: int32 type: integer @@ -35731,7 +40481,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -35741,11 +40490,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -35948,7 +40695,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -36204,7 +40951,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -36242,8 +40989,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -36262,12 +41009,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -36287,21 +41034,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -36346,8 +41093,16 @@ spec: status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + PersistentVolumeClaimConditionType defines the condition of PV claim. + Valid values are: + - "Resizing", "FileSystemResizePending" + + If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected: + - "ControllerResizeError", "NodeResizeError" + + If VolumeAttributesClass feature gate is enabled, then following additional values can be expected: + - "ModifyVolumeError", "ModifyingVolume" type: string required: - status @@ -36361,13 +41116,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -36406,7 +41161,6 @@ spec: TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. format: int64 @@ -36446,7 +41200,6 @@ spec: BlockDuration controls the size of TSDB blocks produced by Prometheus. The default value is 2h to match the upstream Prometheus defaults. - WARNING: Changing the block duration can impact the performance and efficiency of the entire Prometheus/Thanos stack due to how it interacts with memory and Thanos compactors. It is recommended to keep this value @@ -36468,14 +41221,12 @@ spec: When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP's address for the gRPC endpoints. - It has no effect if `listenLocal` is true. type: boolean grpcServerTlsConfig: description: |- Configures the TLS parameters for the gRPC server providing the StoreAPI. - Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported. properties: ca: @@ -36496,9 +41247,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -36522,9 +41271,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -36556,9 +41303,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -36582,9 +41327,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -36621,9 +41364,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -36633,6 +41374,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -36642,7 +41405,6 @@ spec: When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP's address for the HTTP endpoints. - It has no effect if `listenLocal` is true. type: boolean image: @@ -36651,11 +41413,9 @@ spec: the `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha` fields. - Specifying `spec.thanos.version` is still necessary to ensure the Prometheus Operator knows which version of Thanos is being configured. - If neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined, the operator will use the latest upstream version of Thanos available at the time when the operator was released. @@ -36691,10 +41451,8 @@ spec: description: |- Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage. - More info: https://thanos.io/tip/thanos/storage.md/ - objectStorageConfigFile takes precedence over this field. properties: key: @@ -36708,9 +41466,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -36724,10 +41480,8 @@ spec: description: |- Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage. - More info: https://thanos.io/tip/thanos/storage.md/ - This field takes precedence over objectStorageConfig. type: string readyTimeout: @@ -36745,11 +41499,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -36760,6 +41512,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -36804,13 +41562,10 @@ spec: description: |- Defines the tracing configuration for the Thanos sidecar. - `tracingConfigFile` takes precedence over this field. - More info: https://thanos.io/tip/thanos/tracing.md/ - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -36825,9 +41580,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -36841,13 +41594,10 @@ spec: description: |- Defines the tracing configuration file for the Thanos sidecar. - This field takes precedence over `tracingConfig`. - More info: https://thanos.io/tip/thanos/tracing.md/ - This is an *experimental feature*, it may change in any upcoming release in a breaking way. type: string @@ -36856,7 +41606,6 @@ spec: Version of Thanos being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. - If not specified, the operator assumes the latest upstream release of Thanos available at the time when the version of the operator was released. @@ -36897,10 +41646,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -36908,11 +41655,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -37043,7 +41788,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -37083,7 +41827,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -37101,7 +41844,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -37113,7 +41855,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -37161,7 +41902,6 @@ spec: description: |- TracingConfig configures tracing in Prometheus. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -37226,9 +41966,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -37252,9 +41990,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -37286,9 +42022,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -37312,9 +42046,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -37351,9 +42083,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -37363,6 +42093,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -37372,24 +42124,21 @@ spec: type: object tsdb: description: |- - Defines the runtime reloadable configuration of the timeseries database - (TSDB). + Defines the runtime reloadable configuration of the timeseries database(TSDB). + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. properties: outOfOrderTimeWindow: description: |- Configures how old an out-of-order/out-of-bounds sample can be with respect to the TSDB max time. - An out-of-order/out-of-bounds sample is ingested into the TSDB as long as the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). - This is an *experimental feature*, it may change in any upcoming release in a breaking way. - - It requires Prometheus >= v2.39.0. + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string type: object @@ -37398,7 +42147,6 @@ spec: Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. - If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released. @@ -37407,7 +42155,6 @@ spec: description: |- VolumeMounts allows the configuration of additional VolumeMounts. - VolumeMounts will be appended to other VolumeMounts in the 'prometheus' container, that are generated as a result of StorageSpec objects. items: @@ -37441,10 +42188,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -37452,11 +42197,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -37497,7 +42240,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -37537,6 +42279,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -37549,6 +42292,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -37616,9 +42360,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -37660,9 +42402,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -37734,9 +42474,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap or its @@ -37775,9 +42513,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -37914,7 +42650,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -37925,17 +42660,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -37949,7 +42681,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -37959,11 +42690,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -38166,7 +42895,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -38192,7 +42921,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -38260,9 +42988,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -38296,7 +43022,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -38377,9 +43102,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -38396,6 +43118,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -38416,7 +43173,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -38428,6 +43184,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -38460,9 +43217,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -38579,24 +43334,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -38730,9 +43485,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap @@ -38870,9 +43623,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional field specify whether the @@ -38962,7 +43713,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -38970,6 +43720,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -38984,6 +43735,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -39009,13 +43761,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -39030,6 +43781,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -39061,9 +43813,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -39072,6 +43822,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -39185,9 +43936,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -39239,10 +43988,8 @@ spec: description: |- Configures compression of the write-ahead log (WAL) using Snappy. - WAL compression is enabled by default for Prometheus >= 2.20.0 - Requires Prometheus v2.11.0 and above. type: boolean web: @@ -39331,9 +44078,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -39357,9 +44102,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -39370,6 +44113,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -39396,9 +44144,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -39422,9 +44168,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -39441,6 +44185,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -39449,6 +44198,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -39463,9 +44217,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -39490,9 +44242,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object @@ -39645,8 +44394,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -39664,8 +44413,10 @@ spec: - name: v1 schema: openAPIV3Schema: - description: PrometheusRule defines recording and alerting rules for a Prometheus - instance + description: |- + The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects. + + `Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors. properties: apiVersion: description: |- @@ -39715,6 +44466,14 @@ spec: More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response pattern: ^(?i)(abort|warn)?$ type: string + query_offset: + description: |- + Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. + + It requires Prometheus >= v2.53.0. + It is not supported for ThanosRuler. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string rules: description: List of alerting and recording rules. items: @@ -39785,8 +44544,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -39829,21 +44588,192 @@ spec: description: ScrapeConfigSpec is a specification of the desired configuration for a scrape configuration. properties: - NomadSDConfigs: - description: NomadSDConfigs defines a list of Nomad service discovery + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace that contains + the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + azureSDConfigs: + description: AzureSDConfigs defines a list of Azure service discovery configurations. items: description: |- - NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config + AzureSDConfig allow retrieving scrape targets from Azure VMs. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config + properties: + authenticationMethod: + description: |- + # The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`. + See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview + SDK authentication method uses environment variables by default. + See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication + enum: + - OAuth + - ManagedIdentity + - SDK + type: string + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. + type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + environment: + description: The Azure environment. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + type: integer + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + resourceGroup: + description: Optional resource group name. Limits discovery + to this resource group. + type: string + subscriptionID: + description: The subscription ID. Always required. + minLength: 1 + type: string + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. + type: string + required: + - subscriptionID + type: object + type: array + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. + items: + description: |- + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: allowStale: description: |- - The information to access the Nomad API. It is to be defined - as the Nomad documentation requires. + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. type: boolean authorization: - description: Authorization header to use on every scrape request. + description: Authorization header configuration to authenticate + against the Consul Server. properties: credentials: description: Selects a key of a Secret in the namespace @@ -39860,9 +44790,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -39876,15 +44804,15 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints properties: password: description: |- @@ -39902,9 +44830,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -39930,9 +44856,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -39943,14 +44867,22 @@ spec: type: object x-kubernetes-map-type: atomic type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean namespace: + description: Namespaces are only supported in Consul Enterprise. type: string noProxy: description: |- @@ -39958,13 +44890,17 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: Node metadata key/value pairs to filter nodes for + a given service. + type: object + x-kubernetes-map-type: atomic oauth2: - description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + description: Optional OAuth 2.0 configuration. properties: clientId: description: |- @@ -39985,9 +44921,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -40011,9 +44945,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -40040,9 +44972,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -40059,12 +44989,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -40075,6 +45225,9 @@ spec: - clientSecret - tokenUrl type: object + partition: + description: Admin Partitions are only supported in Consul Enterprise. + type: string proxyConnectHeader: additionalProperties: items: @@ -40091,9 +45244,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -40108,42 +45259,58 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: description: |- - Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function. - Supported units: y, w, d, h, m, s, ms - Examples: `30s`, `1m`, `1h20m15s`, `15d` + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS type: string server: + description: A valid string consisting of a hostname or IP followed + by an optional port number. minLength: 1 type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: atomic tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. type: string + tags: + description: An optional list of tags used to filter nodes for + a given service. Services must contain all tags in the list. + items: + type: string + type: array + x-kubernetes-list-type: atomic tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS Config properties: ca: description: Certificate authority used when verifying server @@ -40163,9 +45330,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -40189,9 +45354,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -40219,9 +45382,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -40245,9 +45406,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -40276,9 +45435,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -40288,81 +45445,35 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object - required: - - server - type: object - type: array - authorization: - description: Authorization header to use on every scrape request. - properties: - credentials: - description: Selects a key of a Secret in the namespace that contains - the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - - "Basic" is not a supported value. - - - Default: "Bearer" - type: string - type: object - azureSDConfigs: - description: AzureSDConfigs defines a list of Azure service discovery - configurations. - items: - description: |- - AzureSDConfig allow retrieving scrape targets from Azure VMs. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config - properties: - authenticationMethod: - description: |- - # The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`. - See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview - SDK authentication method uses environment variables by default. - See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication - enum: - - OAuth - - ManagedIdentity - - SDK - type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. properties: key: description: The key of the secret to select from. Must @@ -40375,9 +45486,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -40387,111 +45496,23 @@ spec: - key type: object x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string required: - - subscriptionID + - server type: object type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: - description: Authorization header configuration to authenticate - against the Consul Server. + description: |- + Authorization header configuration to authenticate against the DigitalOcean API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -40508,9 +45529,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -40524,115 +45543,35 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object - basicAuth: + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: description: |- - BasicAuth information to authenticate against the Consul Server. - More info: https://prometheus.io/docs/operating/configuration/#endpoints + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`. properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: + clientId: description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. - type: string - enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. - type: boolean - followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. - type: boolean - namespace: - description: Namespaces are only supported in Consul Enterprise. - type: string - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - - It requires Prometheus >= v2.43.0. - type: string - nodeMeta: - additionalProperties: - type: string - description: Node metadata key/value pairs to filter nodes for - a given service. - type: object - x-kubernetes-map-type: atomic - oauth2: - description: Optional OAuth 2.0 configuration. - properties: - clientId: - description: |- - `clientId` specifies a key of a Secret or ConfigMap containing the - OAuth2 client's ID. + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. properties: configMap: description: ConfigMap containing data to use for the @@ -40648,9 +45587,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -40674,9 +45611,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -40703,9 +45638,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -40722,12 +45655,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -40738,9 +45891,9 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - type: string + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -40757,9 +45910,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -40774,65 +45925,25 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS - type: string - server: - description: A valid string consisting of a hostname or IP followed - by an optional port number. - minLength: 1 - type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: atomic - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. - type: string - tags: - description: An optional list of tags used to filter nodes for - a given service. Services must contain all tags in the list. - items: - type: string - type: array - x-kubernetes-list-type: atomic tlsConfig: - description: TLS Config + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -40852,9 +45963,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -40878,9 +45987,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -40908,9 +46015,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -40934,9 +46039,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -40965,9 +46068,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -40977,53 +46078,95 @@ spec: - key type: object x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 type: string - name: - default: "" + minVersion: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - server + - names type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. + Authorization header configuration to authenticate against the Docker API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -41041,9 +46184,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -41057,28 +46198,121 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean + filters: + description: Optional filters to limit the discovery process + to a subset of the available resources. + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean + host: + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. + type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- @@ -41104,9 +46338,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -41130,9 +46362,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -41159,9 +46389,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -41178,19 +46406,239 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 - type: string - required: - - clientId + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId - clientSecret - tokenUrl type: object @@ -41213,9 +46661,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -41230,28 +46676,21 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -41275,9 +46714,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -41301,9 +46738,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -41331,9 +46766,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -41357,9 +46790,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -41388,9 +46819,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -41400,70 +46829,47 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - - When set to NS, It requires Prometheus >= 2.49.0. - enum: - - SRV - - A - - AAAA - - MX - - NS - type: string required: - - names + - host type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the Docker API. - Cannot be set at the same time as `oauth2`. + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: credentials: description: Selects a key of a Secret in the namespace @@ -41480,9 +46886,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -41496,15 +46900,13 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: Optional HTTP basic authentication information. properties: password: description: |- @@ -41522,9 +46924,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -41550,9 +46950,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -41567,34 +46965,43 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. + description: |- + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: - description: DockerFilter is the configuration to limit the - discovery process to a subset of available resources. + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. properties: name: + description: Name of the Filter. type: string values: + description: Value to filter on. items: + minLength: 1 type: string + minItems: 1 type: array + x-kubernetes-list-type: set required: - name - values type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ type: string noProxy: description: |- @@ -41602,13 +47009,12 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -41629,9 +47035,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -41655,9 +47059,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -41684,9 +47086,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -41703,12 +47103,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -41720,7 +47340,12 @@ spec: - tokenUrl type: object port: - description: The port to scrape metrics from. + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -41738,9 +47363,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -41755,32 +47378,34 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: The time after which the service discovery data + is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request properties: ca: description: Certificate authority used when verifying server @@ -41800,9 +47425,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -41826,9 +47449,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -41856,9 +47477,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -41882,9 +47501,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -41913,9 +47530,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -41925,289 +47540,126 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - host + - role type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. properties: - authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + accessKey: + description: AccessKey is the AWS API key. properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - - "Basic" is not a supported value. - - - Default: "Bearer" + key: + description: The key of the secret to select from. Must + be a valid secret key. type: string - type: object - basicAuth: - description: Optional HTTP basic authentication information. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: + name: + default: "" description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 type: boolean filters: description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 items: - description: Filter is the configuration to limit the discovery + description: Filter name and value pairs to limit the discovery process to a subset of available resources. properties: name: - description: Name is the key of the field to check against. + description: Name of the Filter. type: string values: - description: Values is the value or set of values to check - for a match. + description: Value to filter on. items: + minLength: 1 type: string minItems: 1 type: array + x-kubernetes-list-type: set required: - name - values type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 type: boolean - host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - oauth2: - description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. - properties: - clientId: - description: |- - `clientId` specifies a key of a Secret or ConfigMap containing the - OAuth2 client's ID. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: |- - `clientSecret` specifies a key of a Secret containing the OAuth2 - client's secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object port: description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. format: int32 maximum: 65535 minimum: 0 @@ -42228,9 +47680,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -42245,41 +47695,60 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic tlsConfig: - description: TLS configuration to use on every scrape request + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 properties: ca: description: Certificate authority used when verifying server @@ -42299,9 +47768,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -42325,9 +47792,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -42355,9 +47820,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -42381,9 +47844,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -42412,9 +47873,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -42424,124 +47883,40 @@ spec: - key type: object x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - required: - - host - - role - type: object - type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. - items: - description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - properties: - accessKey: - description: AccessKey is the AWS API key. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + maxVersion: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - filters: - description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - items: - description: EC2Filter is the configuration for filtering - EC2 instances. - properties: - name: - type: string - values: - items: - type: string - type: array - required: - - name - - values - type: object - type: array - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - region: - description: The AWS region - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. - type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 type: string - name: - default: "" + minVersion: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic type: object type: array enableCompression: description: |- When false, Prometheus will request uncompressed response from the scraped target. - It requires Prometheus >= v2.49.0. - If unset, Prometheus uses true by default. type: boolean eurekaSDConfigs: @@ -42571,9 +47946,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -42587,10 +47960,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -42613,9 +47984,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -42641,9 +48010,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -42667,8 +48034,7 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- @@ -42694,9 +48060,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -42720,9 +48084,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -42749,9 +48111,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -42768,118 +48128,18 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - - It requires Prometheus >= v2.43.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - - It requires Prometheus >= v2.43.0. - type: boolean - proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. - It requires Prometheus >= v2.43.0. - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: Refresh interval to re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -42892,9 +48152,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -42904,14 +48162,323 @@ spec: - key type: object x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: Refresh interval to re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + server: + description: The URL to connect to the Eureka server. + minLength: 1 + type: string + tlsConfig: + description: TLS configuration applying to the target HTTP endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: key: description: The key to select. type: string @@ -42922,9 +48489,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -42948,9 +48513,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -42979,9 +48542,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -42991,6 +48552,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -43019,6 +48602,7 @@ spec: type: string minItems: 1 type: array + x-kubernetes-list-type: set refreshInterval: description: RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files. @@ -43038,12 +48622,10 @@ spec: the public IP address with relabeling. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - The GCE service discovery will load the Google Cloud credentials from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - A pre-requisite for using GCESDConfig is that a Secret containing valid Google Cloud credentials is mounted into the Prometheus or PrometheusAgent pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS @@ -43112,9 +48694,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -43128,10 +48708,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -43156,9 +48734,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -43184,9 +48760,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -43210,8 +48784,7 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- @@ -43237,9 +48810,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -43263,9 +48834,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -43292,9 +48861,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -43311,12 +48878,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -43346,9 +49133,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -43363,24 +49148,17 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: @@ -43416,9 +49194,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -43442,9 +49218,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -43472,9 +49246,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -43498,9 +49270,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -43529,9 +49299,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -43541,6 +49309,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -43566,8 +49356,9 @@ spec: See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -43584,9 +49375,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -43600,10 +49389,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -43611,6 +49398,7 @@ spec: description: |- BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -43628,9 +49416,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -43656,9 +49442,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -43669,16 +49453,350 @@ spec: type: object x-kubernetes-map-type: atomic type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - proxyConnectHeader: + oauth2: + description: |- + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: additionalProperties: items: description: SecretKeySelector selects a key of a Secret. @@ -43694,9 +49812,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -43711,24 +49827,17 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: @@ -43758,9 +49867,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -43784,9 +49891,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -43814,9 +49919,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -43840,9 +49943,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -43871,9 +49972,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -43883,6 +49982,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -43896,59 +50017,17 @@ spec: - url type: object type: array - jobName: - description: |- - The value of the `job` label assigned to the scraped metrics by default. - - - The `job_name` field in the rendered scrape configuration is always controlled by the - operator to prevent duplicate job names, which Prometheus does not allow. Instead the - `job` label is set by means of relabeling configs. - minLength: 1 - type: string - keepDroppedTargets: - description: |- - Per-scrape limit on the number of targets dropped by relabeling - that will be kept in memory. 0 means no limit. - - - It requires Prometheus >= v2.47.0. - format: int64 - type: integer - kubernetesSDConfigs: - description: KubernetesSDConfigs defines a list of Kubernetes service - discovery configurations. + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery + configurations. items: description: |- - KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: - apiServer: - description: |- - The API server address consisting of a hostname or IP address followed - by an optional port number. - If left empty, Prometheus is assumed to run inside - of the cluster. It will discover API servers automatically and use the pod's - CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. - type: string - attachMetadata: - description: |- - Optional metadata to attach to discovered targets. - It requires Prometheus >= v2.35.0 for `pod` role and - Prometheus >= v2.37.0 for `endpoints` and `endpointslice` roles. - properties: - node: - description: |- - Attaches node metadata to discovered targets. - When set to true, Prometheus must have the `get` permission on the - `Nodes` objects. - Only valid for Pod, Endpoint and Endpointslice roles. - type: boolean - type: object authorization: - description: |- - Authorization header to use on every scrape request. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -43965,9 +50044,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -43981,50 +50058,40 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object - basicAuth: + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string + enableHTTP2: + description: Configure whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. + type: boolean + noProxy: description: |- - BasicAuth information to use on every scrape request. - Cannot be set at the same time as `authorization`, or `oauth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: Port to scrape the metrics from. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -44037,9 +50104,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -44049,48 +50114,35 @@ spec: - key type: object x-kubernetes-map-type: atomic - type: object - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. - type: boolean - namespaces: - description: Optional namespace discovery. If omitted, Prometheus - discovers targets across all namespaces. - properties: - names: - description: |- - List of namespaces where to watch for resources. - If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces. - items: - type: string - type: array - ownNamespace: - description: Includes the namespace in which the Prometheus - pod exists to the list of watched namesapces. - type: boolean - type: object - noProxy: + type: array description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ type: string - oauth2: - description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + refreshInterval: + description: Refresh interval to re-read the list of resources. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: TLS configuration to use when connecting to the + IONOS API. properties: - clientId: - description: |- - `clientId` specifies a key of a Secret or ConfigMap containing the - OAuth2 client's ID. + ca: + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -44106,9 +50158,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -44132,9 +50182,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -44145,221 +50193,8 @@ spec: type: object x-kubernetes-map-type: atomic type: object - clientSecret: - description: |- - `clientSecret` specifies a key of a Secret containing the OAuth2 - client's secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - - It requires Prometheus >= v2.43.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - - It requires Prometheus >= v2.43.0. - type: boolean - proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. - pattern: ^http(s)?://.+$ - type: string - role: - description: Role of the Kubernetes entities that should be - discovered. - enum: - - Node - - node - - Service - - service - - Pod - - pod - - Endpoints - - endpoints - - EndpointSlice - - endpointslice - - Ingress - - ingress - type: string - selectors: - description: Selector to select objects. - items: - description: K8SSelectorConfig is Kubernetes Selector Config - properties: - field: - type: string - label: - type: string - role: - description: Role is role of the service in Kubernetes. - enum: - - Node - - node - - Service - - service - - Pod - - pod - - Endpoints - - endpoints - - EndpointSlice - - endpointslice - - Ingress - - ingress - type: string - required: - - role - type: object - type: array - x-kubernetes-list-map-keys: - - role - x-kubernetes-list-type: map - tlsConfig: - description: TLS configuration to use on every scrape request. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. + cert: + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -44375,9 +50210,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -44401,9 +50234,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -44432,9 +50263,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -44444,24 +50273,89 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - - role + - authorization + - datacenterID type: object type: array - kumaSDConfigs: - description: KumaSDConfigs defines a list of Kuma service discovery - configurations. + jobName: + description: |- + The value of the `job` label assigned to the scraped metrics by default. + + The `job_name` field in the rendered scrape configuration is always controlled by the + operator to prevent duplicate job names, which Prometheus does not allow. Instead the + `job` label is set by means of relabeling configs. + minLength: 1 + type: string + keepDroppedTargets: + description: |- + Per-scrape limit on the number of targets dropped by relabeling + that will be kept in memory. 0 means no limit. + + It requires Prometheus >= v2.47.0. + format: int64 + type: integer + kubernetesSDConfigs: + description: KubernetesSDConfigs defines a list of Kubernetes service + discovery configurations. items: description: |- - KumaSDConfig allow retrieving scrape targets from Kuma's control plane. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config + KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config properties: + apiServer: + description: |- + The API server address consisting of a hostname or IP address followed + by an optional port number. + If left empty, Prometheus is assumed to run inside + of the cluster. It will discover API servers automatically and use the pod's + CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + minLength: 1 + type: string + attachMetadata: + description: |- + Optional metadata to attach to discovered targets. + It requires Prometheus >= v2.35.0 when using the `Pod` role and + Prometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles. + properties: + node: + description: |- + Attaches node metadata to discovered targets. + When set to true, Prometheus must have the `get` permission on the + `Nodes` objects. + Only valid for Pod, Endpoint and Endpointslice roles. + type: boolean + type: object authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header to use on every scrape request. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -44478,9 +50372,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -44494,15 +50386,15 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request. + Cannot be set at the same time as `authorization`, or `oauth2`. properties: password: description: |- @@ -44520,9 +50412,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -44548,9 +50438,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -44561,30 +50449,37 @@ spec: type: object x-kubernetes-map-type: atomic type: object - clientID: - description: Client id is used by Kuma Control Plane to compute - Monitoring Assignment for specific Prometheus backend. - type: string enableHTTP2: description: Whether to enable HTTP2. type: boolean - fetchTimeout: - description: The time after which the monitoring assignments - are refreshed. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean + namespaces: + description: Optional namespace discovery. If omitted, Prometheus + discovers targets across all namespaces. + properties: + names: + description: |- + List of namespaces where to watch for resources. + If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces. + items: + type: string + type: array + x-kubernetes-list-type: set + ownNamespace: + description: Includes the namespace in which the Prometheus + pod runs to the list of watched namespaces. + type: boolean + type: object noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- @@ -44610,9 +50505,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -44636,9 +50529,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -44665,9 +50556,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -44684,12 +50573,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -44716,9 +50825,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -44733,36 +50840,72 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string - refreshInterval: - description: The time to wait between polling update requests. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - server: - description: Address of the Kuma Control Plane's MADS xDS server. - minLength: 1 + role: + description: |- + Role of the Kubernetes entities that should be discovered. + Role `Endpointslice` requires Prometheus >= v2.21.0 + enum: + - Pod + - Endpoints + - Ingress + - Service + - Node + - EndpointSlice type: string + selectors: + description: |- + Selector to select objects. + It requires Prometheus >= v2.17.0 + items: + description: K8SSelectorConfig is Kubernetes Selector Config + properties: + field: + description: |- + An optional field selector to limit the service discovery to resources which have fields with specific values. + e.g: `metadata.name=foobar` + minLength: 1 + type: string + label: + description: |- + An optional label selector to limit the service discovery to resources with specific labels and label values. + e.g: `node.kubernetes.io/instance-type=master` + minLength: 1 + type: string + role: + description: |- + Role specifies the type of Kubernetes resource to limit the service discovery to. + Accepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress. + enum: + - Pod + - Endpoints + - Ingress + - Service + - Node + - EndpointSlice + type: string + required: + - role + type: object + type: array + x-kubernetes-list-map-keys: + - role + x-kubernetes-list-type: map tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration to connect to the Kubernetes + API. properties: ca: description: Certificate authority used when verifying server @@ -44782,9 +50925,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -44808,9 +50949,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -44838,9 +50977,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -44864,9 +51001,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -44895,9 +51030,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -44907,71 +51040,46 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - - server + - role type: object type: array - labelLimit: - description: |- - Per-scrape limit on number of labels that will be accepted for a sample. - Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - labelNameLengthLimit: - description: |- - Per-scrape limit on length of labels name that will be accepted for a sample. - Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - labelValueLengthLimit: - description: |- - Per-scrape limit on length of labels value that will be accepted for a sample. - Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - lightSailSDConfigs: - description: LightsailSDConfigs defines a list of Lightsail service - discovery configurations. + kumaSDConfigs: + description: KumaSDConfigs defines a list of Kuma service discovery + configurations. items: description: |- - LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config - TODO: Need to document that we will not be supporting the `_file` fields. + KumaSDConfig allow retrieving scrape targets from Kuma's control plane. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic authorization: - description: |- - Optional `authorization` HTTP header configuration. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + description: Authorization header to use on every scrape request. properties: credentials: description: Selects a key of a Secret in the namespace @@ -44988,9 +51096,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -45004,17 +51110,13 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: |- - Optional HTTP basic authentication information. - Cannot be set at the same time as `authorization`, or `oauth2`. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -45032,9 +51134,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -45060,9 +51160,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -45073,16 +51171,21 @@ spec: type: object x-kubernetes-map-type: atomic type: object + clientID: + description: Client id is used by Kuma Control Plane to compute + Monitoring Assignment for specific Prometheus backend. + type: string enableHTTP2: - description: Configure whether to enable HTTP2. + description: Whether to enable HTTP2. type: boolean - endpoint: - description: Custom endpoint to be used. - minLength: 1 + fetchTimeout: + description: The time after which the monitoring assignments + are refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean noProxy: description: |- @@ -45090,13 +51193,12 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -45117,9 +51219,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -45143,9 +51243,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -45172,9 +51270,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -45191,12 +51287,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -45207,14 +51523,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: |- - Port to scrape the metrics from. - If using the public IP address, this must instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer proxyConnectHeader: additionalProperties: items: @@ -45231,9 +51539,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -45248,65 +51554,29 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the list of instances. + description: The time to wait between polling update requests. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. + server: + description: Address of the Kuma Control Plane's MADS xDS server. minLength: 1 type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. - type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: TLS configuration to connect to the Puppet DB. + description: TLS configuration to use on every scrape request properties: ca: description: Certificate authority used when verifying server @@ -45326,9 +51596,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -45352,9 +51620,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -45382,9 +51648,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -45408,9 +51672,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -45439,9 +51701,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -45451,22 +51711,90 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - linodeSDConfigs: - description: LinodeSDConfigs defines a list of Linode service discovery - configurations. + labelLimit: + description: |- + Per-scrape limit on number of labels that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: |- + Per-scrape limit on length of labels name that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: |- + Per-scrape limit on length of labels value that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + lightSailSDConfigs: + description: LightsailSDConfigs defines a list of Lightsail service + discovery configurations. items: description: |- - LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config + LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic authorization: - description: Authorization header configuration. + description: |- + Optional `authorization` HTTP header configuration. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -45483,9 +51811,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -45499,19 +51825,79 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional HTTP basic authentication information. + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean + endpoint: + description: Custom endpoint to be used. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -45519,13 +51905,12 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -45546,9 +51931,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -45572,9 +51955,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -45601,9 +51982,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -45620,48 +51999,268 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - port: - description: Default port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + Port to scrape the metrics from. + If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string optional: description: Specify whether the Secret or its key must be defined @@ -45675,41 +52274,56 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the linode instances are refreshed. + description: Refresh interval to re-read the list of instances. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string region: - description: Optional region to filter on. + description: The AWS region. minLength: 1 type: string - tagSeparator: - description: The string by which Linode Instance tags are joined - into the tag label. - minLength: 1 + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Puppet DB. properties: ca: description: Certificate authority used when verifying server @@ -45729,9 +52343,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -45755,9 +52367,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -45785,9 +52395,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -45811,9 +52419,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -45842,9 +52448,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -45854,118 +52458,1762 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object type: object type: array - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. + linodeSDConfigs: + description: LinodeSDConfigs defines a list of Linode service discovery + configurations. items: description: |- - RelabelConfig allows dynamic rewriting of the label set for targets, alerts, - scraped samples and remote write samples. - - - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config properties: - action: - default: replace - description: |- - Action to perform based on the regex matching. - - - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - - - Default: "Replace" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: |- - Modulus to take of the hash of the source label values. + authorization: + description: Authorization header configuration. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + "Basic" is not a supported value. - Only applicable when the action is `HashMod`. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. - type: string - replacement: + Default: "Bearer" + type: string + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: description: |- - Replacement value against which a Replace action is performed if the - regular expression matches. - + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. - Regex capture groups are available. - type: string - separator: - description: Separator is the string between concatenated SourceLabels. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - sourceLabels: - description: |- - The source labels select values from existing labels. Their content is - concatenated using the configured Separator and matched against the - configured regular expression. - items: - description: |- - LabelName is a valid Prometheus label name which may only contain ASCII - letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: + oauth2: description: |- - Label to which the resulting string is written in a replacement. - - - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. - + Optional OAuth 2.0 configuration. + Cannot be used at the same time as `authorization`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. - Regex capture groups are available. - type: string - type: object - type: array - metricsPath: - description: MetricsPath HTTP path to scrape for metrics. If empty, - Prometheus uses the default value (e.g. /metrics). - type: string - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - It requires Prometheus >= v2.43.0. - type: string + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: Default port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: Time after which the linode instances are refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: Optional region to filter on. + minLength: 1 + type: string + tagSeparator: + description: The string by which Linode Instance tags are joined + into the tag label. + minLength: 1 + type: string + tlsConfig: + description: TLS configuration applying to the target HTTP endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + Action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + Modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: |- + Replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: Separator is the string between concatenated SourceLabels. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: |- + Label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + minItems: 1 + type: array + metricsPath: + description: MetricsPath HTTP path to scrape for metrics. If empty, + Prometheus uses the default value (e.g. /metrics). + minLength: 1 + type: string + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + nomadSDConfigs: + description: NomadSDConfigs defines a list of Nomad service discovery + configurations. + items: + description: |- + NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config + properties: + allowStale: + description: |- + The information to access the Nomad API. It is to be defined + as the Nomad documentation requires. + type: boolean + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + namespace: + type: string + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: |- + Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function. + Supported units: y, w, d, h, m, s, ms + Examples: `30s`, `1m`, `1h20m15s`, `15d` + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + type: string + server: + minLength: 1 + type: string + tagSeparator: + type: string + tlsConfig: + description: TLS configuration applying to the target HTTP endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - server + type: object + type: array + oauth2: + description: OAuth2 configuration to use on every scrape request. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for the + token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the token + from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object openstackSDConfigs: description: OpenStackSDConfigs defines a list of OpenStack service discovery configurations. @@ -46005,9 +54253,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -46056,9 +54302,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -46120,9 +54364,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -46146,9 +54388,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -46176,9 +54416,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -46202,9 +54440,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -46233,9 +54469,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -46245,6 +54479,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -46290,9 +54546,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -46316,9 +54570,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -46378,9 +54630,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -46395,24 +54645,17 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string puppetDBSDConfigs: @@ -46443,9 +54686,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -46459,10 +54700,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -46487,9 +54726,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -46515,9 +54752,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -46547,8 +54782,7 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- @@ -46574,9 +54808,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -46600,9 +54832,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -46629,9 +54859,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -46648,12 +54876,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -46686,9 +55134,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -46703,24 +55149,17 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string query: @@ -46754,9 +55193,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -46780,9 +55217,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -46810,9 +55245,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -46836,9 +55269,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -46867,9 +55298,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -46879,6 +55308,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -46904,7 +55355,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -46912,11 +55362,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -46946,7 +55394,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -46959,7 +55406,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -46981,20 +55427,328 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object + minItems: 1 type: array sampleLimit: description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. format: int64 type: integer + scalewaySDConfigs: + description: ScalewaySDConfigs defines a list of Scaleway instances + and baremetal service discovery configurations. + items: + description: |- + ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config + properties: + accessKey: + description: Access key to use. https://console.scaleway.com/project/credentials + minLength: 1 + type: string + apiURL: + description: API URL to use when doing the server listing requests. + pattern: ^http(s)?://.+$ + type: string + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + nameFilter: + description: NameFilter specify a name filter (works as a LIKE) + to apply on the server listing request. + minLength: 1 + type: string + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + projectID: + description: Project ID of the targets. + minLength: 1 + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: Refresh interval to re-read the list of instances. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Service of the targets to retrieve. Must be `Instance` + or `Baremetal`. + enum: + - Instance + - Baremetal + type: string + secretKey: + description: Secret key to use when listing targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tagsFilter: + description: TagsFilter specify a tag filter (a server needs + to have all defined tags to be listed) to apply on the server + listing request. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + zone: + description: Zone is the availability zone of your targets (e.g. + fr-par-1). + minLength: 1 + type: string + required: + - accessKey + - projectID + - role + - secretKey + type: object + type: array scheme: description: |- Configures the protocol scheme used for requests. @@ -47007,6 +55761,11 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeInterval: description: ScrapeInterval is the interval between consecutive scrapes. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ @@ -47016,10 +55775,8 @@ spec: The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -47035,6 +55792,7 @@ spec: - OpenMetricsText1.0.0 - PrometheusText0.0.4 type: string + minItems: 1 type: array x-kubernetes-list-type: set scrapeTimeout: @@ -47060,10 +55818,15 @@ spec: targets: description: List of targets for this static configuration. items: - description: Target represents a target for Prometheus to - scrape + description: |- + Target represents a target for Prometheus to scrape + kubebuilder:validation:MinLength:=1 type: string + minItems: 1 type: array + x-kubernetes-list-type: set + required: + - targets type: object type: array targetLimit: @@ -47091,9 +55854,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -47117,9 +55878,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -47146,9 +55905,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -47172,9 +55929,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -47202,9 +55957,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -47214,6 +55967,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -47237,8 +56012,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47256,7 +56031,15 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ServiceMonitor defines monitoring for a set of services. + description: |- + The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services. + Among other things, it allows to specify: + * The services to scrape via label selectors. + * The container ports to scrape. + * Authentication credentials to use. + * Target and metric relabeling. + + `Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors. properties: apiVersion: description: |- @@ -47285,13 +56068,15 @@ spec: `attachMetadata` defines additional metadata which is added to the discovered targets. - It requires Prometheus >= v2.37.0. properties: node: description: |- - When set to true, Prometheus must have the `get` permission on the - `Nodes` objects. + When set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. type: boolean type: object bodySizeLimit: @@ -47299,12 +56084,14 @@ spec: When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus. - It requires Prometheus >= v2.28.0. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string endpoints: - description: List of endpoints part of this ServiceMonitor. + description: |- + List of endpoints part of this ServiceMonitor. + Defines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects. + In most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels. items: description: |- Endpoint defines an endpoint serving Prometheus metrics to be scraped by @@ -47315,7 +56102,6 @@ spec: `authorization` configures the Authorization header credentials to use when scraping the target. - Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: @@ -47333,9 +56119,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -47349,10 +56133,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -47361,7 +56143,6 @@ spec: `basicAuth` configures the Basic Authentication credentials to use when scraping the target. - Cannot be set at the same time as `authorization`, or `oauth2`. properties: password: @@ -47380,9 +56161,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -47408,9 +56187,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -47425,7 +56202,6 @@ spec: description: |- File to read bearer token for scraping the target. - Deprecated: use `authorization` instead. type: string bearerTokenSecret: @@ -47434,7 +56210,6 @@ spec: token for scraping targets. The secret needs to be in the same namespace as the ServiceMonitor object and readable by the Prometheus Operator. - Deprecated: use `authorization` instead. properties: key: @@ -47448,9 +56223,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -47469,10 +56242,8 @@ spec: When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. - If unset, the filtering is enabled. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase type: boolean followRedirects: @@ -47494,7 +56265,6 @@ spec: description: |- Interval at which Prometheus scrapes the metrics from the target. - If empty, Prometheus uses the global scrape interval. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -47507,7 +56277,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -47515,11 +56284,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -47549,7 +56316,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -47562,7 +56328,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -47585,11 +56350,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -47598,10 +56361,8 @@ spec: description: |- `oauth2` configures the OAuth2 settings to use when scraping the target. - It requires Prometheus >= 2.27.0. - Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: @@ -47623,9 +56384,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -47649,9 +56408,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -47678,9 +56435,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -47697,12 +56452,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -47724,14 +56699,12 @@ spec: description: |- HTTP path from which to scrape for metrics. - If empty, Prometheus uses the default value (e.g. `/metrics`). type: string port: description: |- Name of the Service port which this endpoint refers to. - It takes precedence over `targetPort`. type: string proxyUrl: @@ -47744,20 +56717,16 @@ spec: `relabelings` configures the relabeling rules to apply the target's metadata labels. - The Operator automatically adds relabelings for a few standard Kubernetes fields. - The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -47765,11 +56734,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -47799,7 +56766,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -47812,7 +56778,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -47835,11 +56800,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -47848,11 +56811,9 @@ spec: description: |- HTTP scheme to use for scraping. - `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. - If empty, Prometheus uses the default value `http`. enum: - http @@ -47862,7 +56823,6 @@ spec: description: |- Timeout after which Prometheus considers the scrape to be failed. - If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ @@ -47896,9 +56856,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -47922,9 +56880,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -47956,9 +56912,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -47982,9 +56936,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -48021,9 +56973,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -48033,6 +56983,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -48043,7 +57015,6 @@ spec: the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. - It requires Prometheus >= v2.48.0. type: boolean type: object @@ -48053,12 +57024,10 @@ spec: `jobLabel` selects the label from the associated Kubernetes `Service` object which will be used as the `job` label for all metrics. - For example if `jobLabel` is set to `foo` and the Kubernetes `Service` object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` label to all ingested metrics. - If the value of this field is empty or if the label doesn't exist for the given Service, the `job` label of the metrics defaults to the name of the associated Kubernetes `Service`. @@ -48068,7 +57037,6 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. format: int64 type: integer @@ -48076,7 +57044,6 @@ spec: description: |- Per-scrape limit on number of labels that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer @@ -48084,7 +57051,6 @@ spec: description: |- Per-scrape limit on length of labels name that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer @@ -48092,14 +57058,13 @@ spec: description: |- Per-scrape limit on length of labels value that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer namespaceSelector: description: |- - Selector to select which namespaces the Kubernetes `Endpoints` objects - are discovered from. + `namespaceSelector` defines in which namespace(s) Prometheus should discover the services. + By default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces. properties: any: description: |- @@ -48112,6 +57077,23 @@ spec: type: string type: array type: object + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true podTargetLabels: description: |- `podTargetLabels` defines the labels which are transferred from the @@ -48129,15 +57111,18 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -48156,7 +57141,8 @@ spec: type: array x-kubernetes-list-type: set selector: - description: Label selector to select the Kubernetes `Endpoints` objects. + description: Label selector to select the Kubernetes `Endpoints` objects + to scrape metrics from. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -48228,8 +57214,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -48274,7 +57260,12 @@ spec: name: v1 schema: openAPIV3Schema: - description: ThanosRuler defines a ThanosRuler deployment. + description: |- + The `ThanosRuler` custom resource definition (CRD) defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster. + + A `ThanosRuler` instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services). + + The resource defines via label and namespace selectors which `PrometheusRule` objects should be associated to the deployed Thanos Ruler instances. properties: apiVersion: description: |- @@ -48607,7 +57598,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -48622,7 +57613,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -48788,7 +57779,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -48803,7 +57794,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -48966,7 +57957,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -48981,7 +57972,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -49147,7 +58138,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -49162,7 +58153,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -49279,9 +58270,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -49306,9 +58295,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -49408,9 +58395,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -49476,9 +58461,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -49518,9 +58501,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -49542,9 +58523,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -49829,11 +58808,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -50041,11 +59020,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -50193,11 +59172,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -50208,6 +59185,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -50331,7 +59314,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -50413,7 +59396,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -50494,11 +59476,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -50712,10 +59694,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -50723,11 +59703,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -50761,6 +59739,60 @@ spec: - name type: object type: array + dnsConfig: + description: Defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: Name is required and must be unique. + minLength: 1 + type: string + value: + description: Value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: Defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string enforcedNamespaceLabel: description: |- EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert @@ -50842,9 +59874,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -50868,9 +59898,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -50901,9 +59929,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -50927,9 +59953,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -50965,9 +59989,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -50977,6 +59999,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -51034,9 +60078,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -51123,9 +60165,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -51191,9 +60231,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -51233,9 +60271,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -51257,9 +60293,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -51544,222 +60578,222 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - name: - description: |- - Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: |- - List of ports to expose from the container. Not specifying a port here - DOES NOT prevent that port from being exposed. Any port which is - listening on the default "0.0.0.0" address inside a container will be - accessible from the network. - Modifying this array with strategic merge patch may corrupt the data. - For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: |- - Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. type: string @@ -51908,11 +60942,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -51923,6 +60955,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -52046,7 +61084,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -52128,7 +61166,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -52209,11 +61246,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -52427,10 +61464,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -52438,11 +61473,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -52533,9 +61566,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -52558,7 +61589,6 @@ spec: description: |- PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods. - The following items are reserved and cannot be overridden: * "app.kubernetes.io/name" label, set to "thanos-ruler". * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". @@ -52644,9 +61674,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -52676,11 +61704,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -52691,6 +61717,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -52864,12 +61896,10 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -52956,7 +61986,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -52966,18 +61995,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -53087,7 +62126,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -53097,11 +62135,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -53304,7 +62340,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -53560,7 +62596,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -53598,8 +62634,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -53618,12 +62654,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -53643,21 +62679,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -53702,8 +62738,16 @@ spec: status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + PersistentVolumeClaimConditionType defines the condition of PV claim. + Valid values are: + - "Resizing", "FileSystemResizePending" + + If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected: + - "ControllerResizeError", "NodeResizeError" + + If VolumeAttributesClass feature gate is enabled, then following additional values can be expected: + - "ModifyVolumeError", "ModifyingVolume" type: string required: - status @@ -53717,13 +62761,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -53858,7 +62902,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -53898,7 +62941,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -53916,7 +62958,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -53928,7 +62969,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -53976,10 +63016,8 @@ spec: description: |- TracingConfig configures tracing in Thanos. - `tracingConfigFile` takes precedence over this field. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -53994,9 +63032,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -54009,10 +63045,8 @@ spec: description: |- TracingConfig specifies the path of the tracing configuration file. - This field takes precedence over `tracingConfig`. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. type: string @@ -54055,10 +63089,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -54066,11 +63098,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -54110,7 +63140,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -54150,6 +63179,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -54162,6 +63192,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -54229,9 +63260,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -54273,9 +63302,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -54347,9 +63374,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap or its @@ -54388,9 +63413,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -54527,7 +63550,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -54538,17 +63560,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -54562,7 +63581,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -54572,11 +63590,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -54779,7 +63795,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -54805,7 +63821,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -54873,9 +63888,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -54909,7 +63922,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -54990,9 +64002,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -55009,6 +64018,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -55029,7 +64073,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -55041,6 +64084,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -55073,9 +64117,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -55192,24 +64234,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -55343,9 +64385,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap @@ -55483,9 +64523,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional field specify whether the @@ -55575,7 +64613,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -55583,6 +64620,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -55597,6 +64635,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -55622,13 +64661,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -55643,6 +64681,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -55674,9 +64713,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -55685,6 +64722,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -55798,9 +64836,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -55924,9 +64960,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -55950,9 +64984,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -55963,6 +64995,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -55989,9 +65026,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -56015,9 +65050,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -56034,6 +65067,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -56042,6 +65080,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -56056,9 +65099,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -56083,9 +65124,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object @@ -56102,7 +65140,7 @@ spec: format: int32 type: integer conditions: - description: The current state of the Alertmanager object. + description: The current state of the ThanosRuler object. items: description: |- Condition represents the state of the resources associated with the @@ -56187,7 +65225,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io @@ -56204,7 +65242,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator rules: - apiGroups: @@ -56255,7 +65293,6 @@ rules: resources: - services - services/finalizers - - endpoints verbs: - get - create @@ -56297,6 +65334,15 @@ rules: - storageclasses verbs: - get +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - create + - update + - delete --- apiVersion: apps/v1 kind: Deployment @@ -56304,7 +65350,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator namespace: default spec: @@ -56320,17 +65366,19 @@ spec: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 spec: automountServiceAccountToken: true containers: - args: - --kubelet-service=kube-system/kubelet - - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.75.2 + - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.78.2 + - --kubelet-endpoints=true + - --kubelet-endpointslice=false env: - name: GOGC value: "30" - image: quay.io/prometheus-operator/prometheus-operator:v0.75.2 + image: quay.io/prometheus-operator/prometheus-operator:v0.78.2 name: prometheus-operator ports: - containerPort: 8080 @@ -56364,7 +65412,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator namespace: default --- @@ -56374,7 +65422,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator namespace: default spec: diff --git a/cmd/admission-webhook/Dockerfile b/cmd/admission-webhook/Dockerfile index 613dc084ef2..c51474115d1 100644 --- a/cmd/admission-webhook/Dockerfile +++ b/cmd/admission-webhook/Dockerfile @@ -1,8 +1,20 @@ -ARG ARCH="amd64" -ARG OS="linux" +ARG ARCH=amd64 +ARG OS=linux +ARG GOLANG_BUILDER=1.23 +FROM quay.io/prometheus/golang-builder:${GOLANG_BUILDER}-base AS builder +WORKDIR /workspace + +# Copy source files +COPY . . + +# Build +ARG GOARCH +ENV GOARCH=${GOARCH} +RUN make admission-webhook + FROM quay.io/prometheus/busybox-${OS}-${ARCH}:latest -COPY admission-webhook /bin/admission-webhook +COPY --from=builder workspace/admission-webhook /bin/admission-webhook USER nobody diff --git a/cmd/admission-webhook/main.go b/cmd/admission-webhook/main.go index e43ec37be0b..35dcd18786c 100644 --- a/cmd/admission-webhook/main.go +++ b/cmd/admission-webhook/main.go @@ -23,8 +23,6 @@ import ( "os/signal" "syscall" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/collectors" "github.com/prometheus/client_golang/prometheus/collectors/version" @@ -61,7 +59,7 @@ func main() { return } - logger, err := logging.NewLogger(logConfig) + logger, err := logging.NewLoggerSlog(logConfig) if err != nil { stdlog.Fatal(err) } @@ -74,7 +72,7 @@ func main() { wg, ctx := errgroup.WithContext(ctx) mux := http.NewServeMux() - admit := admission.New(log.With(logger, "component", "admissionwebhook")) + admit := admission.New(logger.With("component", "admissionwebhook")) admit.Register(mux) r := prometheus.NewRegistry() @@ -92,7 +90,7 @@ func main() { srv, err := server.NewServer(logger, &serverConfig, mux) if err != nil { - level.Error(logger).Log("msg", "failed to create web server", "err", err) + logger.Error("failed to create web server", "err", err) os.Exit(1) } @@ -105,17 +103,17 @@ func main() { select { case sig := <-term: - level.Info(logger).Log("msg", "Received signal, exiting gracefully...", "signal", sig.String()) + logger.Info("Received signal, exiting gracefully...", "signal", sig.String()) case <-ctx.Done(): } if err := srv.Shutdown(ctx); err != nil { - level.Warn(logger).Log("msg", "Server shutdown error", "err", err) + logger.Warn("Server shutdown error", "err", err) } cancel() if err := wg.Wait(); err != nil { - level.Warn(logger).Log("msg", "Unhandled error received. Exiting...", "err", err) + logger.Warn("Unhandled error received. Exiting...", "err", err) os.Exit(1) } } diff --git a/cmd/operator/main.go b/cmd/operator/main.go index fcaf98e27a6..1566d0c71cc 100644 --- a/cmd/operator/main.go +++ b/cmd/operator/main.go @@ -19,27 +19,31 @@ import ( "flag" "fmt" stdlog "log" + "log/slog" "net/http" "net/http/pprof" "os" "os/signal" "regexp" + "strings" "syscall" - "github.com/go-kit/log" - "github.com/go-kit/log/level" + "github.com/blang/semver/v4" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/collectors" versioncollector "github.com/prometheus/client_golang/prometheus/collectors/version" "github.com/prometheus/client_golang/prometheus/promhttp" "github.com/prometheus/common/version" "golang.org/x/sync/errgroup" + appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" storagev1 "k8s.io/api/storage/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" k8sflag "k8s.io/component-base/cli/flag" + "k8s.io/klog/v2" "k8s.io/utils/ptr" "github.com/prometheus-operator/prometheus-operator/internal/goruntime" @@ -63,7 +67,7 @@ import ( // that the operator has enough permissions to manage the resource. func checkPrerequisites( ctx context.Context, - logger log.Logger, + logger *slog.Logger, kclient kubernetes.Interface, allowedNamespaces []string, groupVersion schema.GroupVersion, @@ -76,7 +80,7 @@ func checkPrerequisites( } if !installed { - level.Warn(logger).Log("msg", fmt.Sprintf("resource %q (group: %q) not installed in the cluster", resource, groupVersion)) + logger.Warn(fmt.Sprintf("resource %q (group: %q) not installed in the cluster", resource, groupVersion)) return false, nil } @@ -87,7 +91,7 @@ func checkPrerequisites( if !allowed { for _, reason := range errs { - level.Warn(logger).Log("msg", fmt.Sprintf("missing permission on resource %q (group: %q)", resource, groupVersion), "reason", reason) + logger.Warn(fmt.Sprintf("missing permission on resource %q (group: %q)", resource, groupVersion), "reason", reason) } return false, nil } @@ -116,9 +120,11 @@ var ( serverConfig = server.DefaultConfig(":8080", false) // Parameters for the kubelet endpoints controller. - kubeletObject string - kubeletSelector operator.LabelSelector - nodeAddressPriority operator.NodeAddressPriority + kubeletObject string + kubeletSelector operator.LabelSelector + nodeAddressPriority operator.NodeAddressPriority + kubeletEndpoints bool + kubeletEndpointSlice bool featureGates = k8sflag.NewMapStringBool(ptr.To(map[string]bool{})) ) @@ -138,6 +144,8 @@ func parseFlags(fs *flag.FlagSet) { fs.StringVar(&kubeletObject, "kubelet-service", "", "Service/Endpoints object to write kubelets into in format \"namespace/name\"") fs.Var(&kubeletSelector, "kubelet-selector", "Label selector to filter nodes.") fs.Var(&nodeAddressPriority, "kubelet-node-address-priority", "Node address priority used by kubelet. Either 'internal' or 'external'. Default: 'internal'.") + fs.BoolVar(&kubeletEndpointSlice, "kubelet-endpointslice", false, "Create EndpointSlice objects for kubelet targets.") + fs.BoolVar(&kubeletEndpoints, "kubelet-endpoints", true, "Create Endpoints objects for kubelet targets.") // The Prometheus config reloader image is released along with the // Prometheus Operator image, tagged with the same semver version. Default to @@ -171,7 +179,8 @@ func parseFlags(fs *flag.FlagSet) { fs.Var(&cfg.PromSelector, "prometheus-instance-selector", "Label selector to filter Prometheus and PrometheusAgent Custom Resources to watch.") fs.Var(&cfg.AlertmanagerSelector, "alertmanager-instance-selector", "Label selector to filter Alertmanager Custom Resources to watch.") fs.Var(&cfg.ThanosRulerSelector, "thanos-ruler-instance-selector", "Label selector to filter ThanosRuler Custom Resources to watch.") - fs.Var(&cfg.SecretListWatchSelector, "secret-field-selector", "Field selector to filter Secrets to watch") + fs.Var(&cfg.SecretListWatchFieldSelector, "secret-field-selector", "Field selector to filter Secrets to watch") + fs.Var(&cfg.SecretListWatchLabelSelector, "secret-label-selector", "Label selector to filter Secrets to watch") fs.Float64Var(&memlimitRatio, "auto-gomemlimit-ratio", defaultMemlimitRatio, "The ratio of reserved GOMEMLIMIT memory to the detected maximum container or system memory. The value should be greater than 0.0 and less than 1.0. Default: 0.0 (disabled).") @@ -192,32 +201,31 @@ func run(fs *flag.FlagSet) int { return 0 } - logger, err := logging.NewLogger(logConfig) + logger, err := logging.NewLoggerSlog(logConfig) if err != nil { stdlog.Fatal(err) } + klog.SetSlogLogger(logger) if err := cfg.Gates.UpdateFeatureGates(*featureGates.Map); err != nil { - level.Error(logger).Log("error", err) + logger.Error("failed to update feature gates", "error", err) return 1 } - level.Info(logger).Log("msg", "Starting Prometheus Operator", "version", version.Info()) - level.Info(logger).Log("build_context", version.BuildContext()) - level.Info(logger).Log("feature_gates", cfg.Gates.String()) + logger.Info("Starting Prometheus Operator", "version", version.Info(), "build_context", version.BuildContext(), "feature_gates", cfg.Gates.String()) goruntime.SetMaxProcs(logger) goruntime.SetMemLimit(logger, memlimitRatio) if len(cfg.Namespaces.AllowList) > 0 && len(cfg.Namespaces.DenyList) > 0 { - level.Error(logger).Log( - "msg", "--namespaces and --deny-namespaces are mutually exclusive, only one should be provided", + logger.Error( + "--namespaces and --deny-namespaces are mutually exclusive, only one should be provided", "namespaces", cfg.Namespaces.AllowList, "deny_namespaces", cfg.Namespaces.DenyList, ) return 1 } cfg.Namespaces.Finalize() - level.Info(logger).Log("msg", "namespaces filtering configuration ", "config", cfg.Namespaces.String()) + logger.Info("namespaces filtering configuration ", "config", cfg.Namespaces.String()) ctx, cancel := context.WithCancel(context.Background()) wg, ctx := errgroup.WithContext(ctx) @@ -232,28 +240,40 @@ func run(fs *flag.FlagSet) int { }) if err != nil { - level.Error(logger).Log("msg", "failed to create Kubernetes client configuration", "err", err) + logger.Error("failed to create Kubernetes client configuration", "err", err) cancel() return 1 } kclient, err := kubernetes.NewForConfig(restConfig) if err != nil { - level.Error(logger).Log("msg", "failed to create Kubernetes client", "err", err) + logger.Error("failed to create Kubernetes client", "err", err) cancel() return 1 } kubernetesVersion, err := kclient.Discovery().ServerVersion() if err != nil { - level.Error(logger).Log("msg", "failed to request Kubernetes server version", "err", err) + logger.Error("failed to request Kubernetes server version", "err", err) cancel() return 1 } - cfg.KubernetesVersion = *kubernetesVersion - level.Info(logger).Log("msg", "connection established", "cluster-version", cfg.KubernetesVersion) - promControllerOptions := make([]prometheuscontroller.ControllerOptions, 0) + cfg.KubernetesVersion, err = semver.ParseTolerant(kubernetesVersion.String()) + if err != nil { + // If the Kubernetes version can't be parsed, assume v1.16.0 since this + // is the minimal requirement for Prometheus Operator. + cfg.KubernetesVersion = semver.MustParse("1.16.0") + logger.Warn("failed to parse Kubernetes version", "version", kubernetesVersion.String(), "err", err) + } + logger.Info("connection established", "kubernetes_version", cfg.KubernetesVersion.String()) + + var ( + alertmanagerControllerOptions = []alertmanagercontroller.ControllerOption{} + promAgentControllerOptions = []prometheusagentcontroller.ControllerOption{} + promControllerOptions = []prometheuscontroller.ControllerOption{} + thanosControllerOptions = []thanoscontroller.ControllerOption{} + ) // Check if we can read the storage classs canReadStorageClass, err := checkPrerequisites( ctx, @@ -270,12 +290,15 @@ func run(fs *flag.FlagSet) int { }, ) if err != nil { - level.Error(logger).Log("msg", "failed to check StorageClass support", "err", err) + logger.Error("failed to check StorageClass support", "err", err) cancel() return 1 } if canReadStorageClass { + alertmanagerControllerOptions = append(alertmanagerControllerOptions, alertmanagercontroller.WithStorageClassValidation()) + promAgentControllerOptions = append(promAgentControllerOptions, prometheusagentcontroller.WithStorageClassValidation()) promControllerOptions = append(promControllerOptions, prometheuscontroller.WithStorageClassValidation()) + thanosControllerOptions = append(thanosControllerOptions, thanoscontroller.WithStorageClassValidation()) } canEmitEvents, reasons, err := k8sutil.IsAllowed(ctx, kclient.AuthorizationV1().SelfSubjectAccessReviews(), nil, @@ -286,17 +309,17 @@ func run(fs *flag.FlagSet) int { Verbs: []string{"create", "patch"}, }) if err != nil { - level.Error(logger).Log("msg", "failed to check Events support", "err", err) + logger.Error("failed to check Events support", "err", err) cancel() return 1 } if !canEmitEvents { for _, reason := range reasons { - level.Warn(logger).Log("msg", "missing permission to emit events", "reason", reason) + logger.Warn("missing permission to emit events", "reason", reason) } } - eventRecorderFactory := operator.NewEventRecorderFactory(canEmitEvents) + cfg.EventRecorderFactory = operator.NewEventRecorderFactory(canEmitEvents) scrapeConfigSupported, err := checkPrerequisites( ctx, @@ -313,12 +336,21 @@ func run(fs *flag.FlagSet) int { }, ) if err != nil { - level.Error(logger).Log("msg", "failed to check ScrapeConfig support", "err", err) + logger.Error("failed to check ScrapeConfig support", "err", err) cancel() return 1 } if scrapeConfigSupported { promControllerOptions = append(promControllerOptions, prometheuscontroller.WithScrapeConfig()) + promAgentControllerOptions = append(promAgentControllerOptions, prometheusagentcontroller.WithScrapeConfig()) + } + + // EndpointSlice v1 became available with Kubernetes v1.21.0. + endpointSliceSupported := cfg.KubernetesVersion.GTE(semver.MustParse("1.21.0")) + logger.Info("Kubernetes API capabilities", "endpointslices", endpointSliceSupported) + if endpointSliceSupported { + promControllerOptions = append(promControllerOptions, prometheuscontroller.WithEndpointSlice()) + promAgentControllerOptions = append(promAgentControllerOptions, prometheusagentcontroller.WithEndpointSlice()) } prometheusSupported, err := checkPrerequisites( @@ -342,16 +374,16 @@ func run(fs *flag.FlagSet) int { }, ) if err != nil { - level.Error(logger).Log("msg", "failed to check Prometheus support", "err", err) + logger.Error("failed to check Prometheus support", "err", err) cancel() return 1 } var po *prometheuscontroller.Operator if prometheusSupported { - po, err = prometheuscontroller.New(ctx, restConfig, cfg, logger, r, eventRecorderFactory, promControllerOptions...) + po, err = prometheuscontroller.New(ctx, restConfig, cfg, logger, r, promControllerOptions...) if err != nil { - level.Error(logger).Log("msg", "instantiating prometheus controller failed", "err", err) + logger.Error("instantiating prometheus controller failed", "err", err) cancel() return 1 } @@ -378,16 +410,42 @@ func run(fs *flag.FlagSet) int { }, ) if err != nil { - level.Error(logger).Log("msg", "failed to check PrometheusAgent support", "err", err) + logger.Error("failed to check PrometheusAgent support", "err", err) cancel() return 1 } + // If Prometheus Agent runs in DaemonSet mode, check if + // the operator has proper RBAC permissions on the DaemonSet resource. + if cfg.Gates.Enabled(operator.PrometheusAgentDaemonSetFeature) { + allowed, errs, err := k8sutil.IsAllowed(ctx, + kclient.AuthorizationV1().SelfSubjectAccessReviews(), + cfg.Namespaces.PrometheusAllowList.Slice(), + k8sutil.ResourceAttribute{ + Group: appsv1.SchemeGroupVersion.Group, + Version: appsv1.SchemeGroupVersion.Version, + Resource: "daemonsets", + Verbs: []string{"get", "list", "watch", "create", "update", "delete"}, + }) + if err != nil { + logger.Error("failed to check permissions on DaemonSet resource", "err", err) + cancel() + return 1 + } + if !allowed { + for _, reason := range errs { + logger.Error("missing permissions to manage Daemonset resource for Prometheus Agent", "reason", reason) + cancel() + return 1 + } + } + } + var pao *prometheusagentcontroller.Operator if prometheusAgentSupported { - pao, err = prometheusagentcontroller.New(ctx, restConfig, cfg, logger, r, scrapeConfigSupported, canReadStorageClass, eventRecorderFactory) + pao, err = prometheusagentcontroller.New(ctx, restConfig, cfg, logger, r, promAgentControllerOptions...) if err != nil { - level.Error(logger).Log("msg", "instantiating prometheus-agent controller failed", "err", err) + logger.Error("instantiating prometheus-agent controller failed", "err", err) cancel() return 1 } @@ -414,16 +472,16 @@ func run(fs *flag.FlagSet) int { }, ) if err != nil { - level.Error(logger).Log("msg", "failed to check Alertmanager support", "err", err) + logger.Error("failed to check Alertmanager support", "err", err) cancel() return 1 } var ao *alertmanagercontroller.Operator if alertmanagerSupported { - ao, err = alertmanagercontroller.New(ctx, restConfig, cfg, logger, r, canReadStorageClass, eventRecorderFactory) + ao, err = alertmanagercontroller.New(ctx, restConfig, cfg, logger, r, alertmanagerControllerOptions...) if err != nil { - level.Error(logger).Log("msg", "instantiating alertmanager controller failed", "err", err) + logger.Error("instantiating alertmanager controller failed", "err", err) cancel() return 1 } @@ -450,16 +508,16 @@ func run(fs *flag.FlagSet) int { }, ) if err != nil { - level.Error(logger).Log("msg", "failed to check ThanosRuler support", "err", err) + logger.Error("failed to check ThanosRuler support", "err", err) cancel() return 1 } var to *thanoscontroller.Operator if thanosRulerSupported { - to, err = thanoscontroller.New(ctx, restConfig, cfg, logger, r, canReadStorageClass, eventRecorderFactory) + to, err = thanoscontroller.New(ctx, restConfig, cfg, logger, r, thanosControllerOptions...) if err != nil { - level.Error(logger).Log("msg", "instantiating thanos controller failed", "err", err) + logger.Error("instantiating thanos controller failed", "err", err) cancel() return 1 } @@ -467,32 +525,71 @@ func run(fs *flag.FlagSet) int { var kec *kubelet.Controller if kubeletObject != "" { + opts := []kubelet.ControllerOption{kubelet.WithNodeAddressPriority(nodeAddressPriority.String())} + + kubeletService := strings.Split(kubeletObject, "/") + if len(kubeletService) != 2 { + logger.Error(fmt.Sprintf("malformatted kubelet object string %q, must be in format \"namespace/name\"", kubeletObject)) + cancel() + return 1 + } + + if kubeletEndpointSlice { + allowed, errs, err := k8sutil.IsAllowed( + ctx, + kclient.AuthorizationV1().SelfSubjectAccessReviews(), + []string{kubeletService[0]}, + k8sutil.ResourceAttribute{ + Group: discoveryv1.SchemeGroupVersion.Group, + Version: discoveryv1.SchemeGroupVersion.Version, + Resource: "endpointslices", + Verbs: []string{"get", "list", "create", "update", "delete"}, + }) + if err != nil { + logger.Error(fmt.Sprintf("failed to check permissions on resource 'endpointslices' (group %q)", discoveryv1.SchemeGroupVersion.Group), "err", err) + cancel() + return 1 + } + + if !allowed { + for _, reason := range errs { + logger.Warn(fmt.Sprintf("missing permission on resource 'endpointslices' (group: %q)", discoveryv1.SchemeGroupVersion.Group), "reason", reason) + } + } else { + opts = append(opts, kubelet.WithEndpointSlice()) + } + } + + if kubeletEndpoints { + opts = append(opts, kubelet.WithEndpoints()) + } + if kec, err = kubelet.New( - log.With(logger, "component", "kubelet_endpoints"), - restConfig, + logger.With("component", "kubelet_endpoints"), + kclient, r, - kubeletObject, + kubeletService[1], + kubeletService[0], kubeletSelector, cfg.Annotations, cfg.Labels, - nodeAddressPriority, + opts..., ); err != nil { - level.Error(logger).Log("msg", "instantiating kubelet endpoints controller failed", "err", err) + logger.Error("instantiating kubelet endpoints controller failed", "err", err) cancel() return 1 } } if po == nil && pao == nil && ao == nil && to == nil && kec == nil { - level.Error(logger).Log("msg", "no controller can be started, check the RBAC permissions of the service account") + logger.Error("no controller can be started, check the RBAC permissions of the service account") cancel() return 1 } // Setup the web server. mux := http.NewServeMux() - - admit := admission.New(log.With(logger, "component", "admissionwebhook")) + admit := admission.New(logger.With("component", "admissionwebhook")) admit.Register(mux) r.MustRegister( @@ -519,7 +616,7 @@ func run(fs *flag.FlagSet) int { srv, err := server.NewServer(logger, &serverConfig, mux) if err != nil { - level.Error(logger).Log("msg", "failed to create web server", "err", err) + logger.Error("failed to create web server", "err", err) cancel() return 1 } @@ -549,17 +646,17 @@ func run(fs *flag.FlagSet) int { select { case <-term: - level.Info(logger).Log("msg", "received SIGTERM, exiting gracefully...") + logger.Info("received SIGTERM, exiting gracefully...") case <-ctx.Done(): } if err := srv.Shutdown(ctx); err != nil { - level.Warn(logger).Log("msg", "server shutdown error", "err", err) + logger.Warn("server shutdown error", "err", err) } cancel() if err := wg.Wait(); err != nil { - level.Warn(logger).Log("msg", "unhandled error received. Exiting...", "err", err) + logger.Warn("unhandled error received. Exiting...", "err", err) return 1 } diff --git a/cmd/po-docgen/compatibility.go b/cmd/po-docgen/compatibility.go index 68691a7d360..8aa9d8ecb42 100644 --- a/cmd/po-docgen/compatibility.go +++ b/cmd/po-docgen/compatibility.go @@ -27,7 +27,7 @@ type compatibilityMatrix struct { func getCompatibilityMatrix() compatibilityMatrix { return compatibilityMatrix{ - PrometheusVersions: operator.PrometheusCompatibilityMatrix, + PrometheusVersions: append(operator.PrometheusCompatibilityMatrix, operator.PrometheusExperimentalVersions...), DefaultPrometheus: operator.DefaultPrometheusVersion, DefaultAlertmanager: operator.DefaultAlertmanagerVersion, DefaultThanos: operator.DefaultThanosVersion, diff --git a/cmd/prometheus-config-reloader/Dockerfile b/cmd/prometheus-config-reloader/Dockerfile index 0e5e367d299..48a79a28293 100644 --- a/cmd/prometheus-config-reloader/Dockerfile +++ b/cmd/prometheus-config-reloader/Dockerfile @@ -1,8 +1,20 @@ -ARG ARCH="amd64" -ARG OS="linux" +ARG ARCH=amd64 +ARG OS=linux +ARG GOLANG_BUILDER=1.23 +FROM quay.io/prometheus/golang-builder:${GOLANG_BUILDER}-base AS builder +WORKDIR /workspace + +# Copy source files +COPY . . + +# Build +ARG GOARCH +ENV GOARCH=${GOARCH} +RUN make prometheus-config-reloader + FROM quay.io/prometheus/busybox-${OS}-${ARCH}:latest -COPY prometheus-config-reloader /bin/prometheus-config-reloader +COPY --from=builder workspace/prometheus-config-reloader /bin/prometheus-config-reloader USER nobody diff --git a/cmd/prometheus-config-reloader/main.go b/cmd/prometheus-config-reloader/main.go index 9d60afde5fe..bddc7c61ff4 100644 --- a/cmd/prometheus-config-reloader/main.go +++ b/cmd/prometheus-config-reloader/main.go @@ -29,7 +29,6 @@ import ( "time" "github.com/alecthomas/kingpin/v2" - "github.com/go-kit/log/level" "github.com/oklog/run" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/collectors" @@ -122,25 +121,32 @@ func main() { os.Exit(0) } - logger, err := logging.NewLogger(logConfig) + logger, err := logging.NewLoggerSlog(logConfig) + if err != nil { + stdlog.Fatal(err) + } + + // We're currently migrating our logging library from go-kit to slog. + // The go-kit logger is being removed in small PRs. For now, we are creating 2 loggers to avoid breaking changes and + // to have a smooth transition. + goKitLogger, err := logging.NewLogger(logConfig) if err != nil { stdlog.Fatal(err) } err = web.Validate(*webConfig) if err != nil { - level.Error(logger).Log("msg", "Unable to validate web configuration file", "err", err) + logger.Error("Unable to validate web configuration file", "err", err) os.Exit(2) } if createStatefulsetOrdinalFrom != nil { if err := createOrdinalEnvvar(*createStatefulsetOrdinalFrom); err != nil { - level.Warn(logger).Log("msg", fmt.Sprintf("Failed setting %s", statefulsetOrdinalEnvvar)) + logger.Warn(fmt.Sprintf("Failed setting %s", statefulsetOrdinalEnvvar)) } } - level.Info(logger).Log("msg", "Starting prometheus-config-reloader", "version", version.Info()) - level.Info(logger).Log("build_context", version.BuildContext()) + logger.Info("Starting prometheus-config-reloader", "version", version.Info(), "build_context", version.BuildContext()) goruntime.SetMaxProcs(logger) goruntime.SetMemLimit(logger, *memlimitRatio) @@ -157,12 +163,13 @@ func main() { { opts := reloader.Options{ - CfgFile: *cfgFile, - CfgOutputFile: *cfgSubstFile, - WatchedDirs: *watchedDir, - DelayInterval: *delayInterval, - WatchInterval: *watchInterval, - RetryInterval: *retryInterval, + CfgFile: *cfgFile, + CfgOutputFile: *cfgSubstFile, + WatchedDirs: *watchedDir, + DelayInterval: *delayInterval, + WatchInterval: *watchInterval, + RetryInterval: *retryInterval, + TolerateEnvVarExpansionErrors: true, } switch *reloadMethod { @@ -175,7 +182,7 @@ func main() { } rel := reloader.New( - logger, + goKitLogger, r, &opts, ) @@ -197,7 +204,7 @@ func main() { srv := &http.Server{} g.Add(func() error { - level.Info(logger).Log("msg", "Starting web server for metrics", "listen", *listenAddress) + logger.Info("Starting web server for metrics", "listen", *listenAddress) return web.ListenAndServe(srv, &web.FlagConfig{ WebListenAddresses: &[]string{*listenAddress}, WebConfigFile: webConfig, @@ -212,7 +219,7 @@ func main() { g.Add(func() error { select { case <-term: - level.Info(logger).Log("msg", "Received SIGTERM, exiting gracefully...") + logger.Info("Received SIGTERM, exiting gracefully...") case <-ctx.Done(): } @@ -220,7 +227,7 @@ func main() { }, func(error) {}) if err := g.Run(); err != nil { - level.Error(logger).Log("msg", "Failed to run", "err", err) + logger.Error("Failed to run", "err", err) os.Exit(1) } } diff --git a/code-of-conduct.md b/code-of-conduct.md index 97b47b0ce22..fcfc273b574 100644 --- a/code-of-conduct.md +++ b/code-of-conduct.md @@ -1,3 +1,15 @@ +--- +weight: 505 +toc: true +title: Code of Conduct +menu: + docs: + parent: community +lead: "" +images: [] +draft: false +--- + ## Community Code of Conduct ### Contributor Code of Conduct @@ -36,5 +48,5 @@ Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting a project maintainer listed in the MAINTAINERS.md file. This Code of Conduct is adapted from the Contributor Covenant -(http://contributor-covenant.org), version 1.2.0, available at -http://contributor-covenant.org/version/1/2/0/ +(https://www.contributor-covenant.org), version 1.2.0, available at +https://www.contributor-covenant.org/version/1/2/0/ diff --git a/example/admission-webhook/deployment.yaml b/example/admission-webhook/deployment.yaml index 785f6b3b2c6..b73d7207ffa 100644 --- a/example/admission-webhook/deployment.yaml +++ b/example/admission-webhook/deployment.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: labels: app.kubernetes.io/name: prometheus-operator-admission-webhook - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator-admission-webhook namespace: default spec: @@ -20,7 +20,7 @@ spec: kubectl.kubernetes.io/default-container: prometheus-operator-admission-webhook labels: app.kubernetes.io/name: prometheus-operator-admission-webhook - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 spec: affinity: podAntiAffinity: @@ -37,7 +37,7 @@ spec: - --web.enable-tls=true - --web.cert-file=/etc/tls/private/tls.crt - --web.key-file=/etc/tls/private/tls.key - image: quay.io/prometheus-operator/admission-webhook:v0.75.2 + image: quay.io/prometheus-operator/admission-webhook:v0.78.2 name: prometheus-operator-admission-webhook ports: - containerPort: 8443 diff --git a/example/admission-webhook/pod-disruption-budget.yaml b/example/admission-webhook/pod-disruption-budget.yaml index d74464f2cc3..43cfbd97d90 100644 --- a/example/admission-webhook/pod-disruption-budget.yaml +++ b/example/admission-webhook/pod-disruption-budget.yaml @@ -3,7 +3,7 @@ kind: PodDisruptionBudget metadata: labels: app.kubernetes.io/name: prometheus-operator-admission-webhook - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator-admission-webhook namespace: default spec: diff --git a/example/admission-webhook/service-account.yaml b/example/admission-webhook/service-account.yaml index 4cc7c8ba074..d34c8c63a9b 100644 --- a/example/admission-webhook/service-account.yaml +++ b/example/admission-webhook/service-account.yaml @@ -4,6 +4,6 @@ kind: ServiceAccount metadata: labels: app.kubernetes.io/name: prometheus-operator-admission-webhook - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator-admission-webhook namespace: default diff --git a/example/admission-webhook/service-monitor.yaml b/example/admission-webhook/service-monitor.yaml index 43d593346bc..2a3830e099b 100644 --- a/example/admission-webhook/service-monitor.yaml +++ b/example/admission-webhook/service-monitor.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: labels: app.kubernetes.io/name: prometheus-operator-admission-webhook - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator-admission-webhook namespace: default spec: @@ -13,4 +13,4 @@ spec: selector: matchLabels: app.kubernetes.io/name: prometheus-operator-admission-webhook - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 diff --git a/example/admission-webhook/service.yaml b/example/admission-webhook/service.yaml index 570fed0cef7..02b9764e1a4 100644 --- a/example/admission-webhook/service.yaml +++ b/example/admission-webhook/service.yaml @@ -3,7 +3,7 @@ kind: Service metadata: labels: app.kubernetes.io/name: prometheus-operator-admission-webhook - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator-admission-webhook namespace: default spec: diff --git a/example/alertmanager-crd-conversion/patch.json b/example/alertmanager-crd-conversion/patch.json index 7bf23a9918f..fdf91f3a156 100644 --- a/example/alertmanager-crd-conversion/patch.json +++ b/example/alertmanager-crd-conversion/patch.json @@ -3,8 +3,8 @@ "kind": "CustomResourceDefinition", "metadata": { "annotations": { - "controller-gen.kubebuilder.io/version": "v0.15.0", - "operator.prometheus.io/version": "0.75.2" + "controller-gen.kubebuilder.io/version": "v0.16.4", + "operator.prometheus.io/version": "0.78.2" }, "name": "alertmanagerconfigs.monitoring.coreos.com" }, diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagerconfigs.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagerconfigs.yaml index ad27b2ad93f..aada216f6cf 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagerconfigs.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagerconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.4 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -44,9 +44,12 @@ spec: type: object spec: description: |- - AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. - By definition, the Alertmanager configuration only applies to alerts for which - the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. + AlertmanagerConfigSpec is a specification of the desired behavior of the + Alertmanager configuration. + By default, the Alertmanager configuration only applies to alerts for which + the `namespace` label is equal to the namespace of the AlertmanagerConfig + resource (see the `.spec.alertmanagerConfigMatcherStrategy` field of the + Alertmanager CRD). properties: inhibitRules: description: |- @@ -211,6 +214,8 @@ spec: type: array type: object type: array + required: + - name type: object type: array receivers: @@ -242,9 +247,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -278,9 +281,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -294,10 +295,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -322,9 +321,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -350,9 +347,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -381,9 +376,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -397,6 +390,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -420,9 +421,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -448,9 +447,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -477,9 +474,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -496,12 +491,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -512,8 +733,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -536,9 +806,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -564,9 +832,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -595,9 +861,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -623,9 +887,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -654,9 +916,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -666,6 +926,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -710,9 +992,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -739,9 +1019,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -818,9 +1096,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -845,9 +1121,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -876,9 +1150,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -903,9 +1175,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -934,9 +1204,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -946,6 +1214,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -988,9 +1278,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1004,10 +1292,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1032,9 +1318,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1060,9 +1344,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1091,9 +1373,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1107,6 +1387,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -1130,9 +1418,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1158,9 +1444,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1187,9 +1471,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1206,12 +1488,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -1222,8 +1730,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -1246,9 +1803,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1274,9 +1829,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1305,9 +1858,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1333,9 +1884,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1364,9 +1913,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1376,6 +1923,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -1410,9 +1979,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1459,9 +2026,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1523,9 +2088,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1539,10 +2102,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1567,9 +2128,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1595,9 +2154,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1626,9 +2183,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1642,6 +2197,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -1665,9 +2228,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1693,9 +2254,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1722,9 +2281,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1741,24 +2298,299 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to + fetch the token from.' + minLength: 1 type: string required: - clientId - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -1781,9 +2613,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1809,9 +2639,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1840,9 +2668,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1868,9 +2694,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1899,9 +2723,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1911,6 +2733,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -2036,9 +2880,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2052,10 +2894,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -2080,9 +2920,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2108,9 +2946,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2139,9 +2975,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -2155,6 +2989,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -2178,9 +3020,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2206,9 +3046,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2235,9 +3073,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2254,12 +3090,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -2270,8 +3332,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -2294,9 +3405,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2322,9 +3431,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2353,9 +3460,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2381,9 +3486,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2412,9 +3515,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2424,6 +3525,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -2485,9 +3608,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2519,9 +3640,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2587,9 +3706,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2603,10 +3720,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -2631,9 +3746,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2659,9 +3772,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2690,9 +3801,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -2706,6 +3815,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -2729,9 +3846,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2757,9 +3872,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2786,9 +3899,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2805,24 +3916,299 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - required: - - clientId - - clientSecret - - tokenUrl + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to + fetch the token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -2845,9 +4231,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2873,9 +4257,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2904,9 +4286,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2932,9 +4312,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2963,9 +4341,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2975,6 +4351,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -3022,9 +4420,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3070,9 +4466,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3163,9 +4557,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3234,9 +4626,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3250,10 +4640,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -3278,9 +4666,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3306,9 +4692,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3337,9 +4721,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -3353,6 +4735,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -3376,9 +4766,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3404,9 +4792,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3433,9 +4819,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3452,12 +4836,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -3468,8 +5078,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -3492,9 +5151,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3520,9 +5177,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3551,9 +5206,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3579,9 +5232,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3610,9 +5261,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3622,6 +5271,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -3700,9 +5371,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3716,10 +5385,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -3744,9 +5411,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3772,9 +5437,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3803,9 +5466,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -3819,6 +5480,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -3842,9 +5511,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3870,9 +5537,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3899,9 +5564,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3918,24 +5581,299 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - required: - - clientId + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to + fetch the token from.' + minLength: 1 + type: string + required: + - clientId - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -3958,9 +5896,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3986,9 +5922,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4017,9 +5951,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4045,9 +5977,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4076,9 +6006,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4088,6 +6016,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -4125,9 +6075,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4165,9 +6113,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4212,7 +6158,6 @@ spec: The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - Either `botToken` or `botTokenFile` is required. properties: key: @@ -4226,9 +6171,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4243,7 +6186,6 @@ spec: File to read the Telegram bot token from. It is mutually exclusive with `botToken`. Either `botToken` or `botTokenFile` is required. - It requires Alertmanager >= v0.26.0. type: string chatID: @@ -4277,9 +6219,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4293,10 +6233,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -4321,9 +6259,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4349,9 +6285,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4380,9 +6314,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4396,6 +6328,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -4419,9 +6359,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4447,9 +6385,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4476,9 +6412,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4495,12 +6429,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -4511,8 +6671,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -4535,9 +6744,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4563,9 +6770,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4594,9 +6799,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4622,9 +6825,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4653,9 +6854,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4665,6 +6864,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -4684,6 +6905,8 @@ spec: sendResolved: description: Whether to notify about resolved alerts. type: boolean + required: + - chatID type: object type: array victoropsConfigs: @@ -4710,9 +6933,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4769,9 +6990,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4785,10 +7004,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -4813,9 +7030,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4841,9 +7056,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4872,9 +7085,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4888,6 +7099,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -4911,9 +7130,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4939,9 +7156,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4968,9 +7183,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4987,24 +7200,299 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - required: + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to + fetch the token from.' + minLength: 1 + type: string + required: - clientId - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -5027,9 +7515,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5055,9 +7541,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5086,9 +7570,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5114,9 +7596,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5145,9 +7625,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5157,6 +7635,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -5222,9 +7722,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5238,10 +7736,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -5266,9 +7762,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5294,9 +7788,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5325,9 +7817,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -5341,6 +7831,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -5364,9 +7862,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5392,9 +7888,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5421,9 +7915,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5440,12 +7932,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5456,8 +8174,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -5480,9 +8247,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5508,9 +8273,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5539,9 +8302,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5567,9 +8328,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5598,9 +8357,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5610,6 +8367,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -5662,9 +8441,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5678,10 +8455,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -5706,9 +8481,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5734,9 +8507,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5765,9 +8536,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -5781,6 +8550,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -5804,9 +8581,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5832,9 +8607,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5861,9 +8634,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5880,12 +8651,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5896,8 +8893,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -5920,9 +8966,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5948,9 +8992,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5979,9 +9021,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6007,9 +9047,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6038,9 +9076,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6050,6 +9086,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -6089,9 +9147,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6129,9 +9185,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6171,9 +9225,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6187,10 +9239,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -6215,9 +9265,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6243,9 +9291,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6274,9 +9320,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -6290,6 +9334,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -6313,9 +9365,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6341,9 +9391,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6370,9 +9418,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6382,31 +9428,306 @@ spec: - key type: object x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to + fetch the token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -6429,9 +9750,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6457,9 +9776,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6488,9 +9805,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6516,9 +9831,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6547,9 +9860,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6559,6 +9870,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -6699,8 +10032,9 @@ spec: schema: openAPIV3Schema: description: |- - AlertmanagerConfig configures the Prometheus Alertmanager, - specifying how alerts should be grouped, inhibited and notified to external systems. + The `AlertmanagerConfig` custom resource definition (CRD) defines how `Alertmanager` objects process Prometheus alerts. It allows to specify alert grouping and routing, notification receivers and inhibition rules. + + `Alertmanager` objects select `AlertmanagerConfig` objects using label and namespace selectors. properties: apiVersion: description: |- @@ -6832,9 +10166,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6868,9 +10200,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6884,10 +10214,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -6912,9 +10240,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6940,9 +10266,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6978,6 +10302,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -7001,9 +10333,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7029,9 +10359,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -7058,9 +10386,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7077,12 +10403,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -7093,8 +10645,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -7117,9 +10718,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7145,9 +10744,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -7176,9 +10773,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7204,9 +10799,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -7235,9 +10828,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7247,6 +10838,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -7262,6 +10875,8 @@ spec: title: description: The template of the message's title. type: string + required: + - apiURL type: object type: array emailConfigs: @@ -7379,9 +10994,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7406,9 +11019,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7437,9 +11048,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7464,9 +11073,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7495,9 +11102,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -7507,6 +11112,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -7549,9 +11176,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7565,10 +11190,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -7593,9 +11216,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7621,9 +11242,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7659,6 +11278,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -7682,9 +11309,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7710,9 +11335,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -7739,9 +11362,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7758,12 +11379,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -7774,8 +11621,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -7798,9 +11694,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7826,9 +11720,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -7857,9 +11749,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7885,9 +11775,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -7916,9 +11804,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7928,6 +11814,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -7962,9 +11870,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8066,9 +11972,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8082,10 +11986,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -8110,9 +12012,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8138,9 +12038,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8176,6 +12074,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -8199,9 +12105,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8227,9 +12131,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8256,9 +12158,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8275,12 +12175,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -8291,8 +12417,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -8315,9 +12490,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8343,9 +12516,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8374,9 +12545,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8402,9 +12571,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8433,9 +12600,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8445,6 +12610,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -8571,9 +12758,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8587,10 +12772,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -8615,9 +12798,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8643,9 +12824,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8681,6 +12860,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -8704,9 +12891,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8732,9 +12917,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8745,10 +12928,286 @@ spec: type: object x-kubernetes-map-type: atomic type: object - clientSecret: - description: |- - `clientSecret` specifies a key of a Secret containing the OAuth2 - client's secret. + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to + fetch the token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. properties: key: description: The key of the secret to select @@ -8761,9 +13220,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8773,31 +13230,30 @@ spec: - key type: object x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -8820,9 +13276,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8848,9 +13302,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8879,9 +13331,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8907,9 +13357,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8938,9 +13386,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8950,6 +13396,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -9095,9 +13563,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9111,10 +13577,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -9139,9 +13603,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9167,9 +13629,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9205,6 +13665,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -9228,9 +13696,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -9256,9 +13722,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -9285,9 +13749,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9304,12 +13766,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -9320,8 +14008,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -9344,9 +14081,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -9372,9 +14107,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -9403,9 +14136,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -9431,9 +14162,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -9462,9 +14191,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9474,6 +14201,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -9706,9 +14455,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9722,10 +14469,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -9750,9 +14495,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9778,9 +14521,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9816,6 +14557,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -9839,9 +14588,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -9867,9 +14614,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -9896,9 +14641,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9915,12 +14658,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -9931,8 +14900,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -9955,9 +14973,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -9983,9 +14999,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -10014,9 +15028,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -10042,9 +15054,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -10073,9 +15083,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -10085,6 +15093,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -10163,9 +15193,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -10179,10 +15207,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -10207,9 +15233,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -10235,9 +15259,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -10273,6 +15295,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -10296,9 +15326,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -10324,9 +15352,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -10353,9 +15379,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -10372,12 +15396,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -10388,8 +15638,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -10412,9 +15711,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -10440,9 +15737,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -10471,9 +15766,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -10499,9 +15792,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -10530,9 +15821,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -10542,6 +15831,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -10579,9 +15890,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -10619,9 +15928,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -10666,7 +15973,6 @@ spec: The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - Either `botToken` or `botTokenFile` is required. properties: key: @@ -10688,7 +15994,6 @@ spec: File to read the Telegram bot token from. It is mutually exclusive with `botToken`. Either `botToken` or `botTokenFile` is required. - It requires Alertmanager >= v0.26.0. type: string chatID: @@ -10722,9 +16027,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -10738,10 +16041,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -10766,9 +16067,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -10794,9 +16093,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -10832,6 +16129,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -10855,9 +16160,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -10883,9 +16186,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -10912,9 +16213,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -10924,31 +16223,306 @@ spec: - key type: object x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to + fetch the token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -10971,9 +16545,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -10999,9 +16571,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -11030,9 +16600,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -11058,9 +16626,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -11089,9 +16655,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -11101,6 +16665,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -11120,6 +16706,8 @@ spec: sendResolved: description: Whether to notify about resolved alerts. type: boolean + required: + - chatID type: object type: array victoropsConfigs: @@ -11196,9 +16784,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -11212,10 +16798,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -11240,9 +16824,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -11268,9 +16850,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -11306,6 +16886,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -11329,9 +16917,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -11357,9 +16943,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -11386,9 +16970,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -11405,12 +16987,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -11421,8 +17229,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -11445,9 +17302,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -11473,9 +17328,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -11504,9 +17357,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -11532,9 +17383,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -11563,9 +17412,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -11575,6 +17422,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -11638,9 +17507,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -11654,10 +17521,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -11682,9 +17547,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -11710,9 +17573,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -11748,6 +17609,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -11771,9 +17640,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -11799,9 +17666,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -11828,9 +17693,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -11847,12 +17710,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -11863,8 +17952,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -11887,9 +18025,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -11915,9 +18051,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -11946,9 +18080,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -11974,9 +18106,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -12005,9 +18135,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -12017,6 +18145,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -12069,9 +18219,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -12085,10 +18233,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -12113,9 +18259,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -12141,9 +18285,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -12179,6 +18321,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -12202,9 +18352,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -12230,9 +18378,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -12259,9 +18405,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -12278,12 +18422,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -12294,8 +18664,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -12318,9 +18737,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -12346,9 +18763,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -12377,9 +18792,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -12405,9 +18818,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -12436,9 +18847,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -12448,6 +18857,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -12551,9 +18982,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -12567,10 +18996,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -12595,9 +19022,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -12623,9 +19048,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -12661,6 +19084,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -12684,9 +19115,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -12712,9 +19141,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -12741,9 +19168,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -12760,12 +19185,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -12776,8 +19427,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -12800,9 +19500,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -12828,9 +19526,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -12859,9 +19555,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -12887,9 +19581,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -12918,9 +19610,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -12930,6 +19620,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -13133,6 +19845,8 @@ spec: type: array type: object type: array + required: + - name type: object type: array type: object diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagers.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagers.yaml index 274d33dafd9..6d17315b1c0 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagers.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.4 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -48,7 +48,12 @@ spec: name: v1 schema: openAPIV3Schema: - description: Alertmanager describes an Alertmanager cluster. + description: |- + The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more. + + For each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode. + + The resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances. properties: apiVersion: description: |- @@ -362,7 +367,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -377,7 +382,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -543,7 +548,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -558,7 +563,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -721,7 +726,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -736,7 +741,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -902,7 +907,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -917,7 +922,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1000,15 +1005,17 @@ spec: type: object alertmanagerConfigMatcherStrategy: description: |- - The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. - In the future more options may be added. + AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects + process incoming alerts. properties: type: default: OnNamespace description: |- - If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules. - `None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig. - Default is `OnNamespace`. + AlertmanagerConfigMatcherStrategyType defines the strategy used by + AlertmanagerConfig objects to match alerts in the routes and inhibition + rules. + + The default value is `OnNamespace`. enum: - OnNamespace - None @@ -1113,10 +1120,8 @@ spec: description: |- alertmanagerConfiguration specifies the configuration of Alertmanager. - If defined, it takes precedence over the `configSecret` field. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -1147,9 +1152,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1163,10 +1166,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1191,9 +1192,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1219,9 +1218,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1250,9 +1247,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1266,6 +1261,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -1289,9 +1292,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1316,9 +1317,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1345,9 +1344,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1364,12 +1361,236 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -1380,8 +1601,51 @@ spec: - clientSecret - tokenUrl type: object - proxyURL: - description: Optional proxy URL. + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a + Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -1404,9 +1668,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1431,9 +1693,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1462,9 +1722,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1489,9 +1747,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1520,9 +1776,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1532,6 +1786,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -1551,9 +1827,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1577,9 +1851,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1613,9 +1885,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1645,9 +1915,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1671,9 +1939,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1746,9 +2012,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -1772,9 +2036,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1835,13 +2097,11 @@ spec: Alertmanager object, which contains the configuration for this Alertmanager instance. If empty, it defaults to `alertmanager-`. - The Alertmanager configuration should be available under the `alertmanager.yaml` key. Additional keys from the original secret are copied to the generated secret and mounted into the `/etc/alertmanager/config` directory in the `alertmanager` container. - If either the secret or the `alertmanager.yaml` key is missing, the operator provisions a minimal Alertmanager configuration with one empty receiver (effectively dropping alert notifications). @@ -1929,9 +2189,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -1997,9 +2255,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -2039,9 +2295,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -2063,9 +2317,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -2350,11 +2602,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2562,11 +2814,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2714,11 +2966,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -2729,6 +2979,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2852,7 +3108,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -2934,7 +3190,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -3015,11 +3270,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -3233,10 +3488,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -3244,11 +3497,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -3282,6 +3533,60 @@ spec: - name type: object type: array + dnsConfig: + description: Defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: Name is required and must be unique. + minLength: 1 + type: string + value: + description: Value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: Defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string enableFeatures: description: |- Enable access to Alertmanager feature flags. By default, no features are enabled. @@ -3289,7 +3594,6 @@ spec: scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. - It requires Alertmanager >= 0.27.0. items: type: string @@ -3362,9 +3666,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -3453,9 +3755,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -3521,9 +3821,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -3563,9 +3861,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -3587,9 +3883,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -3874,11 +4168,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4086,11 +4380,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4238,11 +4532,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -4253,6 +4545,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -4376,7 +4674,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -4458,7 +4756,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -4539,11 +4836,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4757,10 +5054,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -4768,11 +5063,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -4850,7 +5143,6 @@ spec: description: |- PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. - The following items are reserved and cannot be overridden: * "alertmanager" label, set to the name of the Alertmanager instance. * "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance. @@ -4911,11 +5203,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -4926,6 +5216,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -5015,12 +5311,10 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -5107,7 +5401,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -5117,18 +5410,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -5247,7 +5550,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -5257,11 +5559,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -5464,7 +5764,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -5720,7 +6020,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -5758,8 +6058,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -5778,12 +6078,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -5803,21 +6103,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -5862,8 +6162,16 @@ spec: status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + PersistentVolumeClaimConditionType defines the condition of PV claim. + Valid values are: + - "Resizing", "FileSystemResizePending" + + If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected: + - "ControllerResizeError", "NodeResizeError" + + If VolumeAttributesClass feature gate is enabled, then following additional values can be expected: + - "ModifyVolumeError", "ModifyingVolume" type: string required: - status @@ -5877,13 +6185,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -6024,7 +6332,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -6064,7 +6371,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -6082,7 +6388,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -6094,7 +6399,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -6177,10 +6481,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -6188,11 +6490,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -6233,7 +6533,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -6273,6 +6572,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -6285,6 +6585,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -6352,9 +6653,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6396,9 +6695,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6470,9 +6767,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap or its @@ -6511,9 +6806,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6650,7 +6943,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -6661,17 +6953,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -6685,7 +6974,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -6695,11 +6983,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -6902,7 +7188,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -6928,7 +7214,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -6996,9 +7281,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -7032,7 +7315,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -7113,9 +7395,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -7132,6 +7411,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -7152,7 +7466,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -7164,6 +7477,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -7196,9 +7510,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -7315,24 +7627,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -7466,9 +7778,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap @@ -7606,9 +7916,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional field specify whether the @@ -7698,7 +8006,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -7706,6 +8013,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -7720,6 +8028,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -7745,13 +8054,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -7766,6 +8074,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -7797,9 +8106,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -7808,6 +8115,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -7921,9 +8229,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -8059,9 +8365,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -8085,9 +8389,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8098,6 +8400,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -8124,9 +8431,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -8150,9 +8455,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8169,6 +8472,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -8177,6 +8485,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -8191,9 +8504,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -8218,9 +8529,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object @@ -8290,6 +8598,10 @@ spec: object (their labels match the selector). format: int32 type: integer + selector: + description: The selector used to match the pods targeted by this + Alertmanager object. + type: string unavailableReplicas: description: Total number of unavailable pods targeted by this Alertmanager object. @@ -8314,4 +8626,8 @@ spec: served: true storage: true subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas status: {} diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_podmonitors.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_podmonitors.yaml index 75fecd6e63a..9340b2c5d47 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_podmonitors.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_podmonitors.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.4 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21,7 +21,15 @@ spec: - name: v1 schema: openAPIV3Schema: - description: PodMonitor defines monitoring for a set of pods. + description: |- + The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods. + Among other things, it allows to specify: + * The pods to scrape via label selectors. + * The container ports to scrape. + * Authentication credentials to use. + * Target and metric relabeling. + + `Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors. properties: apiVersion: description: |- @@ -49,13 +57,15 @@ spec: `attachMetadata` defines additional metadata which is added to the discovered targets. - - It requires Prometheus >= v2.37.0. + It requires Prometheus >= v2.35.0. properties: node: description: |- - When set to true, Prometheus must have the `get` permission on the - `Nodes` objects. + When set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. type: boolean type: object bodySizeLimit: @@ -63,7 +73,6 @@ spec: When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus. - It requires Prometheus >= v2.28.0. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string @@ -73,12 +82,10 @@ spec: `jobLabel` selects the label from the associated Kubernetes `Pod` object which will be used as the `job` label for all metrics. - For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` label to all ingested metrics. - If the value of this field is empty, the `job` label of the metrics defaults to the namespace and name of the PodMonitor object (e.g. `/`). type: string @@ -87,7 +94,6 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. format: int64 type: integer @@ -95,7 +101,6 @@ spec: description: |- Per-scrape limit on number of labels that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer @@ -103,7 +108,6 @@ spec: description: |- Per-scrape limit on length of labels name that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer @@ -111,14 +115,13 @@ spec: description: |- Per-scrape limit on length of labels value that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer namespaceSelector: description: |- - Selector to select which namespaces the Kubernetes `Pods` objects - are discovered from. + `namespaceSelector` defines in which namespace(s) Prometheus should discover the pods. + By default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces. properties: any: description: |- @@ -131,8 +134,25 @@ spec: type: string type: array type: object + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true podMetricsEndpoints: - description: List of endpoints part of this PodMonitor. + description: Defines how to scrape metrics from the selected pods. items: description: |- PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by @@ -143,7 +163,6 @@ spec: `authorization` configures the Authorization header credentials to use when scraping the target. - Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: @@ -161,9 +180,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -177,10 +194,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -189,7 +204,6 @@ spec: `basicAuth` configures the Basic Authentication credentials to use when scraping the target. - Cannot be set at the same time as `authorization`, or `oauth2`. properties: password: @@ -208,9 +222,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -236,9 +248,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -255,7 +265,6 @@ spec: token for scraping targets. The secret needs to be in the same namespace as the PodMonitor object and readable by the Prometheus Operator. - Deprecated: use `authorization` instead. properties: key: @@ -269,9 +278,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -290,10 +297,8 @@ spec: When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. - If unset, the filtering is enabled. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase type: boolean followRedirects: @@ -315,7 +320,6 @@ spec: description: |- Interval at which Prometheus scrapes the metrics from the target. - If empty, Prometheus uses the global scrape interval. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -328,7 +332,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -336,11 +339,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -370,7 +371,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -383,7 +383,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -406,11 +405,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -419,10 +416,8 @@ spec: description: |- `oauth2` configures the OAuth2 settings to use when scraping the target. - It requires Prometheus >= 2.27.0. - Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: @@ -444,9 +439,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -470,9 +463,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -499,9 +490,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -518,12 +507,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -545,14 +754,12 @@ spec: description: |- HTTP path from which to scrape for metrics. - If empty, Prometheus uses the default value (e.g. `/metrics`). type: string port: description: |- Name of the Pod port which this endpoint refers to. - It takes precedence over `targetPort`. type: string proxyUrl: @@ -565,20 +772,16 @@ spec: `relabelings` configures the relabeling rules to apply the target's metadata labels. - The Operator automatically adds relabelings for a few standard Kubernetes fields. - The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -586,11 +789,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -620,7 +821,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -633,7 +833,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -656,11 +855,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -669,11 +866,9 @@ spec: description: |- HTTP scheme to use for scraping. - `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. - If empty, Prometheus uses the default value `http`. enum: - http @@ -683,7 +878,6 @@ spec: description: |- Timeout after which Prometheus considers the scrape to be failed. - If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ @@ -696,7 +890,6 @@ spec: Name or number of the target port of the `Pod` object behind the Service, the port must be specified with container port property. - Deprecated: use 'port' instead. x-kubernetes-int-or-string: true tlsConfig: @@ -720,9 +913,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -746,9 +937,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -776,9 +965,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -802,9 +989,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -833,9 +1018,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -845,6 +1028,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -855,7 +1060,6 @@ spec: the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. - It requires Prometheus >= v2.48.0. type: boolean type: object @@ -877,15 +1081,18 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -904,7 +1111,8 @@ spec: type: array x-kubernetes-list-type: set selector: - description: Label selector to select the Kubernetes `Pod` objects. + description: Label selector to select the Kubernetes `Pod` objects + to scrape metrics from. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_probes.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_probes.yaml index 22c3256038e..d52ead5fd9b 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_probes.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_probes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.4 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21,7 +21,14 @@ spec: - name: v1 schema: openAPIV3Schema: - description: Probe defines monitoring for a set of static targets or ingresses. + description: |- + The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter). + + The `Probe` resource needs 2 pieces of information: + * The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects. + * The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics. + + `Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors. properties: apiVersion: description: |- @@ -62,9 +69,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -78,10 +83,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -106,9 +109,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -134,9 +135,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -164,9 +163,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -189,7 +186,6 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. format: int64 type: integer @@ -218,7 +214,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -226,11 +221,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -260,7 +253,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -273,7 +265,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -295,11 +286,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -310,6 +299,23 @@ spec: Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml type: string + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true oauth2: description: OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. @@ -332,9 +338,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -358,9 +362,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -387,9 +389,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -406,12 +406,228 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -460,15 +676,18 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -535,7 +754,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -543,11 +761,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -577,7 +793,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -590,7 +805,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -613,11 +827,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -692,7 +904,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -700,11 +911,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -734,7 +943,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -747,7 +955,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -770,11 +977,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -806,9 +1011,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -832,9 +1035,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -861,9 +1062,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -887,9 +1086,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -917,9 +1114,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -929,6 +1124,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml index 9bcd7efa5ab..1665f22dd7f 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.4 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -48,7 +48,10 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: PrometheusAgent defines a Prometheus agent deployment. + description: |- + The `PrometheusAgent` custom resource definition (CRD) defines a desired [Prometheus Agent](https://prometheus.io/blog/2021/11/16/agent/) setup to run in a Kubernetes cluster. + + The CRD is very similar to the `Prometheus` CRD except for features which aren't available in agent mode like rule evaluation, persistent storage and Thanos sidecar. properties: apiVersion: description: |- @@ -76,13 +79,11 @@ spec: description: |- AdditionalArgs allows setting additional arguments for the 'prometheus' container. - It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. - In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. @@ -126,9 +127,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -421,7 +420,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -436,7 +435,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -602,7 +601,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -617,7 +616,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -780,7 +779,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -795,7 +794,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -961,7 +960,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -976,7 +975,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1069,7 +1068,6 @@ spec: description: |- Authorization section for the API server. - Cannot be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`. properties: @@ -1088,9 +1086,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1108,10 +1104,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1119,7 +1113,6 @@ spec: description: |- BasicAuth configuration for the API server. - Cannot be set at the same time as `authorization`, `bearerToken`, or `bearerTokenFile`. properties: @@ -1139,9 +1132,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1167,9 +1158,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1185,17 +1174,14 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File to read bearer token for accessing apiserver. - Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string host: @@ -1224,9 +1210,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1250,9 +1234,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1284,9 +1266,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1310,9 +1290,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1349,9 +1327,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1361,6 +1337,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -1389,7 +1387,6 @@ spec: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn't set, the operator mounts the service account token by default. - **Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. type: boolean @@ -1398,7 +1395,6 @@ spec: BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ @@ -1421,13 +1417,11 @@ spec: container if they share the same name and modifications are done via a strategic merge patch. - The names of containers managed by the operator are: * `prometheus` * `config-reloader` * `thanos-sidecar` - Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. @@ -1504,9 +1498,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -1572,9 +1564,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1614,9 +1604,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -1638,9 +1626,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -1925,11 +1911,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2137,11 +2123,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2289,11 +2275,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -2304,6 +2288,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2427,7 +2417,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -2509,7 +2499,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -2590,11 +2579,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2808,10 +2797,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -2819,11 +2806,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -2857,16 +2842,68 @@ spec: - name type: object type: array + dnsConfig: + description: Defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: Name is required and must be unique. + minLength: 1 + type: string + value: + description: Value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: Defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string enableFeatures: description: |- Enable access to Prometheus feature flags. By default, no features are enabled. - Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. - For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ items: minLength: 1 @@ -2878,14 +2915,12 @@ spec: Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. - WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver - It requires Prometheus >= v2.33.0. type: boolean enforcedBodySizeLimit: @@ -2895,10 +2930,8 @@ spec: Targets responding with a body larger than this many bytes will cause the scrape to fail. - It requires Prometheus >= v2.28.0. - When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`. @@ -2914,10 +2947,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is greater than zero and less than `spec.enforcedKeepDroppedTargets`. - It requires Prometheus >= v2.47.0. - When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply: * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`. @@ -2932,10 +2963,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`. @@ -2950,10 +2979,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is greater than zero and less than `spec.enforcedLabelNameLengthLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`. @@ -2968,10 +2995,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is greater than zero and less than `spec.enforcedLabelValueLengthLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`. @@ -2983,16 +3008,13 @@ spec: description: |- When not empty, a label will be added to: - 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. 2. All metrics generated from recording rules defined in `PrometheusRule` objects. 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. - The label will not added for objects referenced in `spec.excludedFromEnforcement`. - The label's name is this field's value. The label's value is the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object. @@ -3005,11 +3027,9 @@ spec: unless `spec.sampleLimit` is greater than zero and less than `spec.enforcedSampleLimit`. - It is meant to be used by admins to keep the overall number of samples/series under a desired limit. - When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`. @@ -3024,11 +3044,9 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. - It is meant to be used by admins to to keep the overall number of targets under a desired limit. - When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`. @@ -3041,7 +3059,6 @@ spec: List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. - It is only applicable if `spec.enforcedNamespaceLabel` set to true. items: description: ObjectReference references a PodMonitor, ServiceMonitor, @@ -3122,13 +3139,12 @@ spec: description: |- Use the host's network namespace if true. - Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). - When hostNetwork is enabled, this will set the DNS policy to - `ClusterFirstWithHostNet` automatically. + `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set + to a different value). type: boolean ignoreNamespaceSelectors: description: |- @@ -3142,11 +3158,9 @@ spec: Container image name for Prometheus. If specified, it takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. - Specifying `spec.version` is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured. - If neither `spec.image` nor `spec.baseImage` are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released. @@ -3178,9 +3192,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -3196,11 +3208,9 @@ spec: containers if they share the same name and modifications are done via a strategic merge patch. - The names of init container name managed by the operator are: * `init-config-reloader`. - Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. @@ -3277,9 +3287,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -3345,9 +3353,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -3387,9 +3393,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -3411,9 +3415,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -3698,11 +3700,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -3910,11 +3912,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4062,11 +4064,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -4077,6 +4077,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -4200,7 +4206,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -4282,7 +4288,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -4363,11 +4368,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4581,10 +4586,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -4592,11 +4595,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -4635,10 +4636,8 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. format: int64 @@ -4648,7 +4647,6 @@ spec: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. format: int64 @@ -4658,7 +4656,6 @@ spec: Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. format: int64 @@ -4668,7 +4665,6 @@ spec: Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. format: int64 @@ -4708,7 +4704,6 @@ spec: without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) - This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. format: int32 @@ -4718,7 +4713,6 @@ spec: Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). For now this field has no effect. - (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: - StatefulSet @@ -4729,6 +4723,21 @@ spec: type: string description: Defines on which Nodes the Pods are scheduled. type: object + otlp: + description: |- + Settings related to the OTLP receiver feature. + It requires Prometheus >= v2.55.0. + properties: + promoteResourceAttributes: + description: List of OpenTelemetry Attributes that should be promoted + to metric labels, defaults to none. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + type: object overrideHonorLabels: description: |- When true, Prometheus resolves label conflicts by renaming the labels in the scraped data @@ -4775,7 +4784,6 @@ spec: description: |- PodMetadata configures labels and annotations which are propagated to the Prometheus pods. - The following items are reserved and cannot be overridden: * "prometheus" label, set to the name of the Prometheus object. * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. @@ -4868,7 +4876,6 @@ spec: PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -4991,7 +4998,6 @@ spec: Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -5050,7 +5056,6 @@ spec: name. The external label will _not_ be added when the field is set to the empty string (`""`). - Default: "prometheus" type: string reloadStrategy: @@ -5072,10 +5077,8 @@ spec: description: |- Authorization section for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. properties: credentials: @@ -5093,9 +5096,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5113,10 +5114,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -5124,10 +5123,8 @@ spec: description: |- AzureAD for the URL. - It requires Prometheus >= v2.45.0. - Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. properties: cloud: @@ -5154,7 +5151,6 @@ spec: OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity` or `sdk`. - It requires Prometheus >= v2.48.0. properties: clientId: @@ -5179,9 +5175,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5209,7 +5203,6 @@ spec: See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as `oauth` or `managedIdentity`. - It requires Prometheus >= 2.52.0. properties: tenantId: @@ -5224,7 +5217,6 @@ spec: description: |- BasicAuth configuration for the URL. - Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. properties: password: @@ -5243,9 +5235,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5271,9 +5261,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5289,14 +5277,12 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File from which to read bearer token for the URL. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string enableHTTP2: @@ -5306,7 +5292,6 @@ spec: description: |- Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.26.0. type: boolean headers: @@ -5316,9 +5301,26 @@ spec: Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. - It requires Prometheus >= v2.25.0. type: object + messageVersion: + description: |- + The Remote Write message's version to use when writing to the endpoint. + + `Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0. + `Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0. + + When `Version2.0` is selected, Prometheus will automatically be + configured to append the metadata of scraped metrics to the WAL. + + Before setting this field, consult with your remote storage provider + what message version it supports. + + It requires Prometheus >= v2.54.0. + enum: + - V1.0 + - V2.0 + type: string metadataConfig: description: MetadataConfig configures the sending of series metadata to the remote storage. @@ -5338,7 +5340,6 @@ spec: The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. - It requires Prometheus >= v2.15.0. type: string noProxy: @@ -5347,17 +5348,14 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- OAuth2 configuration for the URL. - It requires Prometheus >= v2.27.0. - Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. properties: clientId: @@ -5379,9 +5377,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5405,9 +5401,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5434,9 +5428,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5453,12 +5445,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5485,9 +5697,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5502,24 +5712,17 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string queueConfig: @@ -5565,7 +5768,6 @@ spec: description: |- Retry upon receiving a 429 status code from the remote-write storage. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. type: boolean @@ -5583,10 +5785,9 @@ spec: sendExemplars: description: |- Enables sending of exemplars over remote write. Note that - exemplar-storage itself must be enabled using the `spec.enableFeature` + exemplar-storage itself must be enabled using the `spec.enableFeatures` option for exemplars to be scraped in the first place. - It requires Prometheus >= v2.27.0. type: boolean sendNativeHistograms: @@ -5594,17 +5795,14 @@ spec: Enables sending of native histograms, also known as sparse histograms over remote write. - It requires Prometheus >= v2.40.0. type: boolean sigv4: description: |- Sigv4 allows to configures AWS's Signature Verification 4 for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. properties: accessKey: @@ -5623,9 +5821,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5661,9 +5857,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5695,9 +5889,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5721,9 +5913,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5755,9 +5945,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5781,9 +5969,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5820,9 +6006,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5832,12 +6016,35 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object url: description: The URL of the endpoint to send samples to. + minLength: 1 type: string writeRelabelConfigs: description: The list of remote write relabel configurations. @@ -5846,7 +6053,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -5854,11 +6060,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -5888,7 +6092,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -5901,7 +6104,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -5924,11 +6126,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -5937,13 +6137,26 @@ spec: - url type: object type: array + remoteWriteReceiverMessageVersions: + description: |- + List of the protobuf message versions to accept when receiving the + remote writes. + + It requires Prometheus >= v2.54.0. + items: + enum: + - V1.0 + - V2.0 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set replicaExternalLabelName: description: |- Name of Prometheus external label used to denote the replica name. The external label will _not_ be added when the field is set to the empty string (`""`). - Default: "prometheus_replica" type: string replicas: @@ -5952,7 +6165,6 @@ spec: `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. - Default: 1 format: int32 type: integer @@ -5965,11 +6177,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -5980,6 +6190,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -6016,7 +6232,6 @@ spec: description: |- The route prefix Prometheus registers HTTP handlers for. - This is useful when using `spec.externalURL`, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example @@ -6027,7 +6242,6 @@ spec: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. format: int64 @@ -6037,36 +6251,46 @@ spec: List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. items: properties: + attachMetadata: + description: |- + AttachMetadata configures additional metadata to the discovered targets. + When the scrape object defines its own configuration, it takes + precedence over the scrape class configuration. + properties: + node: + description: |- + When set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. + type: boolean + type: object default: description: |- Default indicates that the scrape applies to all scrape objects that don't configure an explicit scrape class name. - Only one scrape class can be set as the default. type: boolean metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. - The Operator adds the scrape class metric relabelings defined here. Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. Then the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -6074,11 +6298,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -6108,7 +6330,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -6121,7 +6342,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -6144,11 +6364,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -6161,20 +6379,17 @@ spec: description: |- Relabelings configures the relabeling rules to apply to all scrape targets. - The Operator automatically adds relabelings for a few standard Kubernetes fields like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. Then the Operator adds the scrape class relabelings defined here. Then the Operator adds the target-specific relabelings defined in the scrape object. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -6182,11 +6397,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -6216,7 +6429,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -6229,7 +6441,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -6252,11 +6463,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -6267,7 +6476,6 @@ spec: scrape objects define their own CA, certificate and/or key, they take precedence over the corresponding scrape class fields. - For now only the `caFile`, `certFile` and `keyFile` fields are supported. properties: ca: @@ -6288,9 +6496,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6314,9 +6520,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6348,9 +6552,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6374,9 +6576,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6413,9 +6613,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6425,6 +6623,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -6442,7 +6662,6 @@ spec: matches all namespaces. A null label selector matches the current namespace only. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. properties: matchExpressions: @@ -6493,7 +6712,6 @@ spec: ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -6503,7 +6721,6 @@ spec: of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. properties: matchExpressions: @@ -6554,7 +6771,6 @@ spec: description: |- Interval between consecutive scrapes. - Default: "30s" pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -6563,10 +6779,8 @@ spec: The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -6598,6 +6812,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set securityContext: description: |- SecurityContext holds pod-level security attributes and common container settings. @@ -6632,12 +6847,10 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -6724,7 +6937,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -6734,18 +6946,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -6804,6 +7026,17 @@ spec: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. type: string + serviceDiscoveryRole: + description: |- + Defines the service discovery role used to discover targets from + `ServiceMonitor` objects and Alertmanager endpoints. + + If set, the value should be either "Endpoints" or "EndpointSlice". + If unset, the operator assumes the "Endpoints" role. + enum: + - Endpoints + - EndpointSlice + type: string serviceMonitorNamespaceSelector: description: |- Namespaces to match for ServicedMonitors discovery. An empty label selector @@ -6858,7 +7091,6 @@ spec: ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -6916,18 +7148,15 @@ spec: Number of shards to distribute targets onto. `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. - Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. - Sharding is performed on the content of the `__address__` target meta-label for PodMonitors and ServiceMonitors and `__param_target__` for Probes. - Default: 1 format: int32 type: integer @@ -6982,7 +7211,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -6992,11 +7220,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -7199,7 +7425,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -7455,7 +7681,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -7493,8 +7719,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -7513,12 +7739,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -7538,21 +7764,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -7597,8 +7823,16 @@ spec: status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + PersistentVolumeClaimConditionType defines the condition of PV claim. + Valid values are: + - "Resizing", "FileSystemResizePending" + + If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected: + - "ControllerResizeError", "NodeResizeError" + + If VolumeAttributesClass feature gate is enabled, then following additional values can be expected: + - "ModifyVolumeError", "ModifyingVolume" type: string required: - status @@ -7612,13 +7846,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -7653,7 +7887,6 @@ spec: TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. format: int64 @@ -7768,7 +8001,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -7808,7 +8040,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -7826,7 +8057,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -7838,7 +8068,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -7886,7 +8115,6 @@ spec: description: |- TracingConfig configures tracing in Prometheus. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -7951,9 +8179,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7977,9 +8203,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8011,9 +8235,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -8037,9 +8259,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8076,9 +8296,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -8088,6 +8306,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -8095,12 +8335,31 @@ spec: required: - endpoint type: object + tsdb: + description: |- + Defines the runtime reloadable configuration of the timeseries database(TSDB). + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + properties: + outOfOrderTimeWindow: + description: |- + Configures how old an out-of-order/out-of-bounds sample can be with + respect to the TSDB max time. + + An out-of-order/out-of-bounds sample is ingested into the TSDB as long as + the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object version: description: |- Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. - If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released. @@ -8109,7 +8368,6 @@ spec: description: |- VolumeMounts allows the configuration of additional VolumeMounts. - VolumeMounts will be appended to other VolumeMounts in the 'prometheus' container, that are generated as a result of StorageSpec objects. items: @@ -8143,10 +8401,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -8154,11 +8410,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -8199,7 +8453,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -8239,6 +8492,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -8251,6 +8505,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -8318,9 +8573,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -8362,9 +8615,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -8436,9 +8687,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap or its @@ -8477,9 +8726,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -8616,7 +8863,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -8627,17 +8873,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -8651,7 +8894,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -8661,11 +8903,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -8868,7 +9108,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -8894,7 +9134,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -8962,9 +9201,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -8998,7 +9235,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -9079,9 +9315,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -9098,6 +9331,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -9118,7 +9386,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -9130,6 +9397,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -9162,9 +9430,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -9281,24 +9547,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -9432,9 +9698,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap @@ -9572,9 +9836,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional field specify whether the @@ -9664,7 +9926,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -9672,6 +9933,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -9686,6 +9948,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -9711,13 +9974,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -9732,6 +9994,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -9763,9 +10026,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -9774,6 +10035,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -9887,9 +10149,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -9941,10 +10201,8 @@ spec: description: |- Configures compression of the write-ahead log (WAL) using Snappy. - WAL compression is enabled by default for Prometheus >= 2.20.0 - Requires Prometheus v2.11.0 and above. type: boolean web: @@ -10033,9 +10291,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -10059,9 +10315,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -10072,6 +10326,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -10098,9 +10357,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -10124,9 +10381,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -10143,6 +10398,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -10151,6 +10411,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -10165,9 +10430,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10192,9 +10455,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml index 3815b125573..27107827526 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.4 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -48,7 +48,14 @@ spec: name: v1 schema: openAPIV3Schema: - description: Prometheus defines a Prometheus deployment. + description: |- + The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more. + + For each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default. + + The resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances. + + The Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed. properties: apiVersion: description: |- @@ -80,13 +87,10 @@ spec: Prometheus Operator. They must be formatted according to the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config - The user is responsible for making sure that the configurations are valid - Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break @@ -103,9 +107,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -122,13 +124,10 @@ spec: Prometheus Operator. They must be formatted according to the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - The user is responsible for making sure that the configurations are valid - Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break @@ -145,9 +144,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -160,13 +157,11 @@ spec: description: |- AdditionalArgs allows setting additional arguments for the 'prometheus' container. - It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. - In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. @@ -210,9 +205,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -505,7 +498,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -520,7 +513,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -686,7 +679,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -701,7 +694,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -864,7 +857,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -879,7 +872,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1045,7 +1038,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1060,7 +1053,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1145,8 +1138,8 @@ spec: description: Defines the settings related to Alertmanager. properties: alertmanagers: - description: AlertmanagerEndpoints Prometheus should fire alerts - against. + description: Alertmanager endpoints where Prometheus should send + alerts to. items: description: |- AlertmanagerEndpoints defines a selection of a single Endpoints object @@ -1161,7 +1154,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -1169,11 +1161,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -1203,7 +1193,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -1216,7 +1205,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -1239,11 +1227,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -1257,7 +1243,6 @@ spec: description: |- Authorization section for Alertmanager. - Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`. properties: credentials: @@ -1275,9 +1260,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1291,10 +1274,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1302,7 +1283,6 @@ spec: description: |- BasicAuth configuration for Alertmanager. - Cannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`. properties: password: @@ -1321,9 +1301,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1349,9 +1327,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1366,10 +1342,8 @@ spec: description: |- File to read bearer token for Alertmanager. - Cannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string enableHttp2: @@ -1377,9 +1351,15 @@ spec: type: boolean name: description: Name of the Endpoints object in the namespace. + minLength: 1 type: string namespace: - description: Namespace of the Endpoints object. + description: |- + Namespace of the Endpoints object. + + If not set, the object will be discovered in the namespace of the + Prometheus object. + minLength: 1 type: string pathPrefix: description: Prefix for the HTTP path alerts are pushed @@ -1399,7 +1379,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -1407,11 +1386,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -1441,7 +1418,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -1454,7 +1430,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -1477,11 +1452,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -1493,10 +1466,8 @@ spec: description: |- Sigv4 allows to configures AWS's Signature Verification 4 for the URL. - It requires Prometheus >= v2.48.0. - Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`. properties: accessKey: @@ -1515,9 +1486,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1555,9 +1524,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1594,9 +1561,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -1621,9 +1586,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1656,9 +1619,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -1683,9 +1644,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1722,9 +1681,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1734,13 +1691,34 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - name - - namespace - port type: object type: array @@ -1752,7 +1730,6 @@ spec: AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. - Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default. type: boolean apiserverConfig: @@ -1767,7 +1744,6 @@ spec: description: |- Authorization section for the API server. - Cannot be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`. properties: @@ -1786,9 +1762,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1806,10 +1780,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1817,7 +1789,6 @@ spec: description: |- BasicAuth configuration for the API server. - Cannot be set at the same time as `authorization`, `bearerToken`, or `bearerTokenFile`. properties: @@ -1837,9 +1808,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1865,9 +1834,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1883,17 +1850,14 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File to read bearer token for accessing apiserver. - Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string host: @@ -1922,9 +1886,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1948,9 +1910,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1982,9 +1942,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -2008,9 +1966,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2047,9 +2003,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2059,6 +2013,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -2087,7 +2063,6 @@ spec: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn't set, the operator mounts the service account token by default. - **Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. type: boolean @@ -2099,7 +2074,6 @@ spec: BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ @@ -2122,13 +2096,11 @@ spec: container if they share the same name and modifications are done via a strategic merge patch. - The names of containers managed by the operator are: * `prometheus` * `config-reloader` * `thanos-sidecar` - Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. @@ -2205,9 +2177,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -2273,9 +2243,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -2315,9 +2283,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -2339,9 +2305,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -2626,11 +2590,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2838,11 +2802,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2990,11 +2954,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -3005,6 +2967,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -3128,7 +3096,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -3210,7 +3178,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -3291,11 +3258,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -3509,10 +3476,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -3520,11 +3485,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -3561,17 +3524,69 @@ spec: disableCompaction: description: When true, the Prometheus compaction is disabled. type: boolean + dnsConfig: + description: Defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: Name is required and must be unique. + minLength: 1 + type: string + value: + description: Value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: Defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string enableAdminAPI: description: |- Enables access to the Prometheus web admin API. - WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. - For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis type: boolean @@ -3579,12 +3594,10 @@ spec: description: |- Enable access to Prometheus feature flags. By default, no features are enabled. - Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. - For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ items: minLength: 1 @@ -3596,14 +3609,12 @@ spec: Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. - WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver - It requires Prometheus >= v2.33.0. type: boolean enforcedBodySizeLimit: @@ -3613,10 +3624,8 @@ spec: Targets responding with a body larger than this many bytes will cause the scrape to fail. - It requires Prometheus >= v2.28.0. - When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`. @@ -3632,10 +3641,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is greater than zero and less than `spec.enforcedKeepDroppedTargets`. - It requires Prometheus >= v2.47.0. - When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply: * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`. @@ -3650,10 +3657,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`. @@ -3668,10 +3673,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is greater than zero and less than `spec.enforcedLabelNameLengthLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`. @@ -3686,10 +3689,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is greater than zero and less than `spec.enforcedLabelValueLengthLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`. @@ -3701,16 +3702,13 @@ spec: description: |- When not empty, a label will be added to: - 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. 2. All metrics generated from recording rules defined in `PrometheusRule` objects. 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. - The label will not added for objects referenced in `spec.excludedFromEnforcement`. - The label's name is this field's value. The label's value is the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object. @@ -3723,11 +3721,9 @@ spec: unless `spec.sampleLimit` is greater than zero and less than `spec.enforcedSampleLimit`. - It is meant to be used by admins to keep the overall number of samples/series under a desired limit. - When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`. @@ -3742,11 +3738,9 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. - It is meant to be used by admins to to keep the overall number of targets under a desired limit. - When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`. @@ -3766,7 +3760,6 @@ spec: List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. - It is only applicable if `spec.enforcedNamespaceLabel` set to true. items: description: ObjectReference references a PodMonitor, ServiceMonitor, @@ -3812,11 +3805,9 @@ spec: description: |- Maximum number of exemplars stored in memory for all series. - exemplar-storage itself must be enabled using the `spec.enableFeature` option for exemplars to be scraped in the first place. - If not set, Prometheus uses its default value. A value of zero or less than zero disables the storage. format: int64 @@ -3866,13 +3857,12 @@ spec: description: |- Use the host's network namespace if true. - Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). - When hostNetwork is enabled, this will set the DNS policy to - `ClusterFirstWithHostNet` automatically. + `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set + to a different value). type: boolean ignoreNamespaceSelectors: description: |- @@ -3886,11 +3876,9 @@ spec: Container image name for Prometheus. If specified, it takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. - Specifying `spec.version` is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured. - If neither `spec.image` nor `spec.baseImage` are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released. @@ -3922,9 +3910,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -3940,11 +3926,9 @@ spec: containers if they share the same name and modifications are done via a strategic merge patch. - The names of init container name managed by the operator are: * `init-config-reloader`. - Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. @@ -4021,9 +4005,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -4089,9 +4071,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4131,9 +4111,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -4155,9 +4133,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -4442,11 +4418,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4654,11 +4630,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4806,11 +4782,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -4821,6 +4795,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -4944,7 +4924,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -5026,7 +5006,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -5107,11 +5086,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -5325,10 +5304,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -5336,11 +5313,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -5379,10 +5354,8 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. format: int64 @@ -5392,7 +5365,6 @@ spec: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. format: int64 @@ -5402,7 +5374,6 @@ spec: Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. format: int64 @@ -5412,7 +5383,6 @@ spec: Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. format: int64 @@ -5452,7 +5422,6 @@ spec: without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) - This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. format: int32 @@ -5462,6 +5431,21 @@ spec: type: string description: Defines on which Nodes the Pods are scheduled. type: object + otlp: + description: |- + Settings related to the OTLP receiver feature. + It requires Prometheus >= v2.55.0. + properties: + promoteResourceAttributes: + description: List of OpenTelemetry Attributes that should be promoted + to metric labels, defaults to none. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + type: object overrideHonorLabels: description: |- When true, Prometheus resolves label conflicts by renaming the labels in the scraped data @@ -5508,7 +5492,6 @@ spec: description: |- PodMetadata configures labels and annotations which are propagated to the Prometheus pods. - The following items are reserved and cannot be overridden: * "prometheus" label, set to the name of the Prometheus object. * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. @@ -5601,7 +5584,6 @@ spec: PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -5724,7 +5706,6 @@ spec: Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -5783,7 +5764,6 @@ spec: name. The external label will _not_ be added when the field is set to the empty string (`""`). - Default: "prometheus" type: string prometheusRulesExcludedFromEnforce: @@ -5838,7 +5818,6 @@ spec: description: |- queryLogFile specifies where the file to which PromQL queries are logged. - If the filename has an empty path, e.g. 'query.log', The Prometheus Pods will mount the file into an emptyDir volume at `/var/log/prometheus`. If a full path is provided, e.g. '/var/log/prometheus/query.log', you @@ -5868,10 +5847,8 @@ spec: description: |- Authorization section for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: @@ -5889,9 +5866,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5909,10 +5884,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -5920,7 +5893,6 @@ spec: description: |- BasicAuth configuration for the URL. - Cannot be set at the same time as `authorization`, or `oauth2`. properties: password: @@ -5939,9 +5911,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5967,9 +5937,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5985,28 +5953,24 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File from which to read the bearer token for the URL. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string filterExternalLabels: description: |- Whether to use the external labels as selectors for the remote read endpoint. - It requires Prometheus >= v2.34.0. type: boolean followRedirects: description: |- Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.26.0. type: boolean headers: @@ -6023,7 +5987,6 @@ spec: name is used in metrics and logging in order to differentiate read configurations. - It requires Prometheus >= v2.15.0. type: string noProxy: @@ -6032,17 +5995,14 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- OAuth2 configuration for the URL. - It requires Prometheus >= v2.27.0. - Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: @@ -6064,9 +6024,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6090,9 +6048,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6119,9 +6075,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6138,73 +6092,284 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string readRecent: @@ -6244,9 +6409,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6270,9 +6433,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6304,9 +6465,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6330,9 +6489,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6369,9 +6526,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6381,6 +6536,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -6403,10 +6580,8 @@ spec: description: |- Authorization section for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. properties: credentials: @@ -6424,9 +6599,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6444,10 +6617,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -6455,10 +6626,8 @@ spec: description: |- AzureAD for the URL. - It requires Prometheus >= v2.45.0. - Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. properties: cloud: @@ -6485,7 +6654,6 @@ spec: OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity` or `sdk`. - It requires Prometheus >= v2.48.0. properties: clientId: @@ -6510,9 +6678,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6540,7 +6706,6 @@ spec: See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as `oauth` or `managedIdentity`. - It requires Prometheus >= 2.52.0. properties: tenantId: @@ -6555,7 +6720,6 @@ spec: description: |- BasicAuth configuration for the URL. - Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. properties: password: @@ -6574,9 +6738,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6602,9 +6764,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6620,14 +6780,12 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File from which to read bearer token for the URL. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string enableHTTP2: @@ -6637,7 +6795,6 @@ spec: description: |- Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.26.0. type: boolean headers: @@ -6647,9 +6804,26 @@ spec: Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. - It requires Prometheus >= v2.25.0. type: object + messageVersion: + description: |- + The Remote Write message's version to use when writing to the endpoint. + + `Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0. + `Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0. + + When `Version2.0` is selected, Prometheus will automatically be + configured to append the metadata of scraped metrics to the WAL. + + Before setting this field, consult with your remote storage provider + what message version it supports. + + It requires Prometheus >= v2.54.0. + enum: + - V1.0 + - V2.0 + type: string metadataConfig: description: MetadataConfig configures the sending of series metadata to the remote storage. @@ -6669,7 +6843,6 @@ spec: The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. - It requires Prometheus >= v2.15.0. type: string noProxy: @@ -6678,17 +6851,14 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- OAuth2 configuration for the URL. - It requires Prometheus >= v2.27.0. - Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. properties: clientId: @@ -6710,9 +6880,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6721,9 +6889,243 @@ spec: required: - key type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. properties: key: description: The key of the secret to select from. Must @@ -6736,9 +7138,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6748,48 +7148,32 @@ spec: - key type: object x-kubernetes-map-type: atomic - type: object - clientSecret: - description: |- - `clientSecret` specifies a key of a Secret containing the OAuth2 - client's secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 type: string - name: - default: "" + minVersion: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -6816,9 +7200,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6833,24 +7215,17 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string queueConfig: @@ -6896,7 +7271,6 @@ spec: description: |- Retry upon receiving a 429 status code from the remote-write storage. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. type: boolean @@ -6914,10 +7288,9 @@ spec: sendExemplars: description: |- Enables sending of exemplars over remote write. Note that - exemplar-storage itself must be enabled using the `spec.enableFeature` + exemplar-storage itself must be enabled using the `spec.enableFeatures` option for exemplars to be scraped in the first place. - It requires Prometheus >= v2.27.0. type: boolean sendNativeHistograms: @@ -6925,17 +7298,14 @@ spec: Enables sending of native histograms, also known as sparse histograms over remote write. - It requires Prometheus >= v2.40.0. type: boolean sigv4: description: |- Sigv4 allows to configures AWS's Signature Verification 4 for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. properties: accessKey: @@ -6954,9 +7324,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6992,9 +7360,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7026,9 +7392,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7052,9 +7416,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7086,9 +7448,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7112,9 +7472,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7151,9 +7509,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7163,12 +7519,35 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object url: description: The URL of the endpoint to send samples to. + minLength: 1 type: string writeRelabelConfigs: description: The list of remote write relabel configurations. @@ -7177,7 +7556,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -7185,11 +7563,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -7219,7 +7595,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -7232,7 +7607,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -7255,11 +7629,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -7268,13 +7640,26 @@ spec: - url type: object type: array + remoteWriteReceiverMessageVersions: + description: |- + List of the protobuf message versions to accept when receiving the + remote writes. + + It requires Prometheus >= v2.54.0. + items: + enum: + - V1.0 + - V2.0 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set replicaExternalLabelName: description: |- Name of Prometheus external label used to denote the replica name. The external label will _not_ be added when the field is set to the empty string (`""`). - Default: "prometheus_replica" type: string replicas: @@ -7283,7 +7668,6 @@ spec: `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. - Default: 1 format: int32 type: integer @@ -7296,11 +7680,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -7311,6 +7693,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -7347,7 +7735,6 @@ spec: description: |- How long to retain the Prometheus data. - Default: "24h" if `spec.retention` and `spec.retentionSize` are empty. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -7359,7 +7746,6 @@ spec: description: |- The route prefix Prometheus registers HTTP handlers for. - This is useful when using `spec.externalURL`, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example @@ -7414,6 +7800,12 @@ spec: type: object type: object x-kubernetes-map-type: atomic + ruleQueryOffset: + description: |- + Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. + It requires Prometheus >= v2.53.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string ruleSelector: description: |- PrometheusRule objects to be selected for rule evaluation. An empty @@ -7470,14 +7862,12 @@ spec: description: |- Defines the parameters of the Prometheus rules' engine. - Any update to these parameters trigger a restart of the pods. properties: forGracePeriod: description: |- Minimum duration between alert and restored 'for' state. - This is maintained only for alerts with a configured 'for' time greater than the grace period. type: string @@ -7493,12 +7883,23 @@ spec: type: string type: object type: object + runtime: + description: RuntimeConfig configures the values for the Prometheus + process behavior + properties: + goGC: + description: |- + The Go garbage collection target percentage. Lowering this number may increase the CPU usage. + See: https://tip.golang.org/doc/gc-guide#GOGC + format: int32 + minimum: -1 + type: integer + type: object sampleLimit: description: |- SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. format: int64 @@ -7508,36 +7909,46 @@ spec: List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. items: properties: + attachMetadata: + description: |- + AttachMetadata configures additional metadata to the discovered targets. + When the scrape object defines its own configuration, it takes + precedence over the scrape class configuration. + properties: + node: + description: |- + When set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. + type: boolean + type: object default: description: |- Default indicates that the scrape applies to all scrape objects that don't configure an explicit scrape class name. - Only one scrape class can be set as the default. type: boolean metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. - The Operator adds the scrape class metric relabelings defined here. Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. Then the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -7545,11 +7956,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -7579,7 +7988,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -7592,7 +8000,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -7615,11 +8022,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -7632,20 +8037,17 @@ spec: description: |- Relabelings configures the relabeling rules to apply to all scrape targets. - The Operator automatically adds relabelings for a few standard Kubernetes fields like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. Then the Operator adds the scrape class relabelings defined here. Then the Operator adds the target-specific relabelings defined in the scrape object. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -7653,11 +8055,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -7687,7 +8087,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -7700,7 +8099,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -7723,11 +8121,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -7738,7 +8134,6 @@ spec: scrape objects define their own CA, certificate and/or key, they take precedence over the corresponding scrape class fields. - For now only the `caFile`, `certFile` and `keyFile` fields are supported. properties: ca: @@ -7759,9 +8154,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7785,9 +8178,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7819,9 +8210,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7845,9 +8234,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7884,9 +8271,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7896,6 +8281,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -7913,7 +8320,6 @@ spec: matches all namespaces. A null label selector matches the current namespace only. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. properties: matchExpressions: @@ -7964,7 +8370,6 @@ spec: ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -7974,7 +8379,6 @@ spec: of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. properties: matchExpressions: @@ -8025,7 +8429,6 @@ spec: description: |- Interval between consecutive scrapes. - Default: "30s" pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -8034,10 +8437,8 @@ spec: The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -8069,6 +8470,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set securityContext: description: |- SecurityContext holds pod-level security attributes and common container settings. @@ -8103,12 +8505,10 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -8195,7 +8595,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -8205,18 +8604,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -8275,6 +8684,17 @@ spec: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. type: string + serviceDiscoveryRole: + description: |- + Defines the service discovery role used to discover targets from + `ServiceMonitor` objects and Alertmanager endpoints. + + If set, the value should be either "Endpoints" or "EndpointSlice". + If unset, the operator assumes the "Endpoints" role. + enum: + - Endpoints + - EndpointSlice + type: string serviceMonitorNamespaceSelector: description: |- Namespaces to match for ServicedMonitors discovery. An empty label selector @@ -8329,7 +8749,6 @@ spec: ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -8391,18 +8810,15 @@ spec: Number of shards to distribute targets onto. `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. - Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. - Sharding is performed on the content of the `__address__` target meta-label for PodMonitors and ServiceMonitors and `__param_target__` for Probes. - Default: 1 format: int32 type: integer @@ -8457,7 +8873,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -8467,11 +8882,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -8674,7 +9087,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -8930,7 +9343,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -8968,8 +9381,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -8988,12 +9401,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -9013,21 +9426,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -9072,8 +9485,16 @@ spec: status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + PersistentVolumeClaimConditionType defines the condition of PV claim. + Valid values are: + - "Resizing", "FileSystemResizePending" + + If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected: + - "ControllerResizeError", "NodeResizeError" + + If VolumeAttributesClass feature gate is enabled, then following additional values can be expected: + - "ModifyVolumeError", "ModifyingVolume" type: string required: - status @@ -9087,13 +9508,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -9132,7 +9553,6 @@ spec: TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. format: int64 @@ -9172,7 +9592,6 @@ spec: BlockDuration controls the size of TSDB blocks produced by Prometheus. The default value is 2h to match the upstream Prometheus defaults. - WARNING: Changing the block duration can impact the performance and efficiency of the entire Prometheus/Thanos stack due to how it interacts with memory and Thanos compactors. It is recommended to keep this value @@ -9194,14 +9613,12 @@ spec: When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP's address for the gRPC endpoints. - It has no effect if `listenLocal` is true. type: boolean grpcServerTlsConfig: description: |- Configures the TLS parameters for the gRPC server providing the StoreAPI. - Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported. properties: ca: @@ -9222,9 +9639,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -9248,9 +9663,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -9282,9 +9695,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -9308,9 +9719,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -9347,9 +9756,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -9359,6 +9766,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -9368,7 +9797,6 @@ spec: When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP's address for the HTTP endpoints. - It has no effect if `listenLocal` is true. type: boolean image: @@ -9377,11 +9805,9 @@ spec: the `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha` fields. - Specifying `spec.thanos.version` is still necessary to ensure the Prometheus Operator knows which version of Thanos is being configured. - If neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined, the operator will use the latest upstream version of Thanos available at the time when the operator was released. @@ -9417,10 +9843,8 @@ spec: description: |- Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage. - More info: https://thanos.io/tip/thanos/storage.md/ - objectStorageConfigFile takes precedence over this field. properties: key: @@ -9434,9 +9858,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -9450,10 +9872,8 @@ spec: description: |- Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage. - More info: https://thanos.io/tip/thanos/storage.md/ - This field takes precedence over objectStorageConfig. type: string readyTimeout: @@ -9471,11 +9891,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -9486,6 +9904,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -9530,13 +9954,10 @@ spec: description: |- Defines the tracing configuration for the Thanos sidecar. - `tracingConfigFile` takes precedence over this field. - More info: https://thanos.io/tip/thanos/tracing.md/ - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -9551,9 +9972,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -9567,13 +9986,10 @@ spec: description: |- Defines the tracing configuration file for the Thanos sidecar. - This field takes precedence over `tracingConfig`. - More info: https://thanos.io/tip/thanos/tracing.md/ - This is an *experimental feature*, it may change in any upcoming release in a breaking way. type: string @@ -9582,7 +9998,6 @@ spec: Version of Thanos being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. - If not specified, the operator assumes the latest upstream release of Thanos available at the time when the version of the operator was released. @@ -9623,10 +10038,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -9634,11 +10047,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -9769,7 +10180,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -9809,7 +10219,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -9827,7 +10236,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -9839,7 +10247,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -9887,7 +10294,6 @@ spec: description: |- TracingConfig configures tracing in Prometheus. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -9952,9 +10358,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -9978,9 +10382,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -10012,9 +10414,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -10038,9 +10438,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -10077,9 +10475,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10089,6 +10485,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -10098,24 +10516,21 @@ spec: type: object tsdb: description: |- - Defines the runtime reloadable configuration of the timeseries database - (TSDB). + Defines the runtime reloadable configuration of the timeseries database(TSDB). + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. properties: outOfOrderTimeWindow: description: |- Configures how old an out-of-order/out-of-bounds sample can be with respect to the TSDB max time. - An out-of-order/out-of-bounds sample is ingested into the TSDB as long as the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). - This is an *experimental feature*, it may change in any upcoming release in a breaking way. - - It requires Prometheus >= v2.39.0. + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string type: object @@ -10124,7 +10539,6 @@ spec: Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. - If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released. @@ -10133,7 +10547,6 @@ spec: description: |- VolumeMounts allows the configuration of additional VolumeMounts. - VolumeMounts will be appended to other VolumeMounts in the 'prometheus' container, that are generated as a result of StorageSpec objects. items: @@ -10167,10 +10580,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -10178,11 +10589,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -10223,7 +10632,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -10263,6 +10671,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -10275,6 +10684,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -10342,9 +10752,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -10386,9 +10794,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -10460,9 +10866,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap or its @@ -10501,9 +10905,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -10640,7 +11042,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -10651,17 +11052,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -10675,7 +11073,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -10685,11 +11082,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -10892,7 +11287,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -10918,7 +11313,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -10986,9 +11380,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -11022,7 +11414,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -11103,9 +11494,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -11122,6 +11510,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -11142,7 +11565,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -11154,6 +11576,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -11186,9 +11609,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -11305,24 +11726,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -11456,9 +11877,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap @@ -11596,9 +12015,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional field specify whether the @@ -11688,7 +12105,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -11696,6 +12112,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -11710,6 +12127,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -11735,13 +12153,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -11756,6 +12173,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -11787,9 +12205,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -11798,6 +12214,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -11911,9 +12328,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -11965,10 +12380,8 @@ spec: description: |- Configures compression of the write-ahead log (WAL) using Snappy. - WAL compression is enabled by default for Prometheus >= 2.20.0 - Requires Prometheus v2.11.0 and above. type: boolean web: @@ -12057,9 +12470,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -12083,9 +12494,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -12096,6 +12505,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -12122,9 +12536,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -12148,9 +12560,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -12167,6 +12577,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -12175,6 +12590,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -12189,9 +12609,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12216,9 +12634,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusrules.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusrules.yaml index 403d0c54bff..8afe2009f81 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusrules.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusrules.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.4 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21,8 +21,10 @@ spec: - name: v1 schema: openAPIV3Schema: - description: PrometheusRule defines recording and alerting rules for a Prometheus - instance + description: |- + The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects. + + `Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors. properties: apiVersion: description: |- @@ -72,6 +74,14 @@ spec: More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response pattern: ^(?i)(abort|warn)?$ type: string + query_offset: + description: |- + Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. + + It requires Prometheus >= v2.53.0. + It is not supported for ThanosRuler. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string rules: description: List of alerting and recording rules. items: diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_scrapeconfigs.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_scrapeconfigs.yaml index 9145216b76b..b1fa65a5715 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_scrapeconfigs.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_scrapeconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.4 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46,21 +46,192 @@ spec: description: ScrapeConfigSpec is a specification of the desired configuration for a scrape configuration. properties: - NomadSDConfigs: - description: NomadSDConfigs defines a list of Nomad service discovery + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace that contains + the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + azureSDConfigs: + description: AzureSDConfigs defines a list of Azure service discovery configurations. items: description: |- - NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config + AzureSDConfig allow retrieving scrape targets from Azure VMs. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config + properties: + authenticationMethod: + description: |- + # The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`. + See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview + SDK authentication method uses environment variables by default. + See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication + enum: + - OAuth + - ManagedIdentity + - SDK + type: string + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. + type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + environment: + description: The Azure environment. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + type: integer + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + resourceGroup: + description: Optional resource group name. Limits discovery + to this resource group. + type: string + subscriptionID: + description: The subscription ID. Always required. + minLength: 1 + type: string + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. + type: string + required: + - subscriptionID + type: object + type: array + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. + items: + description: |- + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: allowStale: description: |- - The information to access the Nomad API. It is to be defined - as the Nomad documentation requires. + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. type: boolean authorization: - description: Authorization header to use on every scrape request. + description: Authorization header configuration to authenticate + against the Consul Server. properties: credentials: description: Selects a key of a Secret in the namespace @@ -77,9 +248,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -93,15 +262,15 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints properties: password: description: |- @@ -119,9 +288,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -147,9 +314,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -160,14 +325,22 @@ spec: type: object x-kubernetes-map-type: atomic type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean namespace: + description: Namespaces are only supported in Consul Enterprise. type: string noProxy: description: |- @@ -175,13 +348,17 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: Node metadata key/value pairs to filter nodes for + a given service. + type: object + x-kubernetes-map-type: atomic oauth2: - description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + description: Optional OAuth 2.0 configuration. properties: clientId: description: |- @@ -202,9 +379,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -228,9 +403,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -257,9 +430,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -276,22 +447,245 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 type: string required: - clientId - clientSecret - tokenUrl type: object + partition: + description: Admin Partitions are only supported in Consul Enterprise. + type: string proxyConnectHeader: additionalProperties: items: @@ -308,9 +702,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -325,42 +717,58 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: description: |- - Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function. - Supported units: y, w, d, h, m, s, ms - Examples: `30s`, `1m`, `1h20m15s`, `15d` + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS type: string server: + description: A valid string consisting of a hostname or IP followed + by an optional port number. minLength: 1 type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: atomic tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. type: string + tags: + description: An optional list of tags used to filter nodes for + a given service. Services must contain all tags in the list. + items: + type: string + type: array + x-kubernetes-list-type: atomic tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS Config properties: ca: description: Certificate authority used when verifying server @@ -380,9 +788,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -406,9 +812,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -436,9 +840,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -462,9 +864,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -493,9 +893,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -505,81 +903,35 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object - required: - - server - type: object - type: array - authorization: - description: Authorization header to use on every scrape request. - properties: - credentials: - description: Selects a key of a Secret in the namespace that contains - the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - - "Basic" is not a supported value. - - - Default: "Bearer" - type: string - type: object - azureSDConfigs: - description: AzureSDConfigs defines a list of Azure service discovery - configurations. - items: - description: |- - AzureSDConfig allow retrieving scrape targets from Azure VMs. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config - properties: - authenticationMethod: - description: |- - # The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`. - See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview - SDK authentication method uses environment variables by default. - See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication - enum: - - OAuth - - ManagedIdentity - - SDK - type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. properties: key: description: The key of the secret to select from. Must @@ -592,9 +944,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -604,111 +954,23 @@ spec: - key type: object x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string required: - - subscriptionID + - server type: object type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: - allowStale: + authorization: description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean - authorization: - description: Authorization header configuration to authenticate - against the Consul Server. + Authorization header configuration to authenticate against the DigitalOcean API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -725,9 +987,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -741,110 +1001,30 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the Consul Server. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. - type: string enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: Namespaces are only supported in Consul Enterprise. - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: Node metadata key/value pairs to filter nodes for - a given service. - type: object - x-kubernetes-map-type: atomic oauth2: - description: Optional OAuth 2.0 configuration. + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -865,9 +1045,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -891,9 +1069,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -920,9 +1096,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -939,12 +1113,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -955,9 +1349,9 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - type: string + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -974,9 +1368,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -991,65 +1383,25 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS - type: string - server: - description: A valid string consisting of a hostname or IP followed - by an optional port number. - minLength: 1 - type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: atomic - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. - type: string - tags: - description: An optional list of tags used to filter nodes for - a given service. Services must contain all tags in the list. - items: - type: string - type: array - x-kubernetes-list-type: atomic tlsConfig: - description: TLS Config + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -1069,9 +1421,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1095,9 +1445,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1125,9 +1473,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1151,9 +1497,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1182,9 +1526,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1194,53 +1536,95 @@ spec: - key type: object x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 type: string - name: - default: "" + minVersion: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic - required: - - server type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string + required: + - names + type: object + type: array + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. + items: + description: |- + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. + Authorization header configuration to authenticate against the Docker API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -1258,9 +1642,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1274,28 +1656,121 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean + filters: + description: Optional filters to limit the discovery process + to a subset of the available resources. + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean + host: + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. + type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- @@ -1321,9 +1796,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1347,9 +1820,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1376,9 +1847,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1395,12 +1864,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -1430,9 +2119,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1447,28 +2134,21 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -1492,9 +2172,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1518,9 +2196,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1548,9 +2224,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1574,9 +2248,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1605,9 +2277,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1617,70 +2287,47 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object + required: + - host type: object type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - - When set to NS, It requires Prometheus >= 2.49.0. - enum: - - SRV - - A - - AAAA - - MX - - NS - type: string - required: - - names - type: object - type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. - items: - description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the Docker API. - Cannot be set at the same time as `oauth2`. + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: credentials: description: Selects a key of a Secret in the namespace @@ -1697,9 +2344,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1713,15 +2358,13 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: Optional HTTP basic authentication information. properties: password: description: |- @@ -1739,9 +2382,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1767,9 +2408,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1784,34 +2423,43 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. + description: |- + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: - description: DockerFilter is the configuration to limit the - discovery process to a subset of available resources. + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. properties: name: + description: Name of the Filter. type: string values: + description: Value to filter on. items: + minLength: 1 type: string + minItems: 1 type: array + x-kubernetes-list-type: set required: - name - values type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ type: string noProxy: description: |- @@ -1819,13 +2467,12 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -1846,9 +2493,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1872,9 +2517,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1901,9 +2544,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1920,12 +2561,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -1937,7 +2798,12 @@ spec: - tokenUrl type: object port: - description: The port to scrape metrics from. + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -1955,9 +2821,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1972,32 +2836,34 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: The time after which the service discovery data + is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request properties: ca: description: Certificate authority used when verifying server @@ -2017,9 +2883,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -2043,9 +2907,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2073,9 +2935,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -2099,9 +2959,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2130,9 +2988,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2142,29 +2998,1148 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - host + - role type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. properties: - authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + accessKey: + description: AccessKey is the AWS API key. properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: Refresh interval to re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + server: + description: The URL to connect to the Eureka server. + minLength: 1 + type: string + tlsConfig: + description: TLS configuration applying to the target HTTP endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - server + type: object + type: array + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config + + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery + configurations. + items: + description: |- + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + properties: + authorization: + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must @@ -2177,9 +4152,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2193,15 +4166,15 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -2219,9 +4192,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2247,9 +4218,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2263,54 +4232,22 @@ spec: enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList - items: - description: Filter is the configuration to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name is the key of the field to check against. - type: string - values: - description: Values is the value or set of values to check - for a match. - items: - type: string - minItems: 1 - type: array - required: - - name - - values - type: object - type: array followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -2331,9 +4268,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -2357,9 +4292,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2386,9 +4319,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2405,12 +4336,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -2422,12 +4573,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -2445,9 +4591,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2462,41 +4606,33 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. + description: The Hetzner role of entities that should be discovered. enum: - - Services - - Tasks - - Nodes + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -2516,9 +4652,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -2542,9 +4676,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2572,9 +4704,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -2598,9 +4728,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2629,9 +4757,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2641,137 +4767,56 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - - host - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. - items: - description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - properties: - accessKey: - description: AccessKey is the AWS API key. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - filters: - description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - items: - description: EC2Filter is the configuration for filtering - EC2 instances. - properties: - name: - type: string - values: - items: - type: string - type: array - required: - - name - - values - type: object - type: array - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - region: - description: The AWS region - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. - type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - type: array - enableCompression: - description: |- - When false, Prometheus will request uncompressed response from the scraped target. - - - It requires Prometheus >= v2.49.0. - - - If unset, Prometheus uses true by default. + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -2788,9 +4833,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2804,15 +4847,16 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -2830,9 +4874,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2858,9 +4900,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2884,13 +4924,12 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -2911,20 +4950,252 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. properties: key: description: The key of the secret to select from. Must @@ -2937,9 +5208,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2949,48 +5218,32 @@ spec: - key type: object x-kubernetes-map-type: atomic - type: object - clientSecret: - description: |- - `clientSecret` specifies a key of a Secret containing the OAuth2 - client's secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 type: string - name: - default: "" + minVersion: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -3017,9 +5270,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3034,34 +5285,25 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 - type: string tlsConfig: description: TLS configuration applying to the target HTTP endpoint. properties: @@ -3083,9 +5325,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3109,9 +5349,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3139,9 +5377,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3165,9 +5401,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3196,9 +5430,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3208,111 +5440,52 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object - required: - - server - type: object - type: array - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. + url: + description: URL from which the targets are fetched. minLength: 1 + pattern: ^http(s)?://.+$ type: string required: - - project - - zone + - url type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -3329,9 +5502,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3345,50 +5516,40 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object - basicAuth: + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string + enableHTTP2: + description: Configure whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. + type: boolean + noProxy: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: Port to scrape the metrics from. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -3401,9 +5562,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3413,32 +5572,35 @@ spec: - key type: object x-kubernetes-map-type: atomic - type: object - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ type: string - oauth2: - description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + refreshInterval: + description: Refresh interval to re-read the list of resources. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: TLS configuration to use when connecting to the + IONOS API. properties: - clientId: - description: |- - `clientId` specifies a key of a Secret or ConfigMap containing the - OAuth2 client's ID. + ca: + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -3454,9 +5616,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3480,9 +5640,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3493,10 +5651,64 @@ spec: type: object x-kubernetes-map-type: atomic type: object - clientSecret: - description: |- - `clientSecret` specifies a key of a Secret containing the OAuth2 - client's secret. + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. properties: key: description: The key of the secret to select from. Must @@ -3509,9 +5721,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3521,36 +5731,93 @@ spec: - key type: object x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string + maxVersion: description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - required: - - clientId - - clientSecret - - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + required: + - authorization + - datacenterID + type: object + type: array + jobName: + description: |- + The value of the `job` label assigned to the scraped metrics by default. + + The `job_name` field in the rendered scrape configuration is always controlled by the + operator to prevent duplicate job names, which Prometheus does not allow. Instead the + `job` label is set by means of relabeling configs. + minLength: 1 + type: string + keepDroppedTargets: + description: |- + Per-scrape limit on the number of targets dropped by relabeling + that will be kept in memory. 0 means no limit. + + It requires Prometheus >= v2.47.0. + format: int64 + type: integer + kubernetesSDConfigs: + description: KubernetesSDConfigs defines a list of Kubernetes service + discovery configurations. + items: + description: |- + KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config + properties: + apiServer: + description: |- + The API server address consisting of a hostname or IP address followed + by an optional port number. + If left empty, Prometheus is assumed to run inside + of the cluster. It will discover API servers automatically and use the pod's + CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + minLength: 1 + type: string + attachMetadata: + description: |- + Optional metadata to attach to discovered targets. + It requires Prometheus >= v2.35.0 when using the `Pod` role and + Prometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles. + properties: + node: + description: |- + Attaches node metadata to discovered targets. + When set to true, Prometheus must have the `get` permission on the + `Nodes` objects. + Only valid for Pod, Endpoint and Endpointslice roles. + type: boolean + type: object + authorization: + description: |- + Authorization header to use on every scrape request. + Cannot be set at the same time as `basicAuth`, or `oauth2`. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must @@ -3563,9 +5830,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3575,49 +5840,114 @@ spec: - key type: object x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. + type: + description: |- + Defines the authentication type. The value is case-insensitive. + "Basic" is not a supported value. - It requires Prometheus >= v2.43.0. + Default: "Bearer" + type: string type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: + basicAuth: description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - - It requires Prometheus >= v2.43.0. + BasicAuth information to use on every scrape request. + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - proxyUrl: + namespaces: + description: Optional namespace discovery. If omitted, Prometheus + discovers targets across all namespaces. + properties: + names: + description: |- + List of namespaces where to watch for resources. + If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces. + items: + type: string + type: array + x-kubernetes-list-type: set + ownNamespace: + description: Includes the namespace in which the Prometheus + pod runs to the list of watched namespaces. + type: boolean + type: object + noProxy: description: |- - `proxyURL` defines the HTTP proxy server to use. - + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. - It requires Prometheus >= v2.43.0. - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: The time after which the servers are refreshed. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - tlsConfig: - description: TLS configuration to use on every scrape request. + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: - ca: - description: Certificate authority used when verifying server - certificates. + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. properties: configMap: description: ConfigMap containing data to use for the @@ -3633,9 +5963,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3659,9 +5987,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3672,15 +5998,55 @@ spec: type: object x-kubernetes-map-type: atomic type: object - cert: - description: Client certificate to present when doing client-authentication. + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. properties: - configMap: - description: ConfigMap containing data to use for the - targets. + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key to select. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: default: "" @@ -3689,20 +6055,160 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. properties: key: description: The key of the secret to select from. Must @@ -3715,186 +6221,52 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - required: - - role - type: object - type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery - configurations. - items: - description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config - properties: - authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - - "Basic" is not a supported value. - - - Default: "Bearer" - type: string - type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 type: string - name: - default: "" + minVersion: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl type: object - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - - It requires Prometheus >= v2.43.0. - type: string proxyConnectHeader: additionalProperties: items: @@ -3911,9 +6283,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3928,34 +6298,72 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string - refreshInterval: + role: description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + Role of the Kubernetes entities that should be discovered. + Role `Endpointslice` requires Prometheus >= v2.21.0 + enum: + - Pod + - Endpoints + - Ingress + - Service + - Node + - EndpointSlice type: string + selectors: + description: |- + Selector to select objects. + It requires Prometheus >= v2.17.0 + items: + description: K8SSelectorConfig is Kubernetes Selector Config + properties: + field: + description: |- + An optional field selector to limit the service discovery to resources which have fields with specific values. + e.g: `metadata.name=foobar` + minLength: 1 + type: string + label: + description: |- + An optional label selector to limit the service discovery to resources with specific labels and label values. + e.g: `node.kubernetes.io/instance-type=master` + minLength: 1 + type: string + role: + description: |- + Role specifies the type of Kubernetes resource to limit the service discovery to. + Accepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress. + enum: + - Pod + - Endpoints + - Ingress + - Service + - Node + - EndpointSlice + type: string + required: + - role + type: object + type: array + x-kubernetes-list-map-keys: + - role + x-kubernetes-list-type: map tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Kubernetes + API. properties: ca: description: Certificate authority used when verifying server @@ -3975,9 +6383,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -4001,9 +6407,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4031,9 +6435,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -4057,9 +6459,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4088,9 +6488,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4100,72 +6498,46 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string required: - - url + - role type: object type: array - jobName: - description: |- - The value of the `job` label assigned to the scraped metrics by default. - - - The `job_name` field in the rendered scrape configuration is always controlled by the - operator to prevent duplicate job names, which Prometheus does not allow. Instead the - `job` label is set by means of relabeling configs. - minLength: 1 - type: string - keepDroppedTargets: - description: |- - Per-scrape limit on the number of targets dropped by relabeling - that will be kept in memory. 0 means no limit. - - - It requires Prometheus >= v2.47.0. - format: int64 - type: integer - kubernetesSDConfigs: - description: KubernetesSDConfigs defines a list of Kubernetes service - discovery configurations. + kumaSDConfigs: + description: KumaSDConfigs defines a list of Kuma service discovery + configurations. items: description: |- - KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config + KumaSDConfig allow retrieving scrape targets from Kuma's control plane. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config properties: - apiServer: - description: |- - The API server address consisting of a hostname or IP address followed - by an optional port number. - If left empty, Prometheus is assumed to run inside - of the cluster. It will discover API servers automatically and use the pod's - CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. - type: string - attachMetadata: - description: |- - Optional metadata to attach to discovered targets. - It requires Prometheus >= v2.35.0 for `pod` role and - Prometheus >= v2.37.0 for `endpoints` and `endpointslice` roles. - properties: - node: - description: |- - Attaches node metadata to discovered targets. - When set to true, Prometheus must have the `get` permission on the - `Nodes` objects. - Only valid for Pod, Endpoint and Endpointslice roles. - type: boolean - type: object authorization: - description: |- - Authorization header to use on every scrape request. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + description: Authorization header to use on every scrape request. properties: credentials: description: Selects a key of a Secret in the namespace @@ -4182,9 +6554,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4198,17 +6568,13 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: |- - BasicAuth information to use on every scrape request. - Cannot be set at the same time as `authorization`, or `oauth2`. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -4226,9 +6592,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4254,9 +6618,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4267,37 +6629,29 @@ spec: type: object x-kubernetes-map-type: atomic type: object + clientID: + description: Client id is used by Kuma Control Plane to compute + Monitoring Assignment for specific Prometheus backend. + type: string enableHTTP2: description: Whether to enable HTTP2. type: boolean + fetchTimeout: + description: The time after which the monitoring assignments + are refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - namespaces: - description: Optional namespace discovery. If omitted, Prometheus - discovers targets across all namespaces. - properties: - names: - description: |- - List of namespaces where to watch for resources. - If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces. - items: - type: string - type: array - ownNamespace: - description: Includes the namespace in which the Prometheus - pod exists to the list of watched namesapces. - type: boolean - type: object noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- @@ -4323,9 +6677,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -4349,9 +6701,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4378,9 +6728,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4397,12 +6745,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -4429,9 +6997,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4446,77 +7012,29 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string - role: - description: Role of the Kubernetes entities that should be - discovered. - enum: - - Node - - node - - Service - - service - - Pod - - pod - - Endpoints - - endpoints - - EndpointSlice - - endpointslice - - Ingress - - ingress + refreshInterval: + description: The time to wait between polling update requests. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + server: + description: Address of the Kuma Control Plane's MADS xDS server. + minLength: 1 type: string - selectors: - description: Selector to select objects. - items: - description: K8SSelectorConfig is Kubernetes Selector Config - properties: - field: - type: string - label: - type: string - role: - description: Role is role of the service in Kubernetes. - enum: - - Node - - node - - Service - - service - - Pod - - pod - - Endpoints - - endpoints - - EndpointSlice - - endpointslice - - Ingress - - ingress - type: string - required: - - role - type: object - type: array - x-kubernetes-list-map-keys: - - role - x-kubernetes-list-type: map tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration to use on every scrape request properties: ca: description: Certificate authority used when verifying server @@ -4536,9 +7054,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -4562,9 +7078,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4592,9 +7106,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -4618,9 +7130,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4649,9 +7159,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4661,24 +7169,90 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - - role + - server type: object type: array - kumaSDConfigs: - description: KumaSDConfigs defines a list of Kuma service discovery - configurations. + labelLimit: + description: |- + Per-scrape limit on number of labels that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: |- + Per-scrape limit on length of labels name that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: |- + Per-scrape limit on length of labels value that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + lightSailSDConfigs: + description: LightsailSDConfigs defines a list of Lightsail service + discovery configurations. items: description: |- - KumaSDConfig allow retrieving scrape targets from Kuma's control plane. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config + LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic authorization: - description: Authorization header to use on every scrape request. + description: |- + Optional `authorization` HTTP header configuration. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -4695,9 +7269,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4711,15 +7283,15 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + Optional HTTP basic authentication information. + Cannot be set at the same time as `authorization`, or `oauth2`. properties: password: description: |- @@ -4737,9 +7309,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4765,9 +7335,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4778,21 +7346,16 @@ spec: type: object x-kubernetes-map-type: atomic type: object - clientID: - description: Client id is used by Kuma Control Plane to compute - Monitoring Assignment for specific Prometheus backend. - type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean - fetchTimeout: - description: The time after which the monitoring assignments - are refreshed. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + endpoint: + description: Custom endpoint to be used. + minLength: 1 type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -4800,13 +7363,12 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -4827,9 +7389,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -4853,9 +7413,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4882,9 +7440,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4901,12 +7457,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -4917,6 +7693,14 @@ spec: - clientSecret - tokenUrl type: object + port: + description: |- + Port to scrape the metrics from. + If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -4933,9 +7717,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4950,36 +7732,56 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time to wait between polling update requests. + description: Refresh interval to re-read the list of instances. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: Address of the Kuma Control Plane's MADS xDS server. + region: + description: The AWS region. minLength: 1 type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration to connect to the Puppet DB. properties: ca: description: Certificate authority used when verifying server @@ -4999,9 +7801,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5025,9 +7825,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5055,9 +7853,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5081,9 +7877,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5112,9 +7906,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5124,71 +7916,44 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object - required: - - server type: object type: array - labelLimit: - description: |- - Per-scrape limit on number of labels that will be accepted for a sample. - Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - labelNameLengthLimit: - description: |- - Per-scrape limit on length of labels name that will be accepted for a sample. - Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - labelValueLengthLimit: - description: |- - Per-scrape limit on length of labels value that will be accepted for a sample. - Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - lightSailSDConfigs: - description: LightsailSDConfigs defines a list of Lightsail service - discovery configurations. + linodeSDConfigs: + description: LinodeSDConfigs defines a list of Linode service discovery + configurations. items: description: |- - LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config - TODO: Need to document that we will not be supporting the `_file` fields. + LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic authorization: - description: |- - Optional `authorization` HTTP header configuration. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + description: Authorization header configuration. properties: credentials: description: Selects a key of a Secret in the namespace @@ -5205,9 +7970,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5221,85 +7984,17 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object - basicAuth: - description: |- - Optional HTTP basic authentication information. - Cannot be set at the same time as `authorization`, or `oauth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: - description: Configure whether to enable HTTP2. + description: Whether to enable HTTP2. type: boolean - endpoint: - description: Custom endpoint to be used. - minLength: 1 - type: string followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean noProxy: description: |- @@ -5307,13 +8002,12 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration. + Cannot be used at the same time as `authorization`. properties: clientId: description: |- @@ -5334,9 +8028,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5360,9 +8052,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5389,9 +8079,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5408,12 +8096,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5425,9 +8333,7 @@ spec: - tokenUrl type: object port: - description: |- - Port to scrape the metrics from. - If using the public IP address, this must instead be specified in the relabeling rule. + description: Default port to scrape metrics from. format: int32 maximum: 65535 minimum: 0 @@ -5448,9 +8354,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5465,65 +8369,34 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the list of instances. + description: Time after which the linode instances are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string region: - description: The AWS region. + description: Optional region to filter on. minLength: 1 type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + tagSeparator: + description: The string by which Linode Instance tags are joined + into the tag label. + minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: TLS configuration to connect to the Puppet DB. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -5543,9 +8416,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5569,9 +8440,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5599,9 +8468,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5625,9 +8492,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5656,9 +8521,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5668,22 +8531,166 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object type: object type: array - linodeSDConfigs: - description: LinodeSDConfigs defines a list of Linode service discovery + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + Action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + Modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: |- + Replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: Separator is the string between concatenated SourceLabels. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: |- + Label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + minItems: 1 + type: array + metricsPath: + description: MetricsPath HTTP path to scrape for metrics. If empty, + Prometheus uses the default value (e.g. /metrics). + minLength: 1 + type: string + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + nomadSDConfigs: + description: NomadSDConfigs defines a list of Nomad service discovery configurations. items: description: |- - LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config + NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config properties: + allowStale: + description: |- + The information to access the Nomad API. It is to be defined + as the Nomad documentation requires. + type: boolean authorization: - description: Authorization header configuration. + description: Authorization header to use on every scrape request. properties: credentials: description: Selects a key of a Secret in the namespace @@ -5700,9 +8707,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5716,13 +8721,67 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean @@ -5730,19 +8789,20 @@ spec: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean + namespace: + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be used at the same time as `authorization`. + Cannot be set at the same time as `authorization` or `basic_auth`. properties: clientId: description: |- @@ -5763,9 +8823,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5789,9 +8847,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5818,9 +8874,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5837,12 +8891,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5853,12 +9127,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: Default port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer proxyConnectHeader: additionalProperties: items: @@ -5875,9 +9143,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5892,38 +9158,32 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the linode instances are refreshed. + description: |- + Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function. + Supported units: y, w, d, h, m, s, ms + Examples: `30s`, `1m`, `1h20m15s`, `15d` pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string region: - description: Optional region to filter on. + type: string + server: minLength: 1 type: string tagSeparator: - description: The string by which Linode Instance tags are joined - into the tag label. - minLength: 1 type: string tlsConfig: description: TLS configuration applying to the target HTTP endpoint. @@ -5946,9 +9206,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5972,9 +9230,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6002,9 +9258,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6028,9 +9282,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6059,9 +9311,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6071,118 +9321,357 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: |- - RelabelConfig allows dynamic rewriting of the label set for targets, alerts, - scraped samples and remote write samples. - - - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - properties: - action: - default: replace - description: |- - Action to perform based on the regex matching. - - - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - - - Default: "Replace" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: |- - Modulus to take of the hash of the source label values. - - - Only applicable when the action is `HashMod`. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. + oauth2: + description: OAuth2 configuration to use on every scrape request. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: type: string - replacement: - description: |- - Replacement value against which a Replace action is performed if the - regular expression matches. - + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. - Regex capture groups are available. - type: string - separator: - description: Separator is the string between concatenated SourceLabels. - type: string - sourceLabels: - description: |- - The source labels select values from existing labels. Their content is - concatenated using the configured Separator and matched against the - configured regular expression. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: items: - description: |- - LabelName is a valid Prometheus label name which may only contain ASCII - letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic type: array - targetLabel: - description: |- - Label to which the resulting string is written in a replacement. - - - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - Regex capture groups are available. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for the + token request.' + items: type: string - type: object - type: array - metricsPath: - description: MetricsPath HTTP path to scrape for metrics. If empty, - Prometheus uses the default value (e.g. /metrics). - type: string - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - - It requires Prometheus >= v2.43.0. - type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the token + from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object openstackSDConfigs: description: OpenStackSDConfigs defines a list of OpenStack service discovery configurations. @@ -6222,9 +9711,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6273,9 +9760,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6337,9 +9822,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6363,9 +9846,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6393,9 +9874,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6419,9 +9898,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6450,9 +9927,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6462,6 +9937,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -6507,9 +10004,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6533,9 +10028,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6595,9 +10088,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -6612,24 +10103,17 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string puppetDBSDConfigs: @@ -6660,9 +10144,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6676,50 +10158,428 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + Optional HTTP basic authentication information. + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Configure whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. + type: boolean + includeParameters: + description: |- + Whether to include the parameters as meta labels. + Note: Enabling this exposes parameters in the Prometheus UI and API. Make sure + that you don't have secrets exposed as parameters if you enable this. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. - Default: "Bearer" - type: string - type: object - basicAuth: - description: |- - Optional HTTP basic authentication information. - Cannot be set at the same time as `authorization`, or `oauth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 type: string - name: - default: "" + minVersion: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: Port to scrape the metrics from. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -6732,9 +10592,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6744,38 +10602,40 @@ spec: - key type: object x-kubernetes-map-type: atomic - type: object - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - includeParameters: - description: |- - Whether to include the parameters as meta labels. - Note: Enabling this exposes parameters in the Prometheus UI and API. Make sure - that you don't have secrets exposed as parameters if you enable this. - type: boolean - noProxy: + type: array description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ type: string - oauth2: + query: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Puppet Query Language (PQL) query. Only resources are supported. + https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html + minLength: 1 + type: string + refreshInterval: + description: Refresh interval to re-read the list of resources. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: TLS configuration to connect to the Puppet DB. properties: - clientId: - description: |- - `clientId` specifies a key of a Secret or ConfigMap containing the - OAuth2 client's ID. + ca: + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -6791,9 +10651,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6817,9 +10675,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6830,10 +10686,64 @@ spec: type: object x-kubernetes-map-type: atomic type: object - clientSecret: - description: |- - `clientSecret` specifies a key of a Secret containing the OAuth2 - client's secret. + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. properties: key: description: The key of the secret to select from. Must @@ -6846,9 +10756,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6858,35 +10766,184 @@ spec: - key type: object x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string + maxVersion: description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - required: - - clientId - - clientSecret - - tokenUrl type: object + url: + description: The URL of the PuppetDB root query endpoint. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string + required: + - query + - url + type: object + type: array + relabelings: + description: |- + RelabelConfigs defines how to rewrite the target's labels before scraping. + Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. + The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + Action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + Modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: |- + Replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: Separator is the string between concatenated SourceLabels. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: |- + Label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + minItems: 1 + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + scalewaySDConfigs: + description: ScalewaySDConfigs defines a list of Scaleway instances + and baremetal service discovery configurations. + items: + description: |- + ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config + properties: + accessKey: + description: Access key to use. https://console.scaleway.com/project/credentials + minLength: 1 + type: string + apiURL: + description: API URL to use when doing the server listing requests. + pattern: ^http(s)?://.+$ + type: string + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + nameFilter: + description: NameFilter specify a name filter (works as a LIKE) + to apply on the server listing request. + minLength: 1 + type: string + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string port: - description: Port to scrape the metrics from. + description: The port to scrape metrics from. format: int32 maximum: 65535 minimum: 0 type: integer + projectID: + description: Project ID of the targets. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -6903,9 +10960,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6920,38 +10975,66 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string - query: - description: |- - Puppet Query Language (PQL) query. Only resources are supported. - https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html - minLength: 1 - type: string refreshInterval: - description: Refresh interval to re-read the list of resources. + description: Refresh interval to re-read the list of instances. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + role: + description: Service of the targets to retrieve. Must be `Instance` + or `Baremetal`. + enum: + - Instance + - Baremetal + type: string + secretKey: + description: Secret key to use when listing targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tagsFilter: + description: TagsFilter specify a tag filter (a server needs + to have all defined tags to be listed) to apply on the server + listing request. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Puppet DB. + description: TLS configuration to use on every scrape request properties: ca: description: Certificate authority used when verifying server @@ -6971,9 +11054,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6997,9 +11078,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7027,9 +11106,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7053,9 +11130,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7084,9 +11159,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7096,122 +11169,44 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object - url: - description: The URL of the PuppetDB root query endpoint. + zone: + description: Zone is the availability zone of your targets (e.g. + fr-par-1). minLength: 1 - pattern: ^http(s)?://.+$ type: string required: - - query - - url - type: object - type: array - relabelings: - description: |- - RelabelConfigs defines how to rewrite the target's labels before scraping. - Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. - The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - items: - description: |- - RelabelConfig allows dynamic rewriting of the label set for targets, alerts, - scraped samples and remote write samples. - - - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - properties: - action: - default: replace - description: |- - Action to perform based on the regex matching. - - - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - - - Default: "Replace" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: |- - Modulus to take of the hash of the source label values. - - - Only applicable when the action is `HashMod`. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. - type: string - replacement: - description: |- - Replacement value against which a Replace action is performed if the - regular expression matches. - - - Regex capture groups are available. - type: string - separator: - description: Separator is the string between concatenated SourceLabels. - type: string - sourceLabels: - description: |- - The source labels select values from existing labels. Their content is - concatenated using the configured Separator and matched against the - configured regular expression. - items: - description: |- - LabelName is a valid Prometheus label name which may only contain ASCII - letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: |- - Label to which the resulting string is written in a replacement. - - - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. - - - Regex capture groups are available. - type: string + - accessKey + - projectID + - role + - secretKey type: object type: array - sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. - format: int64 - type: integer scheme: description: |- Configures the protocol scheme used for requests. @@ -7224,6 +11219,11 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeInterval: description: ScrapeInterval is the interval between consecutive scrapes. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ @@ -7233,10 +11233,8 @@ spec: The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -7252,6 +11250,7 @@ spec: - OpenMetricsText1.0.0 - PrometheusText0.0.4 type: string + minItems: 1 type: array x-kubernetes-list-type: set scrapeTimeout: @@ -7277,10 +11276,15 @@ spec: targets: description: List of targets for this static configuration. items: - description: Target represents a target for Prometheus to - scrape + description: |- + Target represents a target for Prometheus to scrape + kubebuilder:validation:MinLength:=1 type: string + minItems: 1 type: array + x-kubernetes-list-type: set + required: + - targets type: object type: array targetLimit: @@ -7308,9 +11312,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -7334,9 +11336,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7363,9 +11363,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -7389,9 +11387,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7419,9 +11415,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -7431,6 +11425,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_servicemonitors.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_servicemonitors.yaml index a29b8f56699..1e38a806809 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_servicemonitors.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_servicemonitors.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.4 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21,7 +21,15 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ServiceMonitor defines monitoring for a set of services. + description: |- + The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services. + Among other things, it allows to specify: + * The services to scrape via label selectors. + * The container ports to scrape. + * Authentication credentials to use. + * Target and metric relabeling. + + `Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors. properties: apiVersion: description: |- @@ -50,13 +58,15 @@ spec: `attachMetadata` defines additional metadata which is added to the discovered targets. - It requires Prometheus >= v2.37.0. properties: node: description: |- - When set to true, Prometheus must have the `get` permission on the - `Nodes` objects. + When set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. type: boolean type: object bodySizeLimit: @@ -64,12 +74,14 @@ spec: When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus. - It requires Prometheus >= v2.28.0. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string endpoints: - description: List of endpoints part of this ServiceMonitor. + description: |- + List of endpoints part of this ServiceMonitor. + Defines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects. + In most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels. items: description: |- Endpoint defines an endpoint serving Prometheus metrics to be scraped by @@ -80,7 +92,6 @@ spec: `authorization` configures the Authorization header credentials to use when scraping the target. - Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: @@ -98,9 +109,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -114,10 +123,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -126,7 +133,6 @@ spec: `basicAuth` configures the Basic Authentication credentials to use when scraping the target. - Cannot be set at the same time as `authorization`, or `oauth2`. properties: password: @@ -145,9 +151,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -173,9 +177,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -190,7 +192,6 @@ spec: description: |- File to read bearer token for scraping the target. - Deprecated: use `authorization` instead. type: string bearerTokenSecret: @@ -199,7 +200,6 @@ spec: token for scraping targets. The secret needs to be in the same namespace as the ServiceMonitor object and readable by the Prometheus Operator. - Deprecated: use `authorization` instead. properties: key: @@ -213,9 +213,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -234,10 +232,8 @@ spec: When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. - If unset, the filtering is enabled. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase type: boolean followRedirects: @@ -259,7 +255,6 @@ spec: description: |- Interval at which Prometheus scrapes the metrics from the target. - If empty, Prometheus uses the global scrape interval. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -272,7 +267,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -280,11 +274,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -314,7 +306,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -327,7 +318,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -350,11 +340,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -363,10 +351,8 @@ spec: description: |- `oauth2` configures the OAuth2 settings to use when scraping the target. - It requires Prometheus >= 2.27.0. - Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: @@ -388,9 +374,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -414,9 +398,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -443,9 +425,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -462,12 +442,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -489,14 +689,12 @@ spec: description: |- HTTP path from which to scrape for metrics. - If empty, Prometheus uses the default value (e.g. `/metrics`). type: string port: description: |- Name of the Service port which this endpoint refers to. - It takes precedence over `targetPort`. type: string proxyUrl: @@ -509,20 +707,16 @@ spec: `relabelings` configures the relabeling rules to apply the target's metadata labels. - The Operator automatically adds relabelings for a few standard Kubernetes fields. - The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -530,11 +724,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -564,7 +756,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -577,7 +768,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -600,11 +790,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -613,11 +801,9 @@ spec: description: |- HTTP scheme to use for scraping. - `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. - If empty, Prometheus uses the default value `http`. enum: - http @@ -627,7 +813,6 @@ spec: description: |- Timeout after which Prometheus considers the scrape to be failed. - If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ @@ -661,9 +846,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -687,9 +870,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -721,9 +902,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -747,9 +926,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -786,9 +963,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -798,6 +973,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -808,7 +1005,6 @@ spec: the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. - It requires Prometheus >= v2.48.0. type: boolean type: object @@ -818,12 +1014,10 @@ spec: `jobLabel` selects the label from the associated Kubernetes `Service` object which will be used as the `job` label for all metrics. - For example if `jobLabel` is set to `foo` and the Kubernetes `Service` object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` label to all ingested metrics. - If the value of this field is empty or if the label doesn't exist for the given Service, the `job` label of the metrics defaults to the name of the associated Kubernetes `Service`. @@ -833,7 +1027,6 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. format: int64 type: integer @@ -841,7 +1034,6 @@ spec: description: |- Per-scrape limit on number of labels that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer @@ -849,7 +1041,6 @@ spec: description: |- Per-scrape limit on length of labels name that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer @@ -857,14 +1048,13 @@ spec: description: |- Per-scrape limit on length of labels value that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer namespaceSelector: description: |- - Selector to select which namespaces the Kubernetes `Endpoints` objects - are discovered from. + `namespaceSelector` defines in which namespace(s) Prometheus should discover the services. + By default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces. properties: any: description: |- @@ -877,6 +1067,23 @@ spec: type: string type: array type: object + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true podTargetLabels: description: |- `podTargetLabels` defines the labels which are transferred from the @@ -894,15 +1101,18 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -921,7 +1131,8 @@ spec: type: array x-kubernetes-list-type: set selector: - description: Label selector to select the Kubernetes `Endpoints` objects. + description: Label selector to select the Kubernetes `Endpoints` objects + to scrape metrics from. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -980,6 +1191,7 @@ spec: format: int64 type: integer required: + - endpoints - selector type: object required: diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml index b030aa6ebca..7a035e15549 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.4 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -48,7 +48,12 @@ spec: name: v1 schema: openAPIV3Schema: - description: ThanosRuler defines a ThanosRuler deployment. + description: |- + The `ThanosRuler` custom resource definition (CRD) defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster. + + A `ThanosRuler` instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services). + + The resource defines via label and namespace selectors which `PrometheusRule` objects should be associated to the deployed Thanos Ruler instances. properties: apiVersion: description: |- @@ -381,7 +386,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -396,7 +401,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -562,7 +567,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -577,7 +582,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -740,7 +745,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -755,7 +760,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -921,7 +926,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -936,7 +941,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1053,9 +1058,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -1080,9 +1083,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -1182,9 +1183,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -1250,9 +1249,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1292,9 +1289,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -1316,9 +1311,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -1603,11 +1596,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -1815,11 +1808,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -1967,11 +1960,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1982,6 +1973,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2105,7 +2102,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -2187,7 +2184,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -2268,11 +2264,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2486,10 +2482,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -2497,11 +2491,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -2535,6 +2527,60 @@ spec: - name type: object type: array + dnsConfig: + description: Defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: Name is required and must be unique. + minLength: 1 + type: string + value: + description: Value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: Defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string enforcedNamespaceLabel: description: |- EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert @@ -2616,9 +2662,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -2642,9 +2686,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2675,9 +2717,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -2701,9 +2741,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2739,9 +2777,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -2751,6 +2787,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -2808,9 +2866,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -2897,9 +2953,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -2965,9 +3019,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -3007,9 +3059,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -3031,9 +3081,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -3318,11 +3366,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -3530,11 +3578,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -3682,11 +3730,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -3697,6 +3743,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -3820,7 +3872,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -3902,7 +3954,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -3983,11 +4034,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4201,10 +4252,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -4212,11 +4261,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -4307,9 +4354,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -4332,7 +4377,6 @@ spec: description: |- PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods. - The following items are reserved and cannot be overridden: * "app.kubernetes.io/name" label, set to "thanos-ruler". * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". @@ -4418,9 +4462,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -4450,11 +4492,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -4465,6 +4505,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -4638,12 +4684,10 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -4730,7 +4774,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -4740,18 +4783,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -4861,7 +4914,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -4871,11 +4923,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -5078,7 +5128,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -5334,7 +5384,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -5372,8 +5422,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -5392,12 +5442,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -5417,21 +5467,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -5476,8 +5526,16 @@ spec: status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + PersistentVolumeClaimConditionType defines the condition of PV claim. + Valid values are: + - "Resizing", "FileSystemResizePending" + + If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected: + - "ControllerResizeError", "NodeResizeError" + + If VolumeAttributesClass feature gate is enabled, then following additional values can be expected: + - "ModifyVolumeError", "ModifyingVolume" type: string required: - status @@ -5491,13 +5549,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -5632,7 +5690,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -5672,7 +5729,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -5690,7 +5746,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -5702,7 +5757,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -5750,10 +5804,8 @@ spec: description: |- TracingConfig configures tracing in Thanos. - `tracingConfigFile` takes precedence over this field. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -5768,9 +5820,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -5783,10 +5833,8 @@ spec: description: |- TracingConfig specifies the path of the tracing configuration file. - This field takes precedence over `tracingConfig`. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. type: string @@ -5829,10 +5877,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -5840,11 +5886,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -5884,7 +5928,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -5924,6 +5967,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -5936,6 +5980,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -6003,9 +6048,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6047,9 +6090,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6121,9 +6162,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap or its @@ -6162,9 +6201,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6301,7 +6338,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -6312,17 +6348,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -6336,7 +6369,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -6346,11 +6378,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -6553,7 +6583,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -6579,7 +6609,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -6647,9 +6676,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6683,7 +6710,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -6764,9 +6790,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -6783,6 +6806,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -6803,7 +6861,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -6815,6 +6872,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -6847,9 +6905,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6966,24 +7022,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -7117,9 +7173,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap @@ -7257,9 +7311,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional field specify whether the @@ -7349,7 +7401,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -7357,6 +7408,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -7371,6 +7423,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -7396,13 +7449,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -7417,6 +7469,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -7448,9 +7501,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -7459,6 +7510,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -7572,9 +7624,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -7698,9 +7748,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7724,9 +7772,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7737,6 +7783,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -7763,9 +7814,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7789,9 +7838,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7808,6 +7855,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -7816,6 +7868,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -7830,9 +7887,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7857,9 +7912,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object @@ -7876,7 +7928,7 @@ spec: format: int32 type: integer conditions: - description: The current state of the Alertmanager object. + description: The current state of the ThanosRuler object. items: description: |- Condition represents the state of the resources associated with the diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml index 00c1008b3e0..d10626fa57c 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml @@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -45,9 +45,12 @@ spec: type: object spec: description: |- - AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. - By definition, the Alertmanager configuration only applies to alerts for which - the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. + AlertmanagerConfigSpec is a specification of the desired behavior of the + Alertmanager configuration. + By default, the Alertmanager configuration only applies to alerts for which + the `namespace` label is equal to the namespace of the AlertmanagerConfig + resource (see the `.spec.alertmanagerConfigMatcherStrategy` field of the + Alertmanager CRD). properties: inhibitRules: description: |- @@ -212,6 +215,8 @@ spec: type: array type: object type: array + required: + - name type: object type: array receivers: @@ -243,9 +248,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -279,9 +282,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -295,10 +296,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -323,9 +322,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -351,9 +348,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -382,9 +377,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -398,6 +391,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -421,9 +422,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -449,9 +448,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -478,9 +475,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -497,12 +492,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -513,8 +734,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -537,9 +807,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -565,9 +833,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -596,9 +862,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -624,9 +888,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -655,9 +917,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -667,6 +927,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -711,9 +993,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -740,9 +1020,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -819,9 +1097,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -846,9 +1122,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -877,9 +1151,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -904,9 +1176,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -935,9 +1205,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -947,6 +1215,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -989,9 +1279,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1005,10 +1293,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1033,9 +1319,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1061,9 +1345,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1092,9 +1374,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1108,6 +1388,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -1131,9 +1419,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1159,9 +1445,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1188,9 +1472,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1207,12 +1489,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -1223,8 +1731,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -1247,9 +1804,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1275,9 +1830,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1306,9 +1859,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1334,9 +1885,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1365,9 +1914,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1377,6 +1924,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -1411,9 +1980,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1460,9 +2027,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1524,9 +2089,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1540,10 +2103,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1568,9 +2129,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1596,9 +2155,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1627,9 +2184,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1643,6 +2198,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -1666,9 +2229,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1694,9 +2255,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1723,9 +2282,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1742,24 +2299,299 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - required: + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to + fetch the token from.' + minLength: 1 + type: string + required: - clientId - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -1782,9 +2614,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1810,9 +2640,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1841,9 +2669,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1869,9 +2695,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -1900,9 +2724,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1912,6 +2734,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -2037,9 +2881,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2053,10 +2895,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -2081,9 +2921,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2109,9 +2947,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2140,9 +2976,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -2156,6 +2990,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -2179,9 +3021,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2207,9 +3047,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2236,9 +3074,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2255,12 +3091,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -2271,8 +3333,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -2295,9 +3406,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2323,9 +3432,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2354,9 +3461,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2382,9 +3487,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2413,9 +3516,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2425,6 +3526,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -2486,9 +3609,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2520,9 +3641,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2588,9 +3707,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2604,10 +3721,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -2632,9 +3747,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2660,9 +3773,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2691,9 +3802,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -2707,6 +3816,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -2730,9 +3847,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2758,9 +3873,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2787,9 +3900,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2806,24 +3917,299 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to + fetch the token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -2846,9 +4232,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2874,9 +4258,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2905,9 +4287,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -2933,9 +4313,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -2964,9 +4342,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -2976,6 +4352,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -3023,9 +4421,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3071,9 +4467,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3164,9 +4558,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3235,9 +4627,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3251,10 +4641,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -3279,9 +4667,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3307,9 +4693,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3338,9 +4722,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -3354,6 +4736,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -3377,9 +4767,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3405,9 +4793,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3434,9 +4820,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3453,12 +4837,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -3469,8 +5079,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -3493,9 +5152,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3521,9 +5178,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3552,9 +5207,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3580,9 +5233,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3611,9 +5262,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3623,6 +5272,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -3701,9 +5372,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3717,10 +5386,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -3745,9 +5412,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3773,9 +5438,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3804,9 +5467,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -3820,6 +5481,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -3843,9 +5512,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3871,9 +5538,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -3900,9 +5565,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -3919,24 +5582,299 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes - used for the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to - fetch the token from.' - minLength: 1 + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - required: + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to + fetch the token from.' + minLength: 1 + type: string + required: - clientId - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -3959,9 +5897,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -3987,9 +5923,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4018,9 +5952,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4046,9 +5978,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4077,9 +6007,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4089,6 +6017,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -4126,9 +6076,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4166,9 +6114,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4213,7 +6159,6 @@ spec: The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - Either `botToken` or `botTokenFile` is required. properties: key: @@ -4227,9 +6172,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4244,7 +6187,6 @@ spec: File to read the Telegram bot token from. It is mutually exclusive with `botToken`. Either `botToken` or `botTokenFile` is required. - It requires Alertmanager >= v0.26.0. type: string chatID: @@ -4278,9 +6220,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4294,10 +6234,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -4322,9 +6260,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4350,9 +6286,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4381,9 +6315,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4397,6 +6329,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -4420,9 +6360,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4448,9 +6386,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4477,9 +6413,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4496,12 +6430,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -4512,8 +6672,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -4536,9 +6745,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4564,9 +6771,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4595,9 +6800,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4623,9 +6826,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4654,9 +6855,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4666,6 +6865,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -4685,6 +6906,8 @@ spec: sendResolved: description: Whether to notify about resolved alerts. type: boolean + required: + - chatID type: object type: array victoropsConfigs: @@ -4711,9 +6934,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4770,9 +6991,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4786,10 +7005,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -4814,9 +7031,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4842,9 +7057,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4873,9 +7086,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4889,6 +7100,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -4912,9 +7131,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -4940,9 +7157,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -4969,9 +7184,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -4988,12 +7201,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5004,8 +7443,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -5028,9 +7516,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5056,9 +7542,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5087,9 +7571,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5115,9 +7597,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5146,9 +7626,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5158,6 +7636,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -5223,9 +7723,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5239,10 +7737,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -5267,9 +7763,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5295,9 +7789,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5326,9 +7818,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -5342,6 +7832,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -5365,9 +7863,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5393,9 +7889,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5422,9 +7916,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5441,12 +7933,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5457,8 +8175,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -5481,9 +8248,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5509,9 +8274,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5540,9 +8303,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5568,9 +8329,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5599,9 +8358,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5611,6 +8368,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -5663,9 +8442,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5679,10 +8456,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -5707,9 +8482,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5735,9 +8508,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5766,9 +8537,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -5782,6 +8551,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -5805,9 +8582,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5833,9 +8608,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5862,9 +8635,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5881,12 +8652,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5897,8 +8894,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -5921,9 +8967,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5949,9 +8993,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5980,9 +9022,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6008,9 +9048,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6039,9 +9077,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6051,6 +9087,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. @@ -6090,9 +9148,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6130,9 +9186,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6172,9 +9226,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6188,10 +9240,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -6216,9 +9266,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6244,9 +9292,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6275,9 +9321,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -6291,6 +9335,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -6314,9 +9366,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6342,9 +9392,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6371,9 +9419,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6390,12 +9436,238 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy + server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data + to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to + use for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -6406,8 +9678,57 @@ spec: - clientSecret - tokenUrl type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean proxyURL: - description: Optional proxy URL. + description: |- + Optional proxy URL. + + If defined, this field takes precedence over `proxyUrl`. + type: string + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -6430,9 +9751,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6458,9 +9777,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6489,9 +9806,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6517,9 +9832,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6548,9 +9861,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6560,6 +9871,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml index 1aa1dd4061f..c1886a1e889 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml @@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -49,7 +49,12 @@ spec: name: v1 schema: openAPIV3Schema: - description: Alertmanager describes an Alertmanager cluster. + description: |- + The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more. + + For each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode. + + The resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances. properties: apiVersion: description: |- @@ -363,7 +368,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -378,7 +383,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -544,7 +549,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -559,7 +564,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -722,7 +727,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -737,7 +742,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -903,7 +908,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -918,7 +923,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1001,15 +1006,17 @@ spec: type: object alertmanagerConfigMatcherStrategy: description: |- - The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. - In the future more options may be added. + AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects + process incoming alerts. properties: type: default: OnNamespace description: |- - If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules. - `None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig. - Default is `OnNamespace`. + AlertmanagerConfigMatcherStrategyType defines the strategy used by + AlertmanagerConfig objects to match alerts in the routes and inhibition + rules. + + The default value is `OnNamespace`. enum: - OnNamespace - None @@ -1114,10 +1121,8 @@ spec: description: |- alertmanagerConfiguration specifies the configuration of Alertmanager. - If defined, it takes precedence over the `configSecret` field. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -1148,9 +1153,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1164,10 +1167,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1192,9 +1193,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1220,9 +1219,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1251,9 +1248,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1267,6 +1262,14 @@ spec: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string oauth2: description: OAuth2 client credentials used to fetch a token for the targets. @@ -1290,9 +1293,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1317,9 +1318,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1346,9 +1345,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1365,12 +1362,236 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of + a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -1381,8 +1602,51 @@ spec: - clientSecret - tokenUrl type: object - proxyURL: - description: Optional proxy URL. + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a + Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server + to use.' + pattern: ^http(s)?://.+$ type: string tlsConfig: description: TLS configuration for the client. @@ -1405,9 +1669,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1432,9 +1694,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1463,9 +1723,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -1490,9 +1748,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -1521,9 +1777,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1533,6 +1787,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -1552,9 +1828,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1578,9 +1852,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1614,9 +1886,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1646,9 +1916,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1672,9 +1940,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1747,9 +2013,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -1773,9 +2037,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1836,13 +2098,11 @@ spec: Alertmanager object, which contains the configuration for this Alertmanager instance. If empty, it defaults to `alertmanager-`. - The Alertmanager configuration should be available under the `alertmanager.yaml` key. Additional keys from the original secret are copied to the generated secret and mounted into the `/etc/alertmanager/config` directory in the `alertmanager` container. - If either the secret or the `alertmanager.yaml` key is missing, the operator provisions a minimal Alertmanager configuration with one empty receiver (effectively dropping alert notifications). @@ -1930,9 +2190,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -1998,9 +2256,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -2040,9 +2296,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -2064,9 +2318,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -2351,11 +2603,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2563,11 +2815,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2715,11 +2967,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -2730,6 +2980,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2853,7 +3109,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -2935,7 +3191,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -3016,11 +3271,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -3234,10 +3489,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -3245,11 +3498,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -3283,6 +3534,60 @@ spec: - name type: object type: array + dnsConfig: + description: Defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: Name is required and must be unique. + minLength: 1 + type: string + value: + description: Value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: Defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string enableFeatures: description: |- Enable access to Alertmanager feature flags. By default, no features are enabled. @@ -3290,7 +3595,6 @@ spec: scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. - It requires Alertmanager >= 0.27.0. items: type: string @@ -3363,9 +3667,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -3454,9 +3756,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -3522,9 +3822,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -3564,9 +3862,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -3588,9 +3884,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -3875,11 +4169,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4087,11 +4381,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4239,11 +4533,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -4254,6 +4546,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -4377,7 +4675,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -4459,7 +4757,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -4540,11 +4837,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4758,10 +5055,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -4769,11 +5064,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -4851,7 +5144,6 @@ spec: description: |- PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. - The following items are reserved and cannot be overridden: * "alertmanager" label, set to the name of the Alertmanager instance. * "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance. @@ -4912,11 +5204,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -4927,6 +5217,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -5016,12 +5312,10 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -5108,7 +5402,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -5118,18 +5411,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -5248,7 +5551,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -5258,11 +5560,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -5465,7 +5765,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -5721,7 +6021,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -5759,8 +6059,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -5779,12 +6079,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -5804,21 +6104,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -5863,8 +6163,16 @@ spec: status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + PersistentVolumeClaimConditionType defines the condition of PV claim. + Valid values are: + - "Resizing", "FileSystemResizePending" + + If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected: + - "ControllerResizeError", "NodeResizeError" + + If VolumeAttributesClass feature gate is enabled, then following additional values can be expected: + - "ModifyVolumeError", "ModifyingVolume" type: string required: - status @@ -5878,13 +6186,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -6025,7 +6333,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -6065,7 +6372,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -6083,7 +6389,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -6095,7 +6400,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -6178,10 +6482,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -6189,11 +6491,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -6234,7 +6534,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -6274,6 +6573,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -6286,6 +6586,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -6353,9 +6654,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6397,9 +6696,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6471,9 +6768,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap or its @@ -6512,9 +6807,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6651,7 +6944,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -6662,17 +6954,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -6686,7 +6975,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -6696,11 +6984,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -6903,7 +7189,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -6929,7 +7215,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -6997,9 +7282,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -7033,7 +7316,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -7114,9 +7396,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -7133,6 +7412,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -7153,7 +7467,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -7165,6 +7478,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -7197,9 +7511,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -7316,24 +7628,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -7467,9 +7779,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap @@ -7607,9 +7917,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional field specify whether the @@ -7699,7 +8007,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -7707,6 +8014,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -7721,6 +8029,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -7746,13 +8055,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -7767,6 +8075,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -7798,9 +8107,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -7809,6 +8116,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -7922,9 +8230,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -8060,9 +8366,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -8086,9 +8390,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8099,6 +8401,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -8125,9 +8432,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -8151,9 +8456,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8170,6 +8473,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -8178,6 +8486,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -8192,9 +8505,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -8219,9 +8530,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object @@ -8291,6 +8599,10 @@ spec: object (their labels match the selector). format: int32 type: integer + selector: + description: The selector used to match the pods targeted by this + Alertmanager object. + type: string unavailableReplicas: description: Total number of unavailable pods targeted by this Alertmanager object. @@ -8315,4 +8627,8 @@ spec: served: true storage: true subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas status: {} diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml index 37a06ca73da..f2774cc8442 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml @@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22,7 +22,15 @@ spec: - name: v1 schema: openAPIV3Schema: - description: PodMonitor defines monitoring for a set of pods. + description: |- + The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods. + Among other things, it allows to specify: + * The pods to scrape via label selectors. + * The container ports to scrape. + * Authentication credentials to use. + * Target and metric relabeling. + + `Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors. properties: apiVersion: description: |- @@ -50,13 +58,15 @@ spec: `attachMetadata` defines additional metadata which is added to the discovered targets. - - It requires Prometheus >= v2.37.0. + It requires Prometheus >= v2.35.0. properties: node: description: |- - When set to true, Prometheus must have the `get` permission on the - `Nodes` objects. + When set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. type: boolean type: object bodySizeLimit: @@ -64,7 +74,6 @@ spec: When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus. - It requires Prometheus >= v2.28.0. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string @@ -74,12 +83,10 @@ spec: `jobLabel` selects the label from the associated Kubernetes `Pod` object which will be used as the `job` label for all metrics. - For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` label to all ingested metrics. - If the value of this field is empty, the `job` label of the metrics defaults to the namespace and name of the PodMonitor object (e.g. `/`). type: string @@ -88,7 +95,6 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. format: int64 type: integer @@ -96,7 +102,6 @@ spec: description: |- Per-scrape limit on number of labels that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer @@ -104,7 +109,6 @@ spec: description: |- Per-scrape limit on length of labels name that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer @@ -112,14 +116,13 @@ spec: description: |- Per-scrape limit on length of labels value that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer namespaceSelector: description: |- - Selector to select which namespaces the Kubernetes `Pods` objects - are discovered from. + `namespaceSelector` defines in which namespace(s) Prometheus should discover the pods. + By default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces. properties: any: description: |- @@ -132,8 +135,25 @@ spec: type: string type: array type: object + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true podMetricsEndpoints: - description: List of endpoints part of this PodMonitor. + description: Defines how to scrape metrics from the selected pods. items: description: |- PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by @@ -144,7 +164,6 @@ spec: `authorization` configures the Authorization header credentials to use when scraping the target. - Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: @@ -162,9 +181,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -178,10 +195,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -190,7 +205,6 @@ spec: `basicAuth` configures the Basic Authentication credentials to use when scraping the target. - Cannot be set at the same time as `authorization`, or `oauth2`. properties: password: @@ -209,9 +223,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -237,9 +249,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -256,7 +266,6 @@ spec: token for scraping targets. The secret needs to be in the same namespace as the PodMonitor object and readable by the Prometheus Operator. - Deprecated: use `authorization` instead. properties: key: @@ -270,9 +279,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -291,10 +298,8 @@ spec: When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. - If unset, the filtering is enabled. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase type: boolean followRedirects: @@ -316,7 +321,6 @@ spec: description: |- Interval at which Prometheus scrapes the metrics from the target. - If empty, Prometheus uses the global scrape interval. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -329,7 +333,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -337,11 +340,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -371,7 +372,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -384,7 +384,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -407,11 +406,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -420,10 +417,8 @@ spec: description: |- `oauth2` configures the OAuth2 settings to use when scraping the target. - It requires Prometheus >= 2.27.0. - Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: @@ -445,9 +440,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -471,9 +464,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -500,9 +491,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -519,12 +508,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -546,14 +755,12 @@ spec: description: |- HTTP path from which to scrape for metrics. - If empty, Prometheus uses the default value (e.g. `/metrics`). type: string port: description: |- Name of the Pod port which this endpoint refers to. - It takes precedence over `targetPort`. type: string proxyUrl: @@ -566,20 +773,16 @@ spec: `relabelings` configures the relabeling rules to apply the target's metadata labels. - The Operator automatically adds relabelings for a few standard Kubernetes fields. - The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -587,11 +790,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -621,7 +822,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -634,7 +834,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -657,11 +856,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -670,11 +867,9 @@ spec: description: |- HTTP scheme to use for scraping. - `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. - If empty, Prometheus uses the default value `http`. enum: - http @@ -684,7 +879,6 @@ spec: description: |- Timeout after which Prometheus considers the scrape to be failed. - If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ @@ -697,7 +891,6 @@ spec: Name or number of the target port of the `Pod` object behind the Service, the port must be specified with container port property. - Deprecated: use 'port' instead. x-kubernetes-int-or-string: true tlsConfig: @@ -721,9 +914,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -747,9 +938,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -777,9 +966,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -803,9 +990,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -834,9 +1019,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -846,6 +1029,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -856,7 +1061,6 @@ spec: the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. - It requires Prometheus >= v2.48.0. type: boolean type: object @@ -878,15 +1082,18 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -905,7 +1112,8 @@ spec: type: array x-kubernetes-list-type: set selector: - description: Label selector to select the Kubernetes `Pod` objects. + description: Label selector to select the Kubernetes `Pod` objects + to scrape metrics from. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml index a01abee205c..d391df8643d 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml @@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22,7 +22,14 @@ spec: - name: v1 schema: openAPIV3Schema: - description: Probe defines monitoring for a set of static targets or ingresses. + description: |- + The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter). + + The `Probe` resource needs 2 pieces of information: + * The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects. + * The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics. + + `Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors. properties: apiVersion: description: |- @@ -63,9 +70,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -79,10 +84,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -107,9 +110,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -135,9 +136,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -165,9 +164,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -190,7 +187,6 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. format: int64 type: integer @@ -219,7 +215,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -227,11 +222,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -261,7 +254,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -274,7 +266,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -296,11 +287,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -311,6 +300,23 @@ spec: Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml type: string + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true oauth2: description: OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. @@ -333,9 +339,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -359,9 +363,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -388,9 +390,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -407,12 +407,228 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -461,15 +677,18 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -536,7 +755,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -544,11 +762,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -578,7 +794,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -591,7 +806,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -614,11 +828,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -693,7 +905,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -701,11 +912,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -735,7 +944,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -748,7 +956,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -771,11 +978,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -807,9 +1012,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -833,9 +1036,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -862,9 +1063,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -888,9 +1087,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -918,9 +1115,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -930,6 +1125,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml index f74bfe01a05..11214c94310 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml @@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -49,7 +49,10 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: PrometheusAgent defines a Prometheus agent deployment. + description: |- + The `PrometheusAgent` custom resource definition (CRD) defines a desired [Prometheus Agent](https://prometheus.io/blog/2021/11/16/agent/) setup to run in a Kubernetes cluster. + + The CRD is very similar to the `Prometheus` CRD except for features which aren't available in agent mode like rule evaluation, persistent storage and Thanos sidecar. properties: apiVersion: description: |- @@ -77,13 +80,11 @@ spec: description: |- AdditionalArgs allows setting additional arguments for the 'prometheus' container. - It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. - In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. @@ -127,9 +128,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -422,7 +421,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -437,7 +436,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -603,7 +602,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -618,7 +617,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -781,7 +780,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -796,7 +795,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -962,7 +961,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -977,7 +976,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1070,7 +1069,6 @@ spec: description: |- Authorization section for the API server. - Cannot be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`. properties: @@ -1089,9 +1087,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1109,10 +1105,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1120,7 +1114,6 @@ spec: description: |- BasicAuth configuration for the API server. - Cannot be set at the same time as `authorization`, `bearerToken`, or `bearerTokenFile`. properties: @@ -1140,9 +1133,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1168,9 +1159,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1186,17 +1175,14 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File to read bearer token for accessing apiserver. - Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string host: @@ -1225,9 +1211,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1251,9 +1235,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1285,9 +1267,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1311,9 +1291,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1350,9 +1328,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1362,6 +1338,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -1390,7 +1388,6 @@ spec: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn't set, the operator mounts the service account token by default. - **Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. type: boolean @@ -1399,7 +1396,6 @@ spec: BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ @@ -1422,13 +1418,11 @@ spec: container if they share the same name and modifications are done via a strategic merge patch. - The names of containers managed by the operator are: * `prometheus` * `config-reloader` * `thanos-sidecar` - Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. @@ -1505,9 +1499,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -1573,9 +1565,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1615,9 +1605,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -1639,9 +1627,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -1926,11 +1912,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2138,11 +2124,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2290,11 +2276,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -2305,6 +2289,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2428,7 +2418,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -2510,7 +2500,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -2591,11 +2580,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2809,10 +2798,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -2820,11 +2807,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -2858,16 +2843,68 @@ spec: - name type: object type: array + dnsConfig: + description: Defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: Name is required and must be unique. + minLength: 1 + type: string + value: + description: Value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: Defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string enableFeatures: description: |- Enable access to Prometheus feature flags. By default, no features are enabled. - Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. - For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ items: minLength: 1 @@ -2879,14 +2916,12 @@ spec: Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. - WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver - It requires Prometheus >= v2.33.0. type: boolean enforcedBodySizeLimit: @@ -2896,10 +2931,8 @@ spec: Targets responding with a body larger than this many bytes will cause the scrape to fail. - It requires Prometheus >= v2.28.0. - When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`. @@ -2915,10 +2948,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is greater than zero and less than `spec.enforcedKeepDroppedTargets`. - It requires Prometheus >= v2.47.0. - When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply: * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`. @@ -2933,10 +2964,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`. @@ -2951,10 +2980,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is greater than zero and less than `spec.enforcedLabelNameLengthLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`. @@ -2969,10 +2996,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is greater than zero and less than `spec.enforcedLabelValueLengthLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`. @@ -2984,16 +3009,13 @@ spec: description: |- When not empty, a label will be added to: - 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. 2. All metrics generated from recording rules defined in `PrometheusRule` objects. 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. - The label will not added for objects referenced in `spec.excludedFromEnforcement`. - The label's name is this field's value. The label's value is the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object. @@ -3006,11 +3028,9 @@ spec: unless `spec.sampleLimit` is greater than zero and less than `spec.enforcedSampleLimit`. - It is meant to be used by admins to keep the overall number of samples/series under a desired limit. - When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`. @@ -3025,11 +3045,9 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. - It is meant to be used by admins to to keep the overall number of targets under a desired limit. - When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`. @@ -3042,7 +3060,6 @@ spec: List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. - It is only applicable if `spec.enforcedNamespaceLabel` set to true. items: description: ObjectReference references a PodMonitor, ServiceMonitor, @@ -3123,13 +3140,12 @@ spec: description: |- Use the host's network namespace if true. - Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). - When hostNetwork is enabled, this will set the DNS policy to - `ClusterFirstWithHostNet` automatically. + `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set + to a different value). type: boolean ignoreNamespaceSelectors: description: |- @@ -3143,11 +3159,9 @@ spec: Container image name for Prometheus. If specified, it takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. - Specifying `spec.version` is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured. - If neither `spec.image` nor `spec.baseImage` are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released. @@ -3179,9 +3193,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -3197,11 +3209,9 @@ spec: containers if they share the same name and modifications are done via a strategic merge patch. - The names of init container name managed by the operator are: * `init-config-reloader`. - Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. @@ -3278,9 +3288,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -3346,9 +3354,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -3388,9 +3394,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -3412,9 +3416,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -3699,11 +3701,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -3911,11 +3913,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4063,11 +4065,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -4078,6 +4078,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -4201,7 +4207,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -4283,7 +4289,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -4364,11 +4369,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4582,10 +4587,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -4593,11 +4596,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -4636,10 +4637,8 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. format: int64 @@ -4649,7 +4648,6 @@ spec: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. format: int64 @@ -4659,7 +4657,6 @@ spec: Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. format: int64 @@ -4669,7 +4666,6 @@ spec: Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. format: int64 @@ -4709,7 +4705,6 @@ spec: without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) - This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. format: int32 @@ -4719,7 +4714,6 @@ spec: Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). For now this field has no effect. - (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: - StatefulSet @@ -4730,6 +4724,21 @@ spec: type: string description: Defines on which Nodes the Pods are scheduled. type: object + otlp: + description: |- + Settings related to the OTLP receiver feature. + It requires Prometheus >= v2.55.0. + properties: + promoteResourceAttributes: + description: List of OpenTelemetry Attributes that should be promoted + to metric labels, defaults to none. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + type: object overrideHonorLabels: description: |- When true, Prometheus resolves label conflicts by renaming the labels in the scraped data @@ -4776,7 +4785,6 @@ spec: description: |- PodMetadata configures labels and annotations which are propagated to the Prometheus pods. - The following items are reserved and cannot be overridden: * "prometheus" label, set to the name of the Prometheus object. * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. @@ -4869,7 +4877,6 @@ spec: PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -4992,7 +4999,6 @@ spec: Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -5051,7 +5057,6 @@ spec: name. The external label will _not_ be added when the field is set to the empty string (`""`). - Default: "prometheus" type: string reloadStrategy: @@ -5073,10 +5078,8 @@ spec: description: |- Authorization section for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. properties: credentials: @@ -5094,9 +5097,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5114,10 +5115,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -5125,10 +5124,8 @@ spec: description: |- AzureAD for the URL. - It requires Prometheus >= v2.45.0. - Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. properties: cloud: @@ -5155,7 +5152,6 @@ spec: OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity` or `sdk`. - It requires Prometheus >= v2.48.0. properties: clientId: @@ -5180,9 +5176,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5210,7 +5204,6 @@ spec: See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as `oauth` or `managedIdentity`. - It requires Prometheus >= 2.52.0. properties: tenantId: @@ -5225,7 +5218,6 @@ spec: description: |- BasicAuth configuration for the URL. - Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. properties: password: @@ -5244,9 +5236,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5272,9 +5262,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5290,14 +5278,12 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File from which to read bearer token for the URL. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string enableHTTP2: @@ -5307,7 +5293,6 @@ spec: description: |- Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.26.0. type: boolean headers: @@ -5317,9 +5302,26 @@ spec: Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. - It requires Prometheus >= v2.25.0. type: object + messageVersion: + description: |- + The Remote Write message's version to use when writing to the endpoint. + + `Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0. + `Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0. + + When `Version2.0` is selected, Prometheus will automatically be + configured to append the metadata of scraped metrics to the WAL. + + Before setting this field, consult with your remote storage provider + what message version it supports. + + It requires Prometheus >= v2.54.0. + enum: + - V1.0 + - V2.0 + type: string metadataConfig: description: MetadataConfig configures the sending of series metadata to the remote storage. @@ -5339,7 +5341,6 @@ spec: The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. - It requires Prometheus >= v2.15.0. type: string noProxy: @@ -5348,17 +5349,14 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- OAuth2 configuration for the URL. - It requires Prometheus >= v2.27.0. - Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. properties: clientId: @@ -5380,9 +5378,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5406,9 +5402,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5435,9 +5429,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5454,12 +5446,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5486,9 +5698,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5503,24 +5713,17 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string queueConfig: @@ -5566,7 +5769,6 @@ spec: description: |- Retry upon receiving a 429 status code from the remote-write storage. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. type: boolean @@ -5584,10 +5786,9 @@ spec: sendExemplars: description: |- Enables sending of exemplars over remote write. Note that - exemplar-storage itself must be enabled using the `spec.enableFeature` + exemplar-storage itself must be enabled using the `spec.enableFeatures` option for exemplars to be scraped in the first place. - It requires Prometheus >= v2.27.0. type: boolean sendNativeHistograms: @@ -5595,17 +5796,14 @@ spec: Enables sending of native histograms, also known as sparse histograms over remote write. - It requires Prometheus >= v2.40.0. type: boolean sigv4: description: |- Sigv4 allows to configures AWS's Signature Verification 4 for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. properties: accessKey: @@ -5624,9 +5822,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5662,9 +5858,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5696,9 +5890,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5722,9 +5914,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5756,9 +5946,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5782,9 +5970,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5821,9 +6007,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5833,12 +6017,35 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object url: description: The URL of the endpoint to send samples to. + minLength: 1 type: string writeRelabelConfigs: description: The list of remote write relabel configurations. @@ -5847,7 +6054,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -5855,11 +6061,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -5889,7 +6093,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -5902,7 +6105,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -5925,11 +6127,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -5938,13 +6138,26 @@ spec: - url type: object type: array + remoteWriteReceiverMessageVersions: + description: |- + List of the protobuf message versions to accept when receiving the + remote writes. + + It requires Prometheus >= v2.54.0. + items: + enum: + - V1.0 + - V2.0 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set replicaExternalLabelName: description: |- Name of Prometheus external label used to denote the replica name. The external label will _not_ be added when the field is set to the empty string (`""`). - Default: "prometheus_replica" type: string replicas: @@ -5953,7 +6166,6 @@ spec: `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. - Default: 1 format: int32 type: integer @@ -5966,11 +6178,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -5981,6 +6191,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -6017,7 +6233,6 @@ spec: description: |- The route prefix Prometheus registers HTTP handlers for. - This is useful when using `spec.externalURL`, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example @@ -6028,7 +6243,6 @@ spec: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. format: int64 @@ -6038,36 +6252,46 @@ spec: List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. items: properties: + attachMetadata: + description: |- + AttachMetadata configures additional metadata to the discovered targets. + When the scrape object defines its own configuration, it takes + precedence over the scrape class configuration. + properties: + node: + description: |- + When set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. + type: boolean + type: object default: description: |- Default indicates that the scrape applies to all scrape objects that don't configure an explicit scrape class name. - Only one scrape class can be set as the default. type: boolean metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. - The Operator adds the scrape class metric relabelings defined here. Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. Then the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -6075,11 +6299,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -6109,7 +6331,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -6122,7 +6343,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -6145,11 +6365,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -6162,20 +6380,17 @@ spec: description: |- Relabelings configures the relabeling rules to apply to all scrape targets. - The Operator automatically adds relabelings for a few standard Kubernetes fields like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. Then the Operator adds the scrape class relabelings defined here. Then the Operator adds the target-specific relabelings defined in the scrape object. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -6183,11 +6398,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -6217,7 +6430,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -6230,7 +6442,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -6253,11 +6464,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -6268,7 +6477,6 @@ spec: scrape objects define their own CA, certificate and/or key, they take precedence over the corresponding scrape class fields. - For now only the `caFile`, `certFile` and `keyFile` fields are supported. properties: ca: @@ -6289,9 +6497,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6315,9 +6521,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6349,9 +6553,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6375,9 +6577,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6414,9 +6614,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6426,6 +6624,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -6443,7 +6663,6 @@ spec: matches all namespaces. A null label selector matches the current namespace only. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. properties: matchExpressions: @@ -6494,7 +6713,6 @@ spec: ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -6504,7 +6722,6 @@ spec: of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. properties: matchExpressions: @@ -6555,7 +6772,6 @@ spec: description: |- Interval between consecutive scrapes. - Default: "30s" pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -6564,10 +6780,8 @@ spec: The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -6599,6 +6813,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set securityContext: description: |- SecurityContext holds pod-level security attributes and common container settings. @@ -6633,12 +6848,10 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -6725,7 +6938,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -6735,18 +6947,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -6805,6 +7027,17 @@ spec: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. type: string + serviceDiscoveryRole: + description: |- + Defines the service discovery role used to discover targets from + `ServiceMonitor` objects and Alertmanager endpoints. + + If set, the value should be either "Endpoints" or "EndpointSlice". + If unset, the operator assumes the "Endpoints" role. + enum: + - Endpoints + - EndpointSlice + type: string serviceMonitorNamespaceSelector: description: |- Namespaces to match for ServicedMonitors discovery. An empty label selector @@ -6859,7 +7092,6 @@ spec: ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -6917,18 +7149,15 @@ spec: Number of shards to distribute targets onto. `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. - Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. - Sharding is performed on the content of the `__address__` target meta-label for PodMonitors and ServiceMonitors and `__param_target__` for Probes. - Default: 1 format: int32 type: integer @@ -6983,7 +7212,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -6993,11 +7221,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -7200,7 +7426,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -7456,7 +7682,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -7494,8 +7720,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -7514,12 +7740,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -7539,21 +7765,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -7598,8 +7824,16 @@ spec: status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + PersistentVolumeClaimConditionType defines the condition of PV claim. + Valid values are: + - "Resizing", "FileSystemResizePending" + + If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected: + - "ControllerResizeError", "NodeResizeError" + + If VolumeAttributesClass feature gate is enabled, then following additional values can be expected: + - "ModifyVolumeError", "ModifyingVolume" type: string required: - status @@ -7613,13 +7847,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -7654,7 +7888,6 @@ spec: TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. format: int64 @@ -7769,7 +8002,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -7809,7 +8041,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -7827,7 +8058,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -7839,7 +8069,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -7887,7 +8116,6 @@ spec: description: |- TracingConfig configures tracing in Prometheus. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -7952,9 +8180,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7978,9 +8204,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8012,9 +8236,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -8038,9 +8260,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8077,9 +8297,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -8089,6 +8307,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -8096,12 +8336,31 @@ spec: required: - endpoint type: object + tsdb: + description: |- + Defines the runtime reloadable configuration of the timeseries database(TSDB). + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + properties: + outOfOrderTimeWindow: + description: |- + Configures how old an out-of-order/out-of-bounds sample can be with + respect to the TSDB max time. + + An out-of-order/out-of-bounds sample is ingested into the TSDB as long as + the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). + + This is an *experimental feature*, it may change in any upcoming release + in a breaking way. + + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object version: description: |- Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. - If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released. @@ -8110,7 +8369,6 @@ spec: description: |- VolumeMounts allows the configuration of additional VolumeMounts. - VolumeMounts will be appended to other VolumeMounts in the 'prometheus' container, that are generated as a result of StorageSpec objects. items: @@ -8144,10 +8402,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -8155,11 +8411,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -8200,7 +8454,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -8240,6 +8493,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -8252,6 +8506,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -8319,9 +8574,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -8363,9 +8616,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -8437,9 +8688,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap or its @@ -8478,9 +8727,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -8617,7 +8864,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -8628,17 +8874,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -8652,7 +8895,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -8662,11 +8904,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -8869,7 +9109,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -8895,7 +9135,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -8963,9 +9202,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -8999,7 +9236,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -9080,9 +9316,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -9099,6 +9332,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -9119,7 +9387,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -9131,6 +9398,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -9163,9 +9431,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -9282,24 +9548,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -9433,9 +9699,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap @@ -9573,9 +9837,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional field specify whether the @@ -9665,7 +9927,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -9673,6 +9934,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -9687,6 +9949,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -9712,13 +9975,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -9733,6 +9995,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -9764,9 +10027,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -9775,6 +10036,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -9888,9 +10150,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -9942,10 +10202,8 @@ spec: description: |- Configures compression of the write-ahead log (WAL) using Snappy. - WAL compression is enabled by default for Prometheus >= 2.20.0 - Requires Prometheus v2.11.0 and above. type: boolean web: @@ -10034,9 +10292,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -10060,9 +10316,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -10073,6 +10327,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -10099,9 +10358,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -10125,9 +10382,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -10144,6 +10399,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -10152,6 +10412,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -10166,9 +10431,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10193,9 +10456,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml index a3dc1c266e0..bda29b75672 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml @@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -49,7 +49,14 @@ spec: name: v1 schema: openAPIV3Schema: - description: Prometheus defines a Prometheus deployment. + description: |- + The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more. + + For each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default. + + The resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances. + + The Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed. properties: apiVersion: description: |- @@ -81,13 +88,10 @@ spec: Prometheus Operator. They must be formatted according to the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config - The user is responsible for making sure that the configurations are valid - Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break @@ -104,9 +108,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -123,13 +125,10 @@ spec: Prometheus Operator. They must be formatted according to the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - The user is responsible for making sure that the configurations are valid - Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break @@ -146,9 +145,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -161,13 +158,11 @@ spec: description: |- AdditionalArgs allows setting additional arguments for the 'prometheus' container. - It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. - In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. @@ -211,9 +206,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -506,7 +499,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -521,7 +514,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -687,7 +680,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -702,7 +695,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -865,7 +858,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -880,7 +873,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1046,7 +1039,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1061,7 +1054,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1146,8 +1139,8 @@ spec: description: Defines the settings related to Alertmanager. properties: alertmanagers: - description: AlertmanagerEndpoints Prometheus should fire alerts - against. + description: Alertmanager endpoints where Prometheus should send + alerts to. items: description: |- AlertmanagerEndpoints defines a selection of a single Endpoints object @@ -1162,7 +1155,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -1170,11 +1162,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -1204,7 +1194,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -1217,7 +1206,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -1240,11 +1228,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -1258,7 +1244,6 @@ spec: description: |- Authorization section for Alertmanager. - Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`. properties: credentials: @@ -1276,9 +1261,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1292,10 +1275,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1303,7 +1284,6 @@ spec: description: |- BasicAuth configuration for Alertmanager. - Cannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`. properties: password: @@ -1322,9 +1302,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1350,9 +1328,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1367,10 +1343,8 @@ spec: description: |- File to read bearer token for Alertmanager. - Cannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string enableHttp2: @@ -1378,9 +1352,15 @@ spec: type: boolean name: description: Name of the Endpoints object in the namespace. + minLength: 1 type: string namespace: - description: Namespace of the Endpoints object. + description: |- + Namespace of the Endpoints object. + + If not set, the object will be discovered in the namespace of the + Prometheus object. + minLength: 1 type: string pathPrefix: description: Prefix for the HTTP path alerts are pushed @@ -1400,7 +1380,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -1408,11 +1387,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -1442,7 +1419,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -1455,7 +1431,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -1478,11 +1453,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -1494,10 +1467,8 @@ spec: description: |- Sigv4 allows to configures AWS's Signature Verification 4 for the URL. - It requires Prometheus >= v2.48.0. - Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`. properties: accessKey: @@ -1516,9 +1487,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1556,9 +1525,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1595,9 +1562,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -1622,9 +1587,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1657,9 +1620,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -1684,9 +1645,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1723,9 +1682,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1735,13 +1692,34 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - name - - namespace - port type: object type: array @@ -1753,7 +1731,6 @@ spec: AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. - Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default. type: boolean apiserverConfig: @@ -1768,7 +1745,6 @@ spec: description: |- Authorization section for the API server. - Cannot be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`. properties: @@ -1787,9 +1763,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1807,10 +1781,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -1818,7 +1790,6 @@ spec: description: |- BasicAuth configuration for the API server. - Cannot be set at the same time as `authorization`, `bearerToken`, or `bearerTokenFile`. properties: @@ -1838,9 +1809,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1866,9 +1835,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1884,17 +1851,14 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File to read bearer token for accessing apiserver. - Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string host: @@ -1923,9 +1887,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1949,9 +1911,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1983,9 +1943,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -2009,9 +1967,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2048,9 +2004,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2060,6 +2014,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -2088,7 +2064,6 @@ spec: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the field isn't set, the operator mounts the service account token by default. - **Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. type: boolean @@ -2100,7 +2075,6 @@ spec: BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ @@ -2123,13 +2097,11 @@ spec: container if they share the same name and modifications are done via a strategic merge patch. - The names of containers managed by the operator are: * `prometheus` * `config-reloader` * `thanos-sidecar` - Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. @@ -2206,9 +2178,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -2274,9 +2244,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -2316,9 +2284,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -2340,9 +2306,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -2627,11 +2591,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2839,11 +2803,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2991,11 +2955,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -3006,6 +2968,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -3129,7 +3097,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -3211,7 +3179,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -3292,11 +3259,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -3510,10 +3477,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -3521,11 +3486,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -3562,17 +3525,69 @@ spec: disableCompaction: description: When true, the Prometheus compaction is disabled. type: boolean + dnsConfig: + description: Defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: Name is required and must be unique. + minLength: 1 + type: string + value: + description: Value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: Defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string enableAdminAPI: description: |- Enables access to the Prometheus web admin API. - WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. - For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis type: boolean @@ -3580,12 +3595,10 @@ spec: description: |- Enable access to Prometheus feature flags. By default, no features are enabled. - Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. - For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ items: minLength: 1 @@ -3597,14 +3610,12 @@ spec: Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. - WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver - It requires Prometheus >= v2.33.0. type: boolean enforcedBodySizeLimit: @@ -3614,10 +3625,8 @@ spec: Targets responding with a body larger than this many bytes will cause the scrape to fail. - It requires Prometheus >= v2.28.0. - When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`. @@ -3633,10 +3642,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is greater than zero and less than `spec.enforcedKeepDroppedTargets`. - It requires Prometheus >= v2.47.0. - When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply: * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`. @@ -3651,10 +3658,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`. @@ -3669,10 +3674,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is greater than zero and less than `spec.enforcedLabelNameLengthLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`. @@ -3687,10 +3690,8 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is greater than zero and less than `spec.enforcedLabelValueLengthLimit`. - It requires Prometheus >= v2.27.0. - When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`. @@ -3702,16 +3703,13 @@ spec: description: |- When not empty, a label will be added to: - 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. 2. All metrics generated from recording rules defined in `PrometheusRule` objects. 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. - The label will not added for objects referenced in `spec.excludedFromEnforcement`. - The label's name is this field's value. The label's value is the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object. @@ -3724,11 +3722,9 @@ spec: unless `spec.sampleLimit` is greater than zero and less than `spec.enforcedSampleLimit`. - It is meant to be used by admins to keep the overall number of samples/series under a desired limit. - When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`. @@ -3743,11 +3739,9 @@ spec: ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. - It is meant to be used by admins to to keep the overall number of targets under a desired limit. - When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply: * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`. @@ -3767,7 +3761,6 @@ spec: List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. - It is only applicable if `spec.enforcedNamespaceLabel` set to true. items: description: ObjectReference references a PodMonitor, ServiceMonitor, @@ -3813,11 +3806,9 @@ spec: description: |- Maximum number of exemplars stored in memory for all series. - exemplar-storage itself must be enabled using the `spec.enableFeature` option for exemplars to be scraped in the first place. - If not set, Prometheus uses its default value. A value of zero or less than zero disables the storage. format: int64 @@ -3867,13 +3858,12 @@ spec: description: |- Use the host's network namespace if true. - Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). - When hostNetwork is enabled, this will set the DNS policy to - `ClusterFirstWithHostNet` automatically. + `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set + to a different value). type: boolean ignoreNamespaceSelectors: description: |- @@ -3887,11 +3877,9 @@ spec: Container image name for Prometheus. If specified, it takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. - Specifying `spec.version` is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured. - If neither `spec.image` nor `spec.baseImage` are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released. @@ -3923,9 +3911,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -3941,11 +3927,9 @@ spec: containers if they share the same name and modifications are done via a strategic merge patch. - The names of init container name managed by the operator are: * `init-config-reloader`. - Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. @@ -4022,9 +4006,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -4090,9 +4072,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -4132,9 +4112,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -4156,9 +4134,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -4443,11 +4419,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4655,11 +4631,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4807,11 +4783,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -4822,6 +4796,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -4945,7 +4925,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -5027,7 +5007,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -5108,11 +5087,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -5326,10 +5305,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -5337,11 +5314,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -5380,10 +5355,8 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. format: int64 @@ -5393,7 +5366,6 @@ spec: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. format: int64 @@ -5403,7 +5375,6 @@ spec: Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. format: int64 @@ -5413,7 +5384,6 @@ spec: Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. format: int64 @@ -5453,7 +5423,6 @@ spec: without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) - This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. format: int32 @@ -5463,6 +5432,21 @@ spec: type: string description: Defines on which Nodes the Pods are scheduled. type: object + otlp: + description: |- + Settings related to the OTLP receiver feature. + It requires Prometheus >= v2.55.0. + properties: + promoteResourceAttributes: + description: List of OpenTelemetry Attributes that should be promoted + to metric labels, defaults to none. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + type: object overrideHonorLabels: description: |- When true, Prometheus resolves label conflicts by renaming the labels in the scraped data @@ -5509,7 +5493,6 @@ spec: description: |- PodMetadata configures labels and annotations which are propagated to the Prometheus pods. - The following items are reserved and cannot be overridden: * "prometheus" label, set to the name of the Prometheus object. * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. @@ -5602,7 +5585,6 @@ spec: PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -5725,7 +5707,6 @@ spec: Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -5784,7 +5765,6 @@ spec: name. The external label will _not_ be added when the field is set to the empty string (`""`). - Default: "prometheus" type: string prometheusRulesExcludedFromEnforce: @@ -5839,7 +5819,6 @@ spec: description: |- queryLogFile specifies where the file to which PromQL queries are logged. - If the filename has an empty path, e.g. 'query.log', The Prometheus Pods will mount the file into an emptyDir volume at `/var/log/prometheus`. If a full path is provided, e.g. '/var/log/prometheus/query.log', you @@ -5869,10 +5848,8 @@ spec: description: |- Authorization section for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: @@ -5890,9 +5867,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5910,10 +5885,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -5921,7 +5894,6 @@ spec: description: |- BasicAuth configuration for the URL. - Cannot be set at the same time as `authorization`, or `oauth2`. properties: password: @@ -5940,9 +5912,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5968,9 +5938,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5986,28 +5954,24 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File from which to read the bearer token for the URL. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string filterExternalLabels: description: |- Whether to use the external labels as selectors for the remote read endpoint. - It requires Prometheus >= v2.34.0. type: boolean followRedirects: description: |- Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.26.0. type: boolean headers: @@ -6024,7 +5988,6 @@ spec: name is used in metrics and logging in order to differentiate read configurations. - It requires Prometheus >= v2.15.0. type: string noProxy: @@ -6033,17 +5996,14 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- OAuth2 configuration for the URL. - It requires Prometheus >= v2.27.0. - Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: @@ -6065,9 +6025,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6091,9 +6049,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6120,9 +6076,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6139,73 +6093,284 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string readRecent: @@ -6245,9 +6410,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6271,9 +6434,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6305,9 +6466,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6331,9 +6490,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6370,9 +6527,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6382,6 +6537,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -6404,10 +6581,8 @@ spec: description: |- Authorization section for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. properties: credentials: @@ -6425,9 +6600,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6445,10 +6618,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -6456,10 +6627,8 @@ spec: description: |- AzureAD for the URL. - It requires Prometheus >= v2.45.0. - Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. properties: cloud: @@ -6486,7 +6655,6 @@ spec: OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity` or `sdk`. - It requires Prometheus >= v2.48.0. properties: clientId: @@ -6511,9 +6679,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6541,7 +6707,6 @@ spec: See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as `oauth` or `managedIdentity`. - It requires Prometheus >= 2.52.0. properties: tenantId: @@ -6556,7 +6721,6 @@ spec: description: |- BasicAuth configuration for the URL. - Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. properties: password: @@ -6575,9 +6739,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6603,9 +6765,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6621,14 +6781,12 @@ spec: *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* - Deprecated: this will be removed in a future release. type: string bearerTokenFile: description: |- File from which to read bearer token for the URL. - Deprecated: this will be removed in a future release. Prefer using `authorization`. type: string enableHTTP2: @@ -6638,7 +6796,6 @@ spec: description: |- Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.26.0. type: boolean headers: @@ -6648,9 +6805,26 @@ spec: Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. - It requires Prometheus >= v2.25.0. type: object + messageVersion: + description: |- + The Remote Write message's version to use when writing to the endpoint. + + `Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0. + `Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0. + + When `Version2.0` is selected, Prometheus will automatically be + configured to append the metadata of scraped metrics to the WAL. + + Before setting this field, consult with your remote storage provider + what message version it supports. + + It requires Prometheus >= v2.54.0. + enum: + - V1.0 + - V2.0 + type: string metadataConfig: description: MetadataConfig configures the sending of series metadata to the remote storage. @@ -6670,7 +6844,6 @@ spec: The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. - It requires Prometheus >= v2.15.0. type: string noProxy: @@ -6679,17 +6852,14 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- OAuth2 configuration for the URL. - It requires Prometheus >= v2.27.0. - Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. properties: clientId: @@ -6711,9 +6881,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6722,9 +6890,243 @@ spec: required: - key type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. properties: key: description: The key of the secret to select from. Must @@ -6737,9 +7139,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6749,48 +7149,32 @@ spec: - key type: object x-kubernetes-map-type: atomic - type: object - clientSecret: - description: |- - `clientSecret` specifies a key of a Secret containing the OAuth2 - client's secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 type: string - name: - default: "" + minVersion: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -6817,9 +7201,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6834,24 +7216,17 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string queueConfig: @@ -6897,7 +7272,6 @@ spec: description: |- Retry upon receiving a 429 status code from the remote-write storage. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. type: boolean @@ -6915,10 +7289,9 @@ spec: sendExemplars: description: |- Enables sending of exemplars over remote write. Note that - exemplar-storage itself must be enabled using the `spec.enableFeature` + exemplar-storage itself must be enabled using the `spec.enableFeatures` option for exemplars to be scraped in the first place. - It requires Prometheus >= v2.27.0. type: boolean sendNativeHistograms: @@ -6926,17 +7299,14 @@ spec: Enables sending of native histograms, also known as sparse histograms over remote write. - It requires Prometheus >= v2.40.0. type: boolean sigv4: description: |- Sigv4 allows to configures AWS's Signature Verification 4 for the URL. - It requires Prometheus >= v2.26.0. - Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. properties: accessKey: @@ -6955,9 +7325,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6993,9 +7361,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7027,9 +7393,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7053,9 +7417,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7087,9 +7449,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7113,9 +7473,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7152,9 +7510,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7164,12 +7520,35 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object url: description: The URL of the endpoint to send samples to. + minLength: 1 type: string writeRelabelConfigs: description: The list of remote write relabel configurations. @@ -7178,7 +7557,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -7186,11 +7564,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -7220,7 +7596,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -7233,7 +7608,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -7256,11 +7630,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -7269,13 +7641,26 @@ spec: - url type: object type: array + remoteWriteReceiverMessageVersions: + description: |- + List of the protobuf message versions to accept when receiving the + remote writes. + + It requires Prometheus >= v2.54.0. + items: + enum: + - V1.0 + - V2.0 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set replicaExternalLabelName: description: |- Name of Prometheus external label used to denote the replica name. The external label will _not_ be added when the field is set to the empty string (`""`). - Default: "prometheus_replica" type: string replicas: @@ -7284,7 +7669,6 @@ spec: `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. - Default: 1 format: int32 type: integer @@ -7297,11 +7681,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -7312,6 +7694,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -7348,7 +7736,6 @@ spec: description: |- How long to retain the Prometheus data. - Default: "24h" if `spec.retention` and `spec.retentionSize` are empty. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -7360,7 +7747,6 @@ spec: description: |- The route prefix Prometheus registers HTTP handlers for. - This is useful when using `spec.externalURL`, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example @@ -7415,6 +7801,12 @@ spec: type: object type: object x-kubernetes-map-type: atomic + ruleQueryOffset: + description: |- + Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. + It requires Prometheus >= v2.53.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string ruleSelector: description: |- PrometheusRule objects to be selected for rule evaluation. An empty @@ -7471,14 +7863,12 @@ spec: description: |- Defines the parameters of the Prometheus rules' engine. - Any update to these parameters trigger a restart of the pods. properties: forGracePeriod: description: |- Minimum duration between alert and restored 'for' state. - This is maintained only for alerts with a configured 'for' time greater than the grace period. type: string @@ -7494,12 +7884,23 @@ spec: type: string type: object type: object + runtime: + description: RuntimeConfig configures the values for the Prometheus + process behavior + properties: + goGC: + description: |- + The Go garbage collection target percentage. Lowering this number may increase the CPU usage. + See: https://tip.golang.org/doc/gc-guide#GOGC + format: int32 + minimum: -1 + type: integer + type: object sampleLimit: description: |- SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. format: int64 @@ -7509,36 +7910,46 @@ spec: List of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. items: properties: + attachMetadata: + description: |- + AttachMetadata configures additional metadata to the discovered targets. + When the scrape object defines its own configuration, it takes + precedence over the scrape class configuration. + properties: + node: + description: |- + When set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. + type: boolean + type: object default: description: |- Default indicates that the scrape applies to all scrape objects that don't configure an explicit scrape class name. - Only one scrape class can be set as the default. type: boolean metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. - The Operator adds the scrape class metric relabelings defined here. Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. Then the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -7546,11 +7957,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -7580,7 +7989,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -7593,7 +8001,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -7616,11 +8023,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -7633,20 +8038,17 @@ spec: description: |- Relabelings configures the relabeling rules to apply to all scrape targets. - The Operator automatically adds relabelings for a few standard Kubernetes fields like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. Then the Operator adds the scrape class relabelings defined here. Then the Operator adds the target-specific relabelings defined in the scrape object. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -7654,11 +8056,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -7688,7 +8088,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -7701,7 +8100,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -7724,11 +8122,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -7739,7 +8135,6 @@ spec: scrape objects define their own CA, certificate and/or key, they take precedence over the corresponding scrape class fields. - For now only the `caFile`, `certFile` and `keyFile` fields are supported. properties: ca: @@ -7760,9 +8155,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7786,9 +8179,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7820,9 +8211,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7846,9 +8235,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7885,9 +8272,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7897,6 +8282,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -7914,7 +8321,6 @@ spec: matches all namespaces. A null label selector matches the current namespace only. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. properties: matchExpressions: @@ -7965,7 +8371,6 @@ spec: ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -7975,7 +8380,6 @@ spec: of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. properties: matchExpressions: @@ -8026,7 +8430,6 @@ spec: description: |- Interval between consecutive scrapes. - Default: "30s" pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -8035,10 +8438,8 @@ spec: The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -8070,6 +8471,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set securityContext: description: |- SecurityContext holds pod-level security attributes and common container settings. @@ -8104,12 +8506,10 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -8196,7 +8596,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -8206,18 +8605,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -8276,6 +8685,17 @@ spec: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. type: string + serviceDiscoveryRole: + description: |- + Defines the service discovery role used to discover targets from + `ServiceMonitor` objects and Alertmanager endpoints. + + If set, the value should be either "Endpoints" or "EndpointSlice". + If unset, the operator assumes the "Endpoints" role. + enum: + - Endpoints + - EndpointSlice + type: string serviceMonitorNamespaceSelector: description: |- Namespaces to match for ServicedMonitors discovery. An empty label selector @@ -8330,7 +8750,6 @@ spec: ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. - If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's @@ -8392,18 +8811,15 @@ spec: Number of shards to distribute targets onto. `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. - Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. - Sharding is performed on the content of the `__address__` target meta-label for PodMonitors and ServiceMonitors and `__param_target__` for Probes. - Default: 1 format: int32 type: integer @@ -8458,7 +8874,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -8468,11 +8883,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -8675,7 +9088,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -8931,7 +9344,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -8969,8 +9382,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -8989,12 +9402,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -9014,21 +9427,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -9073,8 +9486,16 @@ spec: status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + PersistentVolumeClaimConditionType defines the condition of PV claim. + Valid values are: + - "Resizing", "FileSystemResizePending" + + If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected: + - "ControllerResizeError", "NodeResizeError" + + If VolumeAttributesClass feature gate is enabled, then following additional values can be expected: + - "ModifyVolumeError", "ModifyingVolume" type: string required: - status @@ -9088,13 +9509,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -9133,7 +9554,6 @@ spec: TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. - Note that the global limit only applies to scrape objects that don't specify an explicit limit value. If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. format: int64 @@ -9173,7 +9593,6 @@ spec: BlockDuration controls the size of TSDB blocks produced by Prometheus. The default value is 2h to match the upstream Prometheus defaults. - WARNING: Changing the block duration can impact the performance and efficiency of the entire Prometheus/Thanos stack due to how it interacts with memory and Thanos compactors. It is recommended to keep this value @@ -9195,14 +9614,12 @@ spec: When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP's address for the gRPC endpoints. - It has no effect if `listenLocal` is true. type: boolean grpcServerTlsConfig: description: |- Configures the TLS parameters for the gRPC server providing the StoreAPI. - Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported. properties: ca: @@ -9223,9 +9640,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -9249,9 +9664,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -9283,9 +9696,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -9309,9 +9720,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -9348,9 +9757,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -9360,6 +9767,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -9369,7 +9798,6 @@ spec: When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP's address for the HTTP endpoints. - It has no effect if `listenLocal` is true. type: boolean image: @@ -9378,11 +9806,9 @@ spec: the `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha` fields. - Specifying `spec.thanos.version` is still necessary to ensure the Prometheus Operator knows which version of Thanos is being configured. - If neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined, the operator will use the latest upstream version of Thanos available at the time when the operator was released. @@ -9418,10 +9844,8 @@ spec: description: |- Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage. - More info: https://thanos.io/tip/thanos/storage.md/ - objectStorageConfigFile takes precedence over this field. properties: key: @@ -9435,9 +9859,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -9451,10 +9873,8 @@ spec: description: |- Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage. - More info: https://thanos.io/tip/thanos/storage.md/ - This field takes precedence over objectStorageConfig. type: string readyTimeout: @@ -9472,11 +9892,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -9487,6 +9905,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -9531,13 +9955,10 @@ spec: description: |- Defines the tracing configuration for the Thanos sidecar. - `tracingConfigFile` takes precedence over this field. - More info: https://thanos.io/tip/thanos/tracing.md/ - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -9552,9 +9973,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -9568,13 +9987,10 @@ spec: description: |- Defines the tracing configuration file for the Thanos sidecar. - This field takes precedence over `tracingConfig`. - More info: https://thanos.io/tip/thanos/tracing.md/ - This is an *experimental feature*, it may change in any upcoming release in a breaking way. type: string @@ -9583,7 +9999,6 @@ spec: Version of Thanos being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. - If not specified, the operator assumes the latest upstream release of Thanos available at the time when the version of the operator was released. @@ -9624,10 +10039,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -9635,11 +10048,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -9770,7 +10181,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -9810,7 +10220,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -9828,7 +10237,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -9840,7 +10248,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -9888,7 +10295,6 @@ spec: description: |- TracingConfig configures tracing in Prometheus. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -9953,9 +10359,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -9979,9 +10383,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -10013,9 +10415,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -10039,9 +10439,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -10078,9 +10476,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10090,6 +10486,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -10099,24 +10517,21 @@ spec: type: object tsdb: description: |- - Defines the runtime reloadable configuration of the timeseries database - (TSDB). + Defines the runtime reloadable configuration of the timeseries database(TSDB). + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. properties: outOfOrderTimeWindow: description: |- Configures how old an out-of-order/out-of-bounds sample can be with respect to the TSDB max time. - An out-of-order/out-of-bounds sample is ingested into the TSDB as long as the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). - This is an *experimental feature*, it may change in any upcoming release in a breaking way. - - It requires Prometheus >= v2.39.0. + It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string type: object @@ -10125,7 +10540,6 @@ spec: Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. - If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released. @@ -10134,7 +10548,6 @@ spec: description: |- VolumeMounts allows the configuration of additional VolumeMounts. - VolumeMounts will be appended to other VolumeMounts in the 'prometheus' container, that are generated as a result of StorageSpec objects. items: @@ -10168,10 +10581,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -10179,11 +10590,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -10224,7 +10633,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -10264,6 +10672,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -10276,6 +10685,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -10343,9 +10753,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -10387,9 +10795,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -10461,9 +10867,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap or its @@ -10502,9 +10906,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -10641,7 +11043,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -10652,17 +11053,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -10676,7 +11074,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -10686,11 +11083,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -10893,7 +11288,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -10919,7 +11314,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -10987,9 +11381,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -11023,7 +11415,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -11104,9 +11495,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -11123,6 +11511,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -11143,7 +11566,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -11155,6 +11577,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -11187,9 +11610,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -11306,24 +11727,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -11457,9 +11878,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap @@ -11597,9 +12016,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional field specify whether the @@ -11689,7 +12106,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -11697,6 +12113,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -11711,6 +12128,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -11736,13 +12154,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -11757,6 +12174,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -11788,9 +12206,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -11799,6 +12215,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -11912,9 +12329,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -11966,10 +12381,8 @@ spec: description: |- Configures compression of the write-ahead log (WAL) using Snappy. - WAL compression is enabled by default for Prometheus >= 2.20.0 - Requires Prometheus v2.11.0 and above. type: boolean web: @@ -12058,9 +12471,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -12084,9 +12495,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -12097,6 +12506,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -12123,9 +12537,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -12149,9 +12561,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -12168,6 +12578,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -12176,6 +12591,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -12190,9 +12610,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12217,9 +12635,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml index c8c1e4d278e..06680b72f58 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml @@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22,8 +22,10 @@ spec: - name: v1 schema: openAPIV3Schema: - description: PrometheusRule defines recording and alerting rules for a Prometheus - instance + description: |- + The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects. + + `Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors. properties: apiVersion: description: |- @@ -73,6 +75,14 @@ spec: More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response pattern: ^(?i)(abort|warn)?$ type: string + query_offset: + description: |- + Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. + + It requires Prometheus >= v2.53.0. + It is not supported for ThanosRuler. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string rules: description: List of alerting and recording rules. items: diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml index 2be9f9f42c7..ddd8cec5f9f 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml @@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47,21 +47,192 @@ spec: description: ScrapeConfigSpec is a specification of the desired configuration for a scrape configuration. properties: - NomadSDConfigs: - description: NomadSDConfigs defines a list of Nomad service discovery + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace that contains + the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + azureSDConfigs: + description: AzureSDConfigs defines a list of Azure service discovery configurations. items: description: |- - NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config + AzureSDConfig allow retrieving scrape targets from Azure VMs. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config + properties: + authenticationMethod: + description: |- + # The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`. + See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview + SDK authentication method uses environment variables by default. + See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication + enum: + - OAuth + - ManagedIdentity + - SDK + type: string + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. + type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + environment: + description: The Azure environment. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + type: integer + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + resourceGroup: + description: Optional resource group name. Limits discovery + to this resource group. + type: string + subscriptionID: + description: The subscription ID. Always required. + minLength: 1 + type: string + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. + type: string + required: + - subscriptionID + type: object + type: array + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. + items: + description: |- + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: allowStale: description: |- - The information to access the Nomad API. It is to be defined - as the Nomad documentation requires. + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. type: boolean authorization: - description: Authorization header to use on every scrape request. + description: Authorization header configuration to authenticate + against the Consul Server. properties: credentials: description: Selects a key of a Secret in the namespace @@ -78,9 +249,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -94,15 +263,15 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints properties: password: description: |- @@ -120,9 +289,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -148,9 +315,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -161,14 +326,22 @@ spec: type: object x-kubernetes-map-type: atomic type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean namespace: + description: Namespaces are only supported in Consul Enterprise. type: string noProxy: description: |- @@ -176,13 +349,17 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: Node metadata key/value pairs to filter nodes for + a given service. + type: object + x-kubernetes-map-type: atomic oauth2: - description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + description: Optional OAuth 2.0 configuration. properties: clientId: description: |- @@ -203,9 +380,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -229,9 +404,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -258,9 +431,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -277,22 +448,245 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 type: string required: - clientId - clientSecret - tokenUrl type: object + partition: + description: Admin Partitions are only supported in Consul Enterprise. + type: string proxyConnectHeader: additionalProperties: items: @@ -309,9 +703,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -326,42 +718,58 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: description: |- - Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function. - Supported units: y, w, d, h, m, s, ms - Examples: `30s`, `1m`, `1h20m15s`, `15d` + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS type: string server: + description: A valid string consisting of a hostname or IP followed + by an optional port number. minLength: 1 type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: atomic tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. type: string + tags: + description: An optional list of tags used to filter nodes for + a given service. Services must contain all tags in the list. + items: + type: string + type: array + x-kubernetes-list-type: atomic tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS Config properties: ca: description: Certificate authority used when verifying server @@ -381,9 +789,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -407,9 +813,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -437,9 +841,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -463,9 +865,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -494,9 +894,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -506,81 +904,35 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object - required: - - server - type: object - type: array - authorization: - description: Authorization header to use on every scrape request. - properties: - credentials: - description: Selects a key of a Secret in the namespace that contains - the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - - "Basic" is not a supported value. - - - Default: "Bearer" - type: string - type: object - azureSDConfigs: - description: AzureSDConfigs defines a list of Azure service discovery - configurations. - items: - description: |- - AzureSDConfig allow retrieving scrape targets from Azure VMs. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config - properties: - authenticationMethod: - description: |- - # The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`. - See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview - SDK authentication method uses environment variables by default. - See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication - enum: - - OAuth - - ManagedIdentity - - SDK - type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. properties: key: description: The key of the secret to select from. Must @@ -593,9 +945,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -605,111 +955,23 @@ spec: - key type: object x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string required: - - subscriptionID + - server type: object type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: - allowStale: + authorization: description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean - authorization: - description: Authorization header configuration to authenticate - against the Consul Server. + Authorization header configuration to authenticate against the DigitalOcean API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -726,9 +988,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -742,110 +1002,30 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the Consul Server. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. - type: string enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: Namespaces are only supported in Consul Enterprise. - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: Node metadata key/value pairs to filter nodes for - a given service. - type: object - x-kubernetes-map-type: atomic oauth2: - description: Optional OAuth 2.0 configuration. + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -866,9 +1046,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -892,9 +1070,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -921,9 +1097,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -940,12 +1114,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -956,9 +1350,9 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - type: string + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -975,9 +1369,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -992,65 +1384,25 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS - type: string - server: - description: A valid string consisting of a hostname or IP followed - by an optional port number. - minLength: 1 - type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: atomic - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. - type: string - tags: - description: An optional list of tags used to filter nodes for - a given service. Services must contain all tags in the list. - items: - type: string - type: array - x-kubernetes-list-type: atomic tlsConfig: - description: TLS Config + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -1070,9 +1422,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1096,9 +1446,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1126,9 +1474,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1152,9 +1498,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1183,9 +1527,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1195,53 +1537,95 @@ spec: - key type: object x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 type: string - name: - default: "" + minVersion: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic - required: - - server type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string + required: + - names + type: object + type: array + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. + items: + description: |- + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. + Authorization header configuration to authenticate against the Docker API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -1259,9 +1643,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1275,28 +1657,121 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean + filters: + description: Optional filters to limit the discovery process + to a subset of the available resources. + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean + host: + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. + type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- @@ -1322,9 +1797,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1348,9 +1821,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1377,9 +1848,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1396,12 +1865,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -1431,9 +2120,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1448,28 +2135,21 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -1493,9 +2173,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1519,9 +2197,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1549,9 +2225,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1575,9 +2249,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1606,9 +2278,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1618,70 +2288,47 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object + required: + - host type: object type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - - When set to NS, It requires Prometheus >= 2.49.0. - enum: - - SRV - - A - - AAAA - - MX - - NS - type: string - required: - - names - type: object - type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. - items: - description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the Docker API. - Cannot be set at the same time as `oauth2`. + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: credentials: description: Selects a key of a Secret in the namespace @@ -1698,9 +2345,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1714,15 +2359,13 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: Optional HTTP basic authentication information. properties: password: description: |- @@ -1740,9 +2383,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1768,9 +2409,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1785,34 +2424,43 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. + description: |- + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: - description: DockerFilter is the configuration to limit the - discovery process to a subset of available resources. + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. properties: name: + description: Name of the Filter. type: string values: + description: Value to filter on. items: + minLength: 1 type: string + minItems: 1 type: array + x-kubernetes-list-type: set required: - name - values type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ type: string noProxy: description: |- @@ -1820,13 +2468,12 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -1847,9 +2494,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1873,9 +2518,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1902,9 +2545,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1921,12 +2562,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -1938,7 +2799,12 @@ spec: - tokenUrl type: object port: - description: The port to scrape metrics from. + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -1956,9 +2822,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1973,32 +2837,34 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: The time after which the service discovery data + is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request properties: ca: description: Certificate authority used when verifying server @@ -2018,9 +2884,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -2044,9 +2908,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2074,9 +2936,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -2100,9 +2960,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2131,9 +2989,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2143,29 +2999,1148 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - host + - role type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. properties: - authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + accessKey: + description: AccessKey is the AWS API key. properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: Refresh interval to re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + server: + description: The URL to connect to the Eureka server. + minLength: 1 + type: string + tlsConfig: + description: TLS configuration applying to the target HTTP endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - server + type: object + type: array + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config + + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery + configurations. + items: + description: |- + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + properties: + authorization: + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must @@ -2178,9 +4153,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2194,15 +4167,15 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -2220,9 +4193,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2248,9 +4219,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2264,54 +4233,22 @@ spec: enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList - items: - description: Filter is the configuration to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name is the key of the field to check against. - type: string - values: - description: Values is the value or set of values to check - for a match. - items: - type: string - minItems: 1 - type: array - required: - - name - - values - type: object - type: array followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -2332,9 +4269,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -2358,9 +4293,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2387,9 +4320,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2406,12 +4337,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -2423,12 +4574,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -2446,9 +4592,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2463,41 +4607,33 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. + description: The Hetzner role of entities that should be discovered. enum: - - Services - - Tasks - - Nodes + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -2517,9 +4653,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -2543,9 +4677,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2573,9 +4705,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -2599,9 +4729,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2630,9 +4758,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2642,137 +4768,56 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - - host - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. - items: - description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - properties: - accessKey: - description: AccessKey is the AWS API key. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - filters: - description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - items: - description: EC2Filter is the configuration for filtering - EC2 instances. - properties: - name: - type: string - values: - items: - type: string - type: array - required: - - name - - values - type: object - type: array - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - region: - description: The AWS region - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. - type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - type: array - enableCompression: - description: |- - When false, Prometheus will request uncompressed response from the scraped target. - - - It requires Prometheus >= v2.49.0. - - - If unset, Prometheus uses true by default. + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -2789,9 +4834,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2805,15 +4848,16 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -2831,9 +4875,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2859,9 +4901,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2885,13 +4925,12 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -2912,20 +4951,252 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. properties: key: description: The key of the secret to select from. Must @@ -2938,9 +5209,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -2950,48 +5219,32 @@ spec: - key type: object x-kubernetes-map-type: atomic - type: object - clientSecret: - description: |- - `clientSecret` specifies a key of a Secret containing the OAuth2 - client's secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 type: string - name: - default: "" + minVersion: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -3018,9 +5271,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3035,34 +5286,25 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 - type: string tlsConfig: description: TLS configuration applying to the target HTTP endpoint. properties: @@ -3084,9 +5326,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3110,9 +5350,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3140,9 +5378,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3166,9 +5402,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3197,9 +5431,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3209,111 +5441,52 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object - required: - - server - type: object - type: array - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. + url: + description: URL from which the targets are fetched. minLength: 1 + pattern: ^http(s)?://.+$ type: string required: - - project - - zone + - url type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -3330,9 +5503,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3346,50 +5517,40 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object - basicAuth: + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string + enableHTTP2: + description: Configure whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. + type: boolean + noProxy: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: Port to scrape the metrics from. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -3402,9 +5563,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3414,32 +5573,35 @@ spec: - key type: object x-kubernetes-map-type: atomic - type: object - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ type: string - oauth2: - description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + refreshInterval: + description: Refresh interval to re-read the list of resources. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: TLS configuration to use when connecting to the + IONOS API. properties: - clientId: - description: |- - `clientId` specifies a key of a Secret or ConfigMap containing the - OAuth2 client's ID. + ca: + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -3455,9 +5617,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3481,9 +5641,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3494,10 +5652,64 @@ spec: type: object x-kubernetes-map-type: atomic type: object - clientSecret: - description: |- - `clientSecret` specifies a key of a Secret containing the OAuth2 - client's secret. + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. properties: key: description: The key of the secret to select from. Must @@ -3510,9 +5722,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3522,36 +5732,93 @@ spec: - key type: object x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string + maxVersion: description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - required: - - clientId - - clientSecret - - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + required: + - authorization + - datacenterID + type: object + type: array + jobName: + description: |- + The value of the `job` label assigned to the scraped metrics by default. + + The `job_name` field in the rendered scrape configuration is always controlled by the + operator to prevent duplicate job names, which Prometheus does not allow. Instead the + `job` label is set by means of relabeling configs. + minLength: 1 + type: string + keepDroppedTargets: + description: |- + Per-scrape limit on the number of targets dropped by relabeling + that will be kept in memory. 0 means no limit. + + It requires Prometheus >= v2.47.0. + format: int64 + type: integer + kubernetesSDConfigs: + description: KubernetesSDConfigs defines a list of Kubernetes service + discovery configurations. + items: + description: |- + KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config + properties: + apiServer: + description: |- + The API server address consisting of a hostname or IP address followed + by an optional port number. + If left empty, Prometheus is assumed to run inside + of the cluster. It will discover API servers automatically and use the pod's + CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + minLength: 1 + type: string + attachMetadata: + description: |- + Optional metadata to attach to discovered targets. + It requires Prometheus >= v2.35.0 when using the `Pod` role and + Prometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles. + properties: + node: + description: |- + Attaches node metadata to discovered targets. + When set to true, Prometheus must have the `get` permission on the + `Nodes` objects. + Only valid for Pod, Endpoint and Endpointslice roles. + type: boolean + type: object + authorization: + description: |- + Authorization header to use on every scrape request. + Cannot be set at the same time as `basicAuth`, or `oauth2`. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must @@ -3564,9 +5831,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3576,49 +5841,114 @@ spec: - key type: object x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. + type: + description: |- + Defines the authentication type. The value is case-insensitive. + "Basic" is not a supported value. - It requires Prometheus >= v2.43.0. + Default: "Bearer" + type: string type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: + basicAuth: description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - - It requires Prometheus >= v2.43.0. + BasicAuth information to use on every scrape request. + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - proxyUrl: + namespaces: + description: Optional namespace discovery. If omitted, Prometheus + discovers targets across all namespaces. + properties: + names: + description: |- + List of namespaces where to watch for resources. + If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces. + items: + type: string + type: array + x-kubernetes-list-type: set + ownNamespace: + description: Includes the namespace in which the Prometheus + pod runs to the list of watched namespaces. + type: boolean + type: object + noProxy: description: |- - `proxyURL` defines the HTTP proxy server to use. - + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. - It requires Prometheus >= v2.43.0. - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: The time after which the servers are refreshed. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - tlsConfig: - description: TLS configuration to use on every scrape request. + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: - ca: - description: Certificate authority used when verifying server - certificates. + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. properties: configMap: description: ConfigMap containing data to use for the @@ -3634,9 +5964,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3660,9 +5988,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3673,15 +5999,55 @@ spec: type: object x-kubernetes-map-type: atomic type: object - cert: - description: Client certificate to present when doing client-authentication. + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. properties: - configMap: - description: ConfigMap containing data to use for the - targets. + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key to select. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: default: "" @@ -3690,20 +6056,160 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. properties: key: description: The key of the secret to select from. Must @@ -3716,186 +6222,52 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - required: - - role - type: object - type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery - configurations. - items: - description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config - properties: - authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - - "Basic" is not a supported value. - - - Default: "Bearer" - type: string - type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 type: string - name: - default: "" + minVersion: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl type: object - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - - It requires Prometheus >= v2.43.0. - type: string proxyConnectHeader: additionalProperties: items: @@ -3912,9 +6284,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3929,34 +6299,72 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string - refreshInterval: + role: description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + Role of the Kubernetes entities that should be discovered. + Role `Endpointslice` requires Prometheus >= v2.21.0 + enum: + - Pod + - Endpoints + - Ingress + - Service + - Node + - EndpointSlice type: string + selectors: + description: |- + Selector to select objects. + It requires Prometheus >= v2.17.0 + items: + description: K8SSelectorConfig is Kubernetes Selector Config + properties: + field: + description: |- + An optional field selector to limit the service discovery to resources which have fields with specific values. + e.g: `metadata.name=foobar` + minLength: 1 + type: string + label: + description: |- + An optional label selector to limit the service discovery to resources with specific labels and label values. + e.g: `node.kubernetes.io/instance-type=master` + minLength: 1 + type: string + role: + description: |- + Role specifies the type of Kubernetes resource to limit the service discovery to. + Accepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress. + enum: + - Pod + - Endpoints + - Ingress + - Service + - Node + - EndpointSlice + type: string + required: + - role + type: object + type: array + x-kubernetes-list-map-keys: + - role + x-kubernetes-list-type: map tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Kubernetes + API. properties: ca: description: Certificate authority used when verifying server @@ -3976,9 +6384,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -4002,9 +6408,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4032,9 +6436,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -4058,9 +6460,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4089,9 +6489,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4101,72 +6499,46 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string required: - - url + - role type: object type: array - jobName: - description: |- - The value of the `job` label assigned to the scraped metrics by default. - - - The `job_name` field in the rendered scrape configuration is always controlled by the - operator to prevent duplicate job names, which Prometheus does not allow. Instead the - `job` label is set by means of relabeling configs. - minLength: 1 - type: string - keepDroppedTargets: - description: |- - Per-scrape limit on the number of targets dropped by relabeling - that will be kept in memory. 0 means no limit. - - - It requires Prometheus >= v2.47.0. - format: int64 - type: integer - kubernetesSDConfigs: - description: KubernetesSDConfigs defines a list of Kubernetes service - discovery configurations. + kumaSDConfigs: + description: KumaSDConfigs defines a list of Kuma service discovery + configurations. items: description: |- - KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config + KumaSDConfig allow retrieving scrape targets from Kuma's control plane. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config properties: - apiServer: - description: |- - The API server address consisting of a hostname or IP address followed - by an optional port number. - If left empty, Prometheus is assumed to run inside - of the cluster. It will discover API servers automatically and use the pod's - CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. - type: string - attachMetadata: - description: |- - Optional metadata to attach to discovered targets. - It requires Prometheus >= v2.35.0 for `pod` role and - Prometheus >= v2.37.0 for `endpoints` and `endpointslice` roles. - properties: - node: - description: |- - Attaches node metadata to discovered targets. - When set to true, Prometheus must have the `get` permission on the - `Nodes` objects. - Only valid for Pod, Endpoint and Endpointslice roles. - type: boolean - type: object authorization: - description: |- - Authorization header to use on every scrape request. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + description: Authorization header to use on every scrape request. properties: credentials: description: Selects a key of a Secret in the namespace @@ -4183,9 +6555,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4199,17 +6569,13 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: |- - BasicAuth information to use on every scrape request. - Cannot be set at the same time as `authorization`, or `oauth2`. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -4227,9 +6593,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4255,9 +6619,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4268,37 +6630,29 @@ spec: type: object x-kubernetes-map-type: atomic type: object + clientID: + description: Client id is used by Kuma Control Plane to compute + Monitoring Assignment for specific Prometheus backend. + type: string enableHTTP2: description: Whether to enable HTTP2. type: boolean + fetchTimeout: + description: The time after which the monitoring assignments + are refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - namespaces: - description: Optional namespace discovery. If omitted, Prometheus - discovers targets across all namespaces. - properties: - names: - description: |- - List of namespaces where to watch for resources. - If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces. - items: - type: string - type: array - ownNamespace: - description: Includes the namespace in which the Prometheus - pod exists to the list of watched namesapces. - type: boolean - type: object noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- @@ -4324,9 +6678,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -4350,9 +6702,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4379,9 +6729,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4398,12 +6746,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -4430,9 +6998,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4447,77 +7013,29 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string - role: - description: Role of the Kubernetes entities that should be - discovered. - enum: - - Node - - node - - Service - - service - - Pod - - pod - - Endpoints - - endpoints - - EndpointSlice - - endpointslice - - Ingress - - ingress + refreshInterval: + description: The time to wait between polling update requests. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + server: + description: Address of the Kuma Control Plane's MADS xDS server. + minLength: 1 type: string - selectors: - description: Selector to select objects. - items: - description: K8SSelectorConfig is Kubernetes Selector Config - properties: - field: - type: string - label: - type: string - role: - description: Role is role of the service in Kubernetes. - enum: - - Node - - node - - Service - - service - - Pod - - pod - - Endpoints - - endpoints - - EndpointSlice - - endpointslice - - Ingress - - ingress - type: string - required: - - role - type: object - type: array - x-kubernetes-list-map-keys: - - role - x-kubernetes-list-type: map tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration to use on every scrape request properties: ca: description: Certificate authority used when verifying server @@ -4537,9 +7055,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -4563,9 +7079,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4593,9 +7107,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -4619,9 +7131,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4650,9 +7160,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4662,24 +7170,90 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - - role + - server type: object type: array - kumaSDConfigs: - description: KumaSDConfigs defines a list of Kuma service discovery - configurations. + labelLimit: + description: |- + Per-scrape limit on number of labels that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: |- + Per-scrape limit on length of labels name that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: |- + Per-scrape limit on length of labels value that will be accepted for a sample. + Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + lightSailSDConfigs: + description: LightsailSDConfigs defines a list of Lightsail service + discovery configurations. items: description: |- - KumaSDConfig allow retrieving scrape targets from Kuma's control plane. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config + LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic authorization: - description: Authorization header to use on every scrape request. + description: |- + Optional `authorization` HTTP header configuration. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -4696,9 +7270,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4712,15 +7284,15 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + Optional HTTP basic authentication information. + Cannot be set at the same time as `authorization`, or `oauth2`. properties: password: description: |- @@ -4738,9 +7310,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4766,9 +7336,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4779,21 +7347,16 @@ spec: type: object x-kubernetes-map-type: atomic type: object - clientID: - description: Client id is used by Kuma Control Plane to compute - Monitoring Assignment for specific Prometheus backend. - type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean - fetchTimeout: - description: The time after which the monitoring assignments - are refreshed. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + endpoint: + description: Custom endpoint to be used. + minLength: 1 type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -4801,13 +7364,12 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -4828,9 +7390,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -4854,9 +7414,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -4883,9 +7441,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4902,12 +7458,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -4918,6 +7694,14 @@ spec: - clientSecret - tokenUrl type: object + port: + description: |- + Port to scrape the metrics from. + If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -4934,9 +7718,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -4951,36 +7733,56 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time to wait between polling update requests. + description: Refresh interval to re-read the list of instances. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: Address of the Kuma Control Plane's MADS xDS server. + region: + description: The AWS region. minLength: 1 type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration to connect to the Puppet DB. properties: ca: description: Certificate authority used when verifying server @@ -5000,9 +7802,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5026,9 +7826,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5056,9 +7854,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5082,9 +7878,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5113,9 +7907,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5125,71 +7917,44 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object - required: - - server type: object type: array - labelLimit: - description: |- - Per-scrape limit on number of labels that will be accepted for a sample. - Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - labelNameLengthLimit: - description: |- - Per-scrape limit on length of labels name that will be accepted for a sample. - Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - labelValueLengthLimit: - description: |- - Per-scrape limit on length of labels value that will be accepted for a sample. - Only valid in Prometheus versions 2.27.0 and newer. - format: int64 - type: integer - lightSailSDConfigs: - description: LightsailSDConfigs defines a list of Lightsail service - discovery configurations. + linodeSDConfigs: + description: LinodeSDConfigs defines a list of Linode service discovery + configurations. items: description: |- - LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config - TODO: Need to document that we will not be supporting the `_file` fields. + LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic authorization: - description: |- - Optional `authorization` HTTP header configuration. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + description: Authorization header configuration. properties: credentials: description: Selects a key of a Secret in the namespace @@ -5206,9 +7971,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5222,85 +7985,17 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object - basicAuth: - description: |- - Optional HTTP basic authentication information. - Cannot be set at the same time as `authorization`, or `oauth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: - description: Configure whether to enable HTTP2. + description: Whether to enable HTTP2. type: boolean - endpoint: - description: Custom endpoint to be used. - minLength: 1 - type: string followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean noProxy: description: |- @@ -5308,13 +8003,12 @@ spec: that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration. + Cannot be used at the same time as `authorization`. properties: clientId: description: |- @@ -5335,9 +8029,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5361,9 +8053,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5390,9 +8080,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5409,12 +8097,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5426,9 +8334,7 @@ spec: - tokenUrl type: object port: - description: |- - Port to scrape the metrics from. - If using the public IP address, this must instead be specified in the relabeling rule. + description: Default port to scrape metrics from. format: int32 maximum: 65535 minimum: 0 @@ -5449,9 +8355,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5466,65 +8370,34 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the list of instances. + description: Time after which the linode instances are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string region: - description: The AWS region. + description: Optional region to filter on. minLength: 1 type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + tagSeparator: + description: The string by which Linode Instance tags are joined + into the tag label. + minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: TLS configuration to connect to the Puppet DB. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -5544,9 +8417,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5570,9 +8441,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5600,9 +8469,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5626,9 +8493,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5657,9 +8522,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5669,22 +8532,166 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object type: object type: array - linodeSDConfigs: - description: LinodeSDConfigs defines a list of Linode service discovery + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + Action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + Modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: |- + Replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: Separator is the string between concatenated SourceLabels. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: |- + Label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + minItems: 1 + type: array + metricsPath: + description: MetricsPath HTTP path to scrape for metrics. If empty, + Prometheus uses the default value (e.g. /metrics). + minLength: 1 + type: string + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + nomadSDConfigs: + description: NomadSDConfigs defines a list of Nomad service discovery configurations. items: description: |- - LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config + NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config properties: + allowStale: + description: |- + The information to access the Nomad API. It is to be defined + as the Nomad documentation requires. + type: boolean authorization: - description: Authorization header configuration. + description: Authorization header to use on every scrape request. properties: credentials: description: Selects a key of a Secret in the namespace @@ -5701,9 +8708,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5717,13 +8722,67 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean @@ -5731,19 +8790,20 @@ spec: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean + namespace: + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be used at the same time as `authorization`. + Cannot be set at the same time as `authorization` or `basic_auth`. properties: clientId: description: |- @@ -5764,9 +8824,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5790,9 +8848,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -5819,9 +8875,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5838,12 +8892,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -5854,12 +9128,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: Default port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer proxyConnectHeader: additionalProperties: items: @@ -5876,9 +9144,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -5893,38 +9159,32 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the linode instances are refreshed. + description: |- + Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function. + Supported units: y, w, d, h, m, s, ms + Examples: `30s`, `1m`, `1h20m15s`, `15d` pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string region: - description: Optional region to filter on. + type: string + server: minLength: 1 type: string tagSeparator: - description: The string by which Linode Instance tags are joined - into the tag label. - minLength: 1 type: string tlsConfig: description: TLS configuration applying to the target HTTP endpoint. @@ -5947,9 +9207,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -5973,9 +9231,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6003,9 +9259,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6029,9 +9283,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6060,9 +9312,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6072,118 +9322,357 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: |- - RelabelConfig allows dynamic rewriting of the label set for targets, alerts, - scraped samples and remote write samples. - - - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - properties: - action: - default: replace - description: |- - Action to perform based on the regex matching. - - - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - - - Default: "Replace" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: |- - Modulus to take of the hash of the source label values. - - - Only applicable when the action is `HashMod`. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. + oauth2: + description: OAuth2 configuration to use on every scrape request. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: type: string - replacement: - description: |- - Replacement value against which a Replace action is performed if the - regular expression matches. - + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. - Regex capture groups are available. - type: string - separator: - description: Separator is the string between concatenated SourceLabels. - type: string - sourceLabels: - description: |- - The source labels select values from existing labels. Their content is - concatenated using the configured Separator and matched against the - configured regular expression. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: items: - description: |- - LabelName is a valid Prometheus label name which may only contain ASCII - letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic type: array - targetLabel: - description: |- - Label to which the resulting string is written in a replacement. - - - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - Regex capture groups are available. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for the + token request.' + items: type: string - type: object - type: array - metricsPath: - description: MetricsPath HTTP path to scrape for metrics. If empty, - Prometheus uses the default value (e.g. /metrics). - type: string - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - - It requires Prometheus >= v2.43.0. - type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the token + from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object openstackSDConfigs: description: OpenStackSDConfigs defines a list of OpenStack service discovery configurations. @@ -6223,9 +9712,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6274,9 +9761,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6338,9 +9823,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6364,9 +9847,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6394,9 +9875,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6420,9 +9899,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6451,9 +9928,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6463,6 +9938,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -6508,9 +10005,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6534,9 +10029,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6596,9 +10089,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -6613,24 +10104,17 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string puppetDBSDConfigs: @@ -6661,9 +10145,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6677,50 +10159,428 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. + Default: "Bearer" + type: string + type: object + basicAuth: + description: |- + Optional HTTP basic authentication information. + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Configure whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. + type: boolean + includeParameters: + description: |- + Whether to include the parameters as meta labels. + Note: Enabling this exposes parameters in the Prometheus UI and API. Make sure + that you don't have secrets exposed as parameters if you enable this. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. - Default: "Bearer" - type: string - type: object - basicAuth: - description: |- - Optional HTTP basic authentication information. - Cannot be set at the same time as `authorization`, or `oauth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 type: string - name: - default: "" + minVersion: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: Port to scrape the metrics from. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -6733,9 +10593,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6745,38 +10603,40 @@ spec: - key type: object x-kubernetes-map-type: atomic - type: object - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - includeParameters: - description: |- - Whether to include the parameters as meta labels. - Note: Enabling this exposes parameters in the Prometheus UI and API. Make sure - that you don't have secrets exposed as parameters if you enable this. - type: boolean - noProxy: + type: array description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ type: string - oauth2: + query: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Puppet Query Language (PQL) query. Only resources are supported. + https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html + minLength: 1 + type: string + refreshInterval: + description: Refresh interval to re-read the list of resources. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: TLS configuration to connect to the Puppet DB. properties: - clientId: - description: |- - `clientId` specifies a key of a Secret or ConfigMap containing the - OAuth2 client's ID. + ca: + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -6792,9 +10652,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6818,9 +10676,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6831,10 +10687,64 @@ spec: type: object x-kubernetes-map-type: atomic type: object - clientSecret: - description: |- - `clientSecret` specifies a key of a Secret containing the OAuth2 - client's secret. + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. properties: key: description: The key of the secret to select from. Must @@ -6847,9 +10757,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6859,35 +10767,184 @@ spec: - key type: object x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string + maxVersion: description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. - type: object - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. type: string - required: - - clientId - - clientSecret - - tokenUrl type: object + url: + description: The URL of the PuppetDB root query endpoint. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string + required: + - query + - url + type: object + type: array + relabelings: + description: |- + RelabelConfigs defines how to rewrite the target's labels before scraping. + Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. + The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + Action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + Modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: |- + Replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: Separator is the string between concatenated SourceLabels. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: |- + Label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + minItems: 1 + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + scalewaySDConfigs: + description: ScalewaySDConfigs defines a list of Scaleway instances + and baremetal service discovery configurations. + items: + description: |- + ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config + properties: + accessKey: + description: Access key to use. https://console.scaleway.com/project/credentials + minLength: 1 + type: string + apiURL: + description: API URL to use when doing the server listing requests. + pattern: ^http(s)?://.+$ + type: string + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + nameFilter: + description: NameFilter specify a name filter (works as a LIKE) + to apply on the server listing request. + minLength: 1 + type: string + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string port: - description: Port to scrape the metrics from. + description: The port to scrape metrics from. format: int32 maximum: 65535 minimum: 0 type: integer + projectID: + description: Project ID of the targets. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -6904,9 +10961,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -6921,38 +10976,66 @@ spec: ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: object x-kubernetes-map-type: atomic proxyFromEnvironment: description: |- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.43.0. + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: boolean proxyUrl: - description: |- - `proxyURL` defines the HTTP proxy server to use. - - - It requires Prometheus >= v2.43.0. + description: '`proxyURL` defines the HTTP proxy server to use.' pattern: ^http(s)?://.+$ type: string - query: - description: |- - Puppet Query Language (PQL) query. Only resources are supported. - https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html - minLength: 1 - type: string refreshInterval: - description: Refresh interval to re-read the list of resources. + description: Refresh interval to re-read the list of instances. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + role: + description: Service of the targets to retrieve. Must be `Instance` + or `Baremetal`. + enum: + - Instance + - Baremetal + type: string + secretKey: + description: Secret key to use when listing targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tagsFilter: + description: TagsFilter specify a tag filter (a server needs + to have all defined tags to be listed) to apply on the server + listing request. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Puppet DB. + description: TLS configuration to use on every scrape request properties: ca: description: Certificate authority used when verifying server @@ -6972,9 +11055,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -6998,9 +11079,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7028,9 +11107,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7054,9 +11131,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7085,9 +11160,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7097,122 +11170,44 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string type: object - url: - description: The URL of the PuppetDB root query endpoint. + zone: + description: Zone is the availability zone of your targets (e.g. + fr-par-1). minLength: 1 - pattern: ^http(s)?://.+$ type: string required: - - query - - url - type: object - type: array - relabelings: - description: |- - RelabelConfigs defines how to rewrite the target's labels before scraping. - Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. - The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - items: - description: |- - RelabelConfig allows dynamic rewriting of the label set for targets, alerts, - scraped samples and remote write samples. - - - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - properties: - action: - default: replace - description: |- - Action to perform based on the regex matching. - - - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - - - Default: "Replace" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: |- - Modulus to take of the hash of the source label values. - - - Only applicable when the action is `HashMod`. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. - type: string - replacement: - description: |- - Replacement value against which a Replace action is performed if the - regular expression matches. - - - Regex capture groups are available. - type: string - separator: - description: Separator is the string between concatenated SourceLabels. - type: string - sourceLabels: - description: |- - The source labels select values from existing labels. Their content is - concatenated using the configured Separator and matched against the - configured regular expression. - items: - description: |- - LabelName is a valid Prometheus label name which may only contain ASCII - letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: |- - Label to which the resulting string is written in a replacement. - - - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. - - - Regex capture groups are available. - type: string + - accessKey + - projectID + - role + - secretKey type: object type: array - sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. - format: int64 - type: integer scheme: description: |- Configures the protocol scheme used for requests. @@ -7225,6 +11220,11 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeInterval: description: ScrapeInterval is the interval between consecutive scrapes. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ @@ -7234,10 +11234,8 @@ spec: The protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -7253,6 +11251,7 @@ spec: - OpenMetricsText1.0.0 - PrometheusText0.0.4 type: string + minItems: 1 type: array x-kubernetes-list-type: set scrapeTimeout: @@ -7278,10 +11277,15 @@ spec: targets: description: List of targets for this static configuration. items: - description: Target represents a target for Prometheus to - scrape + description: |- + Target represents a target for Prometheus to scrape + kubebuilder:validation:MinLength:=1 type: string + minItems: 1 type: array + x-kubernetes-list-type: set + required: + - targets type: object type: array targetLimit: @@ -7309,9 +11313,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -7335,9 +11337,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7364,9 +11364,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -7390,9 +11388,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7420,9 +11416,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -7432,6 +11426,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml index 10b640d686b..8a603599d54 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml @@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22,7 +22,15 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ServiceMonitor defines monitoring for a set of services. + description: |- + The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services. + Among other things, it allows to specify: + * The services to scrape via label selectors. + * The container ports to scrape. + * Authentication credentials to use. + * Target and metric relabeling. + + `Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors. properties: apiVersion: description: |- @@ -51,13 +59,15 @@ spec: `attachMetadata` defines additional metadata which is added to the discovered targets. - It requires Prometheus >= v2.37.0. properties: node: description: |- - When set to true, Prometheus must have the `get` permission on the - `Nodes` objects. + When set to true, Prometheus attaches node metadata to the discovered + targets. + + The Prometheus service account must have the `list` and `watch` + permissions on the `Nodes` objects. type: boolean type: object bodySizeLimit: @@ -65,12 +75,14 @@ spec: When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus. - It requires Prometheus >= v2.28.0. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string endpoints: - description: List of endpoints part of this ServiceMonitor. + description: |- + List of endpoints part of this ServiceMonitor. + Defines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects. + In most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels. items: description: |- Endpoint defines an endpoint serving Prometheus metrics to be scraped by @@ -81,7 +93,6 @@ spec: `authorization` configures the Authorization header credentials to use when scraping the target. - Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: @@ -99,9 +110,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -115,10 +124,8 @@ spec: description: |- Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" type: string type: object @@ -127,7 +134,6 @@ spec: `basicAuth` configures the Basic Authentication credentials to use when scraping the target. - Cannot be set at the same time as `authorization`, or `oauth2`. properties: password: @@ -146,9 +152,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -174,9 +178,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -191,7 +193,6 @@ spec: description: |- File to read bearer token for scraping the target. - Deprecated: use `authorization` instead. type: string bearerTokenSecret: @@ -200,7 +201,6 @@ spec: token for scraping targets. The secret needs to be in the same namespace as the ServiceMonitor object and readable by the Prometheus Operator. - Deprecated: use `authorization` instead. properties: key: @@ -214,9 +214,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -235,10 +233,8 @@ spec: When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. - If unset, the filtering is enabled. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase type: boolean followRedirects: @@ -260,7 +256,6 @@ spec: description: |- Interval at which Prometheus scrapes the metrics from the target. - If empty, Prometheus uses the global scrape interval. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string @@ -273,7 +268,6 @@ spec: RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -281,11 +275,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -315,7 +307,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -328,7 +319,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -351,11 +341,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -364,10 +352,8 @@ spec: description: |- `oauth2` configures the OAuth2 settings to use when scraping the target. - It requires Prometheus >= 2.27.0. - Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: @@ -389,9 +375,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -415,9 +399,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -444,9 +426,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -463,12 +443,232 @@ spec: `endpointParams` configures the HTTP parameters to append to the token URL. type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string scopes: description: '`scopes` defines the OAuth2 scopes used for the token request.' items: type: string type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object tokenUrl: description: '`tokenURL` configures the URL to fetch the token from.' @@ -490,14 +690,12 @@ spec: description: |- HTTP path from which to scrape for metrics. - If empty, Prometheus uses the default value (e.g. `/metrics`). type: string port: description: |- Name of the Service port which this endpoint refers to. - It takes precedence over `targetPort`. type: string proxyUrl: @@ -510,20 +708,16 @@ spec: `relabelings` configures the relabeling rules to apply the target's metadata labels. - The Operator automatically adds relabelings for a few standard Kubernetes fields. - The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config items: description: |- RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config properties: action: @@ -531,11 +725,9 @@ spec: description: |- Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" enum: - replace @@ -565,7 +757,6 @@ spec: description: |- Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. format: int64 type: integer @@ -578,7 +769,6 @@ spec: Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. type: string separator: @@ -601,11 +791,9 @@ spec: description: |- Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. type: string type: object @@ -614,11 +802,9 @@ spec: description: |- HTTP scheme to use for scraping. - `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. - If empty, Prometheus uses the default value `http`. enum: - http @@ -628,7 +814,6 @@ spec: description: |- Timeout after which Prometheus considers the scrape to be failed. - If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ @@ -662,9 +847,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -688,9 +871,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -722,9 +903,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -748,9 +927,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -787,9 +964,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -799,6 +974,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -809,7 +1006,6 @@ spec: the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. - It requires Prometheus >= v2.48.0. type: boolean type: object @@ -819,12 +1015,10 @@ spec: `jobLabel` selects the label from the associated Kubernetes `Service` object which will be used as the `job` label for all metrics. - For example if `jobLabel` is set to `foo` and the Kubernetes `Service` object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` label to all ingested metrics. - If the value of this field is empty or if the label doesn't exist for the given Service, the `job` label of the metrics defaults to the name of the associated Kubernetes `Service`. @@ -834,7 +1028,6 @@ spec: Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. format: int64 type: integer @@ -842,7 +1035,6 @@ spec: description: |- Per-scrape limit on number of labels that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer @@ -850,7 +1042,6 @@ spec: description: |- Per-scrape limit on length of labels name that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer @@ -858,14 +1049,13 @@ spec: description: |- Per-scrape limit on length of labels value that will be accepted for a sample. - It requires Prometheus >= v2.27.0. format: int64 type: integer namespaceSelector: description: |- - Selector to select which namespaces the Kubernetes `Endpoints` objects - are discovered from. + `namespaceSelector` defines in which namespace(s) Prometheus should discover the services. + By default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces. properties: any: description: |- @@ -878,6 +1068,23 @@ spec: type: string type: array type: object + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true podTargetLabels: description: |- `podTargetLabels` defines the labels which are transferred from the @@ -895,15 +1102,18 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. items: description: |- @@ -922,7 +1132,8 @@ spec: type: array x-kubernetes-list-type: set selector: - description: Label selector to select the Kubernetes `Endpoints` objects. + description: Label selector to select the Kubernetes `Endpoints` objects + to scrape metrics from. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml index aece4b9c0c4..d6c6b760b2f 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml @@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - operator.prometheus.io/version: 0.75.2 + controller-gen.kubebuilder.io/version: v0.16.4 + operator.prometheus.io/version: 0.78.2 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -49,7 +49,12 @@ spec: name: v1 schema: openAPIV3Schema: - description: ThanosRuler defines a ThanosRuler deployment. + description: |- + The `ThanosRuler` custom resource definition (CRD) defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster. + + A `ThanosRuler` instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services). + + The resource defines via label and namespace selectors which `PrometheusRule` objects should be associated to the deployed Thanos Ruler instances. properties: apiVersion: description: |- @@ -382,7 +387,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -397,7 +402,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -563,7 +568,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -578,7 +583,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -741,7 +746,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -756,7 +761,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -922,7 +927,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -937,7 +942,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1054,9 +1059,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -1081,9 +1084,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -1183,9 +1184,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -1251,9 +1250,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -1293,9 +1290,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -1317,9 +1312,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -1604,11 +1597,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -1816,11 +1809,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -1968,11 +1961,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1983,6 +1974,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2106,7 +2103,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -2188,7 +2185,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -2269,11 +2265,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -2487,10 +2483,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -2498,11 +2492,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -2536,6 +2528,60 @@ spec: - name type: object type: array + dnsConfig: + description: Defines the DNS configuration for the pods. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: Name is required and must be unique. + minLength: 1 + type: string + value: + description: Value is optional. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + items: + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + type: object + dnsPolicy: + description: Defines the DNS policy for the pods. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + type: string enforcedNamespaceLabel: description: |- EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert @@ -2617,9 +2663,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -2643,9 +2687,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2676,9 +2718,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -2702,9 +2742,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2740,9 +2778,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -2752,6 +2788,28 @@ spec: - key type: object x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string serverName: description: Used to verify the hostname for the targets. type: string @@ -2809,9 +2867,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -2898,9 +2954,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -2966,9 +3020,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -3008,9 +3060,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap must be @@ -3032,9 +3082,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret must be defined @@ -3319,11 +3367,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -3531,11 +3579,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -3683,11 +3731,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -3698,6 +3744,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -3821,7 +3873,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. @@ -3903,7 +3955,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -3984,11 +4035,11 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: @@ -4202,10 +4253,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -4213,11 +4262,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -4308,9 +4355,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -4333,7 +4378,6 @@ spec: description: |- PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods. - The following items are reserved and cannot be overridden: * "app.kubernetes.io/name" label, set to "thanos-ruler". * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". @@ -4419,9 +4463,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -4451,11 +4493,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -4466,6 +4506,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -4639,12 +4685,10 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 @@ -4731,7 +4775,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -4741,18 +4784,28 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -4862,7 +4915,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -4872,11 +4924,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -5079,7 +5129,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -5335,7 +5385,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -5373,8 +5423,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -5393,12 +5443,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -5418,21 +5468,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -5477,8 +5527,16 @@ spec: status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + PersistentVolumeClaimConditionType defines the condition of PV claim. + Valid values are: + - "Resizing", "FileSystemResizePending" + + If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected: + - "ControllerResizeError", "NodeResizeError" + + If VolumeAttributesClass feature gate is enabled, then following additional values can be expected: + - "ModifyVolumeError", "ModifyingVolume" type: string required: - status @@ -5492,13 +5550,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -5633,7 +5691,6 @@ spec: Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string @@ -5673,7 +5730,6 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -5691,7 +5747,6 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -5703,7 +5758,6 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -5751,10 +5805,8 @@ spec: description: |- TracingConfig configures tracing in Thanos. - `tracingConfigFile` takes precedence over this field. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. properties: @@ -5769,9 +5821,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -5784,10 +5834,8 @@ spec: description: |- TracingConfig specifies the path of the tracing configuration file. - This field takes precedence over `tracingConfig`. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. type: string @@ -5830,10 +5878,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -5841,11 +5887,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -5885,7 +5929,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -5925,6 +5968,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -5937,6 +5981,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -6004,9 +6049,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6048,9 +6091,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6122,9 +6163,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap or its @@ -6163,9 +6202,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6302,7 +6339,6 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -6313,17 +6349,14 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -6337,7 +6370,6 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -6347,11 +6379,9 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. properties: metadata: @@ -6554,7 +6584,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -6580,7 +6610,6 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -6648,9 +6677,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6684,7 +6711,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -6765,9 +6791,6 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. properties: path: description: |- @@ -6784,6 +6807,41 @@ spec: required: - path type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -6804,7 +6862,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -6816,6 +6873,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -6848,9 +6906,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6967,24 +7023,24 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -7118,9 +7174,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional specify whether the ConfigMap @@ -7258,9 +7312,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: optional field specify whether the @@ -7350,7 +7402,6 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -7358,6 +7409,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -7372,6 +7424,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -7397,13 +7450,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -7418,6 +7470,7 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -7449,9 +7502,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -7460,6 +7511,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -7573,9 +7625,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -7699,9 +7749,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7725,9 +7773,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7738,6 +7784,11 @@ spec: type: object x-kubernetes-map-type: atomic type: object + certFile: + description: |- + Path to the TLS certificate file in the Prometheus container for the server. + Mutually exclusive with `cert`. + type: string cipherSuites: description: |- List of supported cipher suites for TLS versions up to TLS 1.2. If empty, @@ -7764,9 +7815,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -7790,9 +7839,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7809,6 +7856,11 @@ spec: For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string + clientCAFile: + description: |- + Path to the CA certificate file for client certificate authentication to the server. + Mutually exclusive with `client_ca`. + type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference @@ -7817,6 +7869,11 @@ spec: items: type: string type: array + keyFile: + description: |- + Path to the TLS key file in the Prometheus container for the server. + Mutually exclusive with `keySecret`. + type: string keySecret: description: Secret containing the TLS key for the server. properties: @@ -7831,9 +7888,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -7858,9 +7913,6 @@ spec: cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean - required: - - cert - - keySecret type: object type: object type: object @@ -7877,7 +7929,7 @@ spec: format: int32 type: integer conditions: - description: The current state of the Alertmanager object. + description: The current state of the ThanosRuler object. items: description: |- Condition represents the state of the resources associated with the diff --git a/example/rbac/prometheus-operator/prometheus-operator-cluster-role-binding.yaml b/example/rbac/prometheus-operator/prometheus-operator-cluster-role-binding.yaml index 4ba53b36048..924e90a105d 100644 --- a/example/rbac/prometheus-operator/prometheus-operator-cluster-role-binding.yaml +++ b/example/rbac/prometheus-operator/prometheus-operator-cluster-role-binding.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/example/rbac/prometheus-operator/prometheus-operator-cluster-role.yaml b/example/rbac/prometheus-operator/prometheus-operator-cluster-role.yaml index 114372827ef..7aae2bef970 100644 --- a/example/rbac/prometheus-operator/prometheus-operator-cluster-role.yaml +++ b/example/rbac/prometheus-operator/prometheus-operator-cluster-role.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator rules: - apiGroups: @@ -55,7 +55,6 @@ rules: resources: - services - services/finalizers - - endpoints verbs: - get - create @@ -97,3 +96,12 @@ rules: - storageclasses verbs: - get +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - create + - update + - delete diff --git a/example/rbac/prometheus-operator/prometheus-operator-deployment.yaml b/example/rbac/prometheus-operator/prometheus-operator-deployment.yaml index 6a4277cd6c4..150d358070a 100644 --- a/example/rbac/prometheus-operator/prometheus-operator-deployment.yaml +++ b/example/rbac/prometheus-operator/prometheus-operator-deployment.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator namespace: default spec: @@ -20,17 +20,19 @@ spec: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 spec: automountServiceAccountToken: true containers: - args: - --kubelet-service=kube-system/kubelet - - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.75.2 + - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.78.2 + - --kubelet-endpoints=true + - --kubelet-endpointslice=false env: - name: GOGC value: "30" - image: quay.io/prometheus-operator/prometheus-operator:v0.75.2 + image: quay.io/prometheus-operator/prometheus-operator:v0.78.2 name: prometheus-operator ports: - containerPort: 8080 diff --git a/example/rbac/prometheus-operator/prometheus-operator-service-account.yaml b/example/rbac/prometheus-operator/prometheus-operator-service-account.yaml index e3eaa216289..9a7482b19a9 100644 --- a/example/rbac/prometheus-operator/prometheus-operator-service-account.yaml +++ b/example/rbac/prometheus-operator/prometheus-operator-service-account.yaml @@ -5,6 +5,6 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator namespace: default diff --git a/example/rbac/prometheus-operator/prometheus-operator-service-monitor.yaml b/example/rbac/prometheus-operator/prometheus-operator-service-monitor.yaml index 0c973683656..4b9f1008d4e 100644 --- a/example/rbac/prometheus-operator/prometheus-operator-service-monitor.yaml +++ b/example/rbac/prometheus-operator/prometheus-operator-service-monitor.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator namespace: default spec: @@ -15,4 +15,4 @@ spec: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 diff --git a/example/rbac/prometheus-operator/prometheus-operator-service.yaml b/example/rbac/prometheus-operator/prometheus-operator-service.yaml index a909c9d60ea..799368907d3 100644 --- a/example/rbac/prometheus-operator/prometheus-operator-service.yaml +++ b/example/rbac/prometheus-operator/prometheus-operator-service.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: 0.75.2 + app.kubernetes.io/version: 0.78.2 name: prometheus-operator namespace: default spec: diff --git a/example/rbac/prometheus/prometheus-cluster-role.yaml b/example/rbac/prometheus/prometheus-cluster-role.yaml index 8d30195950b..176c3b38900 100644 --- a/example/rbac/prometheus/prometheus-cluster-role.yaml +++ b/example/rbac/prometheus/prometheus-cluster-role.yaml @@ -15,6 +15,11 @@ rules: resources: - configmaps verbs: ["get"] +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: ["get", "list", "watch"] - apiGroups: - networking.k8s.io resources: diff --git a/example/user-guides/getting-started/prometheus.yaml b/example/user-guides/getting-started/prometheus.yaml new file mode 100644 index 00000000000..02d4680c5dc --- /dev/null +++ b/example/user-guides/getting-started/prometheus.yaml @@ -0,0 +1,6 @@ +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: prometheus +spec: + serviceAccountName: prometheus diff --git a/go.mod b/go.mod index a96fad5f799..7fb4bf848c8 100644 --- a/go.mod +++ b/go.mod @@ -1,13 +1,13 @@ module github.com/prometheus-operator/prometheus-operator -go 1.22.0 +go 1.23 -toolchain go1.22.2 +toolchain go1.23.1 require ( github.com/KimMachineGun/automemlimit v0.6.1 github.com/alecthomas/kingpin/v2 v2.4.0 - github.com/alecthomas/units v0.0.0-20231202071711-9a357b53e9c9 + github.com/alecthomas/units v0.0.0-20240626203959-61d1e3462e30 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 github.com/blang/semver/v4 v4.0.0 github.com/cespare/xxhash/v2 v2.3.0 @@ -20,31 +20,31 @@ require ( github.com/kylelemons/godebug v1.1.0 github.com/mitchellh/hashstructure v1.1.0 github.com/oklog/run v1.1.0 - github.com/prometheus-community/prom-label-proxy v0.10.0 - github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.75.2 - github.com/prometheus-operator/prometheus-operator/pkg/client v0.75.2 + github.com/prometheus-community/prom-label-proxy v0.11.0 + github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.78.2 + github.com/prometheus-operator/prometheus-operator/pkg/client v0.78.2 github.com/prometheus/alertmanager v0.27.0 - github.com/prometheus/client_golang v1.19.1 - github.com/prometheus/common v0.54.0 - github.com/prometheus/exporter-toolkit v0.11.0 - github.com/prometheus/prometheus v0.53.0 + github.com/prometheus/client_golang v1.20.5 + github.com/prometheus/common v0.60.1 + github.com/prometheus/exporter-toolkit v0.13.1 + github.com/prometheus/prometheus v0.55.0 github.com/stretchr/testify v1.9.0 - github.com/thanos-io/thanos v0.35.1 - go.uber.org/automaxprocs v1.5.3 - golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 - golang.org/x/net v0.26.0 - golang.org/x/sync v0.7.0 - google.golang.org/protobuf v1.34.2 + github.com/thanos-io/thanos v0.0.0-20240702084127-fcc88c028acc + go.uber.org/automaxprocs v1.6.0 + golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 + golang.org/x/net v0.30.0 + golang.org/x/sync v0.8.0 + google.golang.org/protobuf v1.35.1 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.30.2 - k8s.io/apiextensions-apiserver v0.30.2 - k8s.io/apimachinery v0.30.2 - k8s.io/apiserver v0.30.2 - k8s.io/client-go v0.30.2 - k8s.io/component-base v0.30.2 + k8s.io/api v0.31.2 + k8s.io/apiextensions-apiserver v0.31.2 + k8s.io/apimachinery v0.31.2 + k8s.io/apiserver v0.31.2 + k8s.io/client-go v0.31.2 + k8s.io/component-base v0.31.2 k8s.io/klog/v2 v2.130.1 - k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 - sigs.k8s.io/controller-runtime v0.18.4 + k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 + sigs.k8s.io/controller-runtime v0.19.1 sigs.k8s.io/yaml v1.4.0 ) @@ -54,30 +54,33 @@ require ( github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/facette/natsort v0.0.0-20181210072756-2cd4dd1e2dcb // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-openapi/swag v0.23.0 // indirect github.com/godbus/dbus/v5 v5.0.4 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/gorilla/websocket v1.5.0 // indirect + github.com/klauspost/compress v1.17.9 // indirect + github.com/mdlayher/socket v0.4.1 // indirect + github.com/mdlayher/vsock v1.2.1 // indirect github.com/mitchellh/go-ps v1.0.0 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/opencontainers/runtime-spec v1.0.2 // indirect github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect + github.com/x448/float16 v0.8.4 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect ) require ( - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 // indirect - github.com/aws/aws-sdk-go v1.53.16 // indirect + github.com/aws/aws-sdk-go v1.55.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/dennwc/varint v1.0.0 // indirect github.com/edsrzf/mmap-go v1.1.0 // indirect github.com/efficientgo/core v1.0.0-rc.2 // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect - github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-logfmt/logfmt v0.6.0 // indirect github.com/go-logr/logr v1.4.2 // indirect @@ -101,12 +104,12 @@ require ( github.com/josharian/intern v1.0.0 // indirect github.com/jpillora/backoff v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/cpuid/v2 v2.2.5 // indirect + github.com/klauspost/cpuid/v2 v2.2.8 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/metalmatze/signal v0.0.0-20210307161603-1c9aa721a97a // indirect github.com/minio/sha256-simd v1.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/moby/spdystream v0.2.0 // indirect + github.com/moby/spdystream v0.4.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -117,25 +120,25 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common/sigv4 v0.1.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect - github.com/spf13/cobra v1.7.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + github.com/spf13/cobra v1.8.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/xhit/go-str2duration/v2 v2.1.0 // indirect go.mongodb.org/mongo-driver v1.14.0 // indirect - go.opentelemetry.io/otel v1.27.0 // indirect - go.opentelemetry.io/otel/metric v1.27.0 // indirect - go.opentelemetry.io/otel/trace v1.27.0 // indirect + go.opentelemetry.io/otel v1.29.0 // indirect + go.opentelemetry.io/otel/metric v1.29.0 // indirect + go.opentelemetry.io/otel/trace v1.29.0 // indirect go.uber.org/atomic v1.11.0 // indirect - golang.org/x/crypto v0.24.0 // indirect - golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/term v0.21.0 // indirect - golang.org/x/text v0.16.0 // indirect - golang.org/x/time v0.5.0 // indirect + golang.org/x/crypto v0.28.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/text v0.19.0 // indirect + golang.org/x/time v0.6.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect gotest.tools/v3 v3.5.1 - k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b // indirect + k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) @@ -143,5 +146,4 @@ require ( replace ( github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring => ./pkg/apis/monitoring github.com/prometheus-operator/prometheus-operator/pkg/client => ./pkg/client - k8s.io/klog/v2 => github.com/simonpasquier/klog-gokit/v3 v3.4.0 ) diff --git a/go.sum b/go.sum index c6b74c303d4..f4d6b5e88da 100644 --- a/go.sum +++ b/go.sum @@ -13,12 +13,19 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go v0.114.0 h1:OIPFAdfrFDFO2ve2U7r/H5SwSbBzEdrBdE7xkgwc+kY= +cloud.google.com/go/auth v0.9.3 h1:VOEUIAADkkLtyfr3BLa3R8Ed/j6w1jTBmARx+wb5w5U= +cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= +cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= +cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= +cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= @@ -31,12 +38,12 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -51,15 +58,15 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/alecthomas/units v0.0.0-20231202071711-9a357b53e9c9 h1:ez/4by2iGztzR4L0zgAOR8lTQK9VlyBVVd7G4omaOQs= -github.com/alecthomas/units v0.0.0-20231202071711-9a357b53e9c9/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= +github.com/alecthomas/units v0.0.0-20240626203959-61d1e3462e30 h1:t3eaIm0rUkzbrIewtiFmMK5RXHej2XnoXNhxVsAYUfg= +github.com/alecthomas/units v0.0.0-20240626203959-61d1e3462e30/go.mod h1:fvzegU4vN3H1qMT+8wDmzjAcDONcgo2/SZ/TyfdUOFs= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go v1.53.16 h1:8oZjKQO/ml1WLUZw5hvF7pvYjPf8o9f57Wldoy/q9Qc= -github.com/aws/aws-sdk-go v1.53.16/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/bboreham/go-loser v0.0.0-20230920113527-fcc2c21820a3 h1:6df1vn4bBlDDo4tARvBm7l6KA9iVMnE3NWizDeWSrps= github.com/bboreham/go-loser v0.0.0-20230920113527-fcc2c21820a3/go.mod h1:CIWtjkly68+yqLPbvwwR/fjNJA/idrtULjZWh2v1ys0= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -83,7 +90,7 @@ github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGD github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -104,16 +111,18 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= -github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/facette/natsort v0.0.0-20181210072756-2cd4dd1e2dcb h1:IT4JYU7k4ikYg1SCxNI1/Tieq/NFvh6dzLdgi7eu0tM= github.com/facette/natsort v0.0.0-20181210072756-2cd4dd1e2dcb/go.mod h1:bH6Xx7IW64qjjJq8M2u4dxNaBiDfKK+z/3eGDpXEQhc= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA= github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -155,7 +164,6 @@ github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58= github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= @@ -226,14 +234,17 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20240528025155-186aa0362fba h1:ql1qNgCyOB7iAEk8JTNM+zJrgIbnyCKX/wdlyPufP5g= -github.com/google/pprof v0.0.0-20240528025155-186aa0362fba/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= +github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= +github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc h1:GN2Lv3MGO7AS6PrRoT6yV5+wkrOpcszoIsO4+4ds248= @@ -265,10 +276,10 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU= -github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= -github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= -github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM= +github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= @@ -284,6 +295,10 @@ github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U= +github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA= +github.com/mdlayher/vsock v1.2.1 h1:pC1mTJTvjo1r9n9fbm7S1j04rCgCzhCOS5DY0zqHlnQ= +github.com/mdlayher/vsock v1.2.1/go.mod h1:NRfCibel++DgeMD8z/hP+PPTjlNJsdPOmxcnENvE+SE= github.com/metalmatze/signal v0.0.0-20210307161603-1c9aa721a97a h1:0usWxe5SGXKQovz3p+BiQ81Jy845xSMu2CWKuXsXuUM= github.com/metalmatze/signal v0.0.0-20210307161603-1c9aa721a97a/go.mod h1:3OETvrxfELvGsU2RoGGWercfeZ4bCL3+SOwzIWtJH/Q= github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM= @@ -294,8 +309,8 @@ github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9km github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= +github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= +github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -315,8 +330,8 @@ github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DV github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= -github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -338,8 +353,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= -github.com/prometheus-community/prom-label-proxy v0.10.0 h1:49S1uMRHuTUKoWU9Oj3hrKM2m8F3qkY3TPAOyKQnAVo= -github.com/prometheus-community/prom-label-proxy v0.10.0/go.mod h1:hUQJDmGpo2bVBA03jBur8vvicfA8dbJdDg5hCjPZPw8= +github.com/prometheus-community/prom-label-proxy v0.11.0 h1:IO02WiiFMfcIqvjhwMbCYnDJiTNcSHBrkCGRQ/7KDd0= +github.com/prometheus-community/prom-label-proxy v0.11.0/go.mod h1:lfvrG70XqsxWDrSh1843QXBG0fSg8EbIXmAo8xGsvw8= github.com/prometheus/alertmanager v0.27.0 h1:V6nTa2J5V4s8TG4C4HtrBP/WNSebCCTYGGv4qecA/+I= github.com/prometheus/alertmanager v0.27.0/go.mod h1:8Ia/R3urPmbzJ8OsdvmZvIprDwvwmYCmUbwBL+jlPOE= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -347,8 +362,8 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= -github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -360,47 +375,53 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.54.0 h1:ZlZy0BgJhTwVZUn7dLOkwCZHUkrAqd3WYtcFCWnM1D8= -github.com/prometheus/common v0.54.0/go.mod h1:/TQgMJP5CuVYveyT7n/0Ix8yLNNXy9yRSkhnLTHPDIQ= +github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc= +github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdDeppTwGX4= github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI= -github.com/prometheus/exporter-toolkit v0.11.0 h1:yNTsuZ0aNCNFQ3aFTD2uhPOvr4iD7fdBvKPAEGkNf+g= -github.com/prometheus/exporter-toolkit v0.11.0/go.mod h1:BVnENhnNecpwoTLiABx7mrPB/OLRIgN74qlQbV+FK1Q= +github.com/prometheus/exporter-toolkit v0.13.1 h1:Evsh0gWQo2bdOHlnz9+0Nm7/OFfIwhE2Ws4A2jIlR04= +github.com/prometheus/exporter-toolkit v0.13.1/go.mod h1:ujdv2YIOxtdFxxqtloLpbqmxd5J0Le6IITUvIRSWjj0= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= -github.com/prometheus/prometheus v0.53.0 h1:vOnhpUKrDv954jnVBvhG/ZQJ3kqscnKI+Hbdwo2tAhc= -github.com/prometheus/prometheus v0.53.0/go.mod h1:RZDkzs+ShMBDkAPQkLEaLBXpjmDcjhNxU2drUVPgKUU= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/prometheus/prometheus v0.55.0 h1:ITinOi1zr3HemoVWHf679PfRRmpxZOcR4nEvsze6eB0= +github.com/prometheus/prometheus v0.55.0/go.mod h1:GGS7QlWKCqCbcEzWsVahYIfQwiGhcExkarHyLJTsv6I= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/simonpasquier/klog-gokit/v3 v3.4.0 h1:2eD2INbzUHuGNynPP86BCB8H6Lwfp6wlkOcuyTr3VWM= -github.com/simonpasquier/klog-gokit/v3 v3.4.0/go.mod h1:RREVB5Cc6yYHsweRfhUyM1ZP+Odb8ehxLfY8jaiqvjg= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= -github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/thanos-io/thanos v0.35.1 h1:j07RPGjAe0Bhe5ceO0mSRetdkCxzCznJXXRdQqGGyao= -github.com/thanos-io/thanos v0.35.1/go.mod h1:WHGZyM/qwp857mJr8Q0d7K6eQoLtLv+6p7RNpT/yeIE= +github.com/thanos-io/thanos v0.0.0-20240702084127-fcc88c028acc h1:Bcc0WmbYgJ3r7jy3zDHJBC0IK7Sn9Yzt+PvbbqT94XM= +github.com/thanos-io/thanos v0.0.0-20240702084127-fcc88c028acc/go.mod h1:f7LiW4+/xvV5+gkseMuVbQnrbFTFnCPv5+X1M6mXkn4= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc= github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -414,18 +435,22 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= -go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= -go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= -go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= -go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI= -go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A= -go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= -go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= +go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= +go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= +go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= +go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= +go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= +go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= +go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= +go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= +go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= -go.uber.org/automaxprocs v1.5.3 h1:kWazyxZUrS3Gs4qUpbwo5kEIMGe/DAvi5Z4tl2NW4j8= -go.uber.org/automaxprocs v1.5.3/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0= +go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= +go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -438,8 +463,8 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= +golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -450,8 +475,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY= -golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -503,16 +528,16 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -523,8 +548,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -563,24 +588,24 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -623,8 +648,8 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE= +golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -645,6 +670,8 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= +google.golang.org/api v0.195.0 h1:Ude4N8FvTKnnQJHU48RFI40jOBgIrL8Zqr3/QeST6yU= +google.golang.org/api v0.195.0/go.mod h1:DOGRWuv3P8TU8Lnz7uQc4hyNqrBpMtD9ppW3wBJurgc= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -680,6 +707,9 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20240528184218-531527333157 h1:u7WMYrIrVvs0TF5yaKwKNbcJyySYf+HAIFXxWltJOXE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -692,6 +722,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= +google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -703,8 +735,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= +google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -712,6 +744,8 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -734,27 +768,29 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= -k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= -k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE= -k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw= -k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= -k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/apiserver v0.30.2 h1:ACouHiYl1yFI2VFI3YGM+lvxgy6ir4yK2oLOsLI1/tw= -k8s.io/apiserver v0.30.2/go.mod h1:BOTdFBIch9Sv0ypSEcUR6ew/NUFGocRFNl72Ra7wTm8= -k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= -k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= -k8s.io/component-base v0.30.2 h1:pqGBczYoW1sno8q9ObExUqrYSKhtE5rW3y6gX88GZII= -k8s.io/component-base v0.30.2/go.mod h1:yQLkQDrkK8J6NtP+MGJOws+/PPeEXNpwFixsUI7h/OE= -k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b h1:Q9xmGWBvOGd8UJyccgpYlLosk/JlfP3xQLNkQlHJeXw= -k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0= +k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= +k8s.io/apiextensions-apiserver v0.31.2 h1:W8EwUb8+WXBLu56ser5IudT2cOho0gAKeTOnywBLxd0= +k8s.io/apiextensions-apiserver v0.31.2/go.mod h1:i+Geh+nGCJEGiCGR3MlBDkS7koHIIKWVfWeRFiOsUcM= +k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw= +k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apiserver v0.31.2 h1:VUzOEUGRCDi6kX1OyQ801m4A7AUPglpsmGvdsekmcI4= +k8s.io/apiserver v0.31.2/go.mod h1:o3nKZR7lPlJqkU5I3Ove+Zx3JuoFjQobGX1Gctw6XuE= +k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc= +k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs= +k8s.io/component-base v0.31.2 h1:Z1J1LIaC0AV+nzcPRFqfK09af6bZ4D1nAOpWsy9owlA= +k8s.io/component-base v0.31.2/go.mod h1:9PeyyFN/drHjtJZMCTkSpQJS3U9OXORnHQqMLDz0sUQ= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 h1:1dWzkmJrrprYvjGwh9kEUxmcUV/CtNU8QM7h1FLWQOo= +k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= +k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 h1:b2FmK8YH+QEwq/Sy2uAEhmqL5nPfGYbJOcaqjeYYZoA= +k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= -sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= +sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn/cxOk= +sigs.k8s.io/controller-runtime v0.19.1/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/internal/goruntime/cpu.go b/internal/goruntime/cpu.go index 03ff9bc7b22..02153417be6 100644 --- a/internal/goruntime/cpu.go +++ b/internal/goruntime/cpu.go @@ -16,19 +16,18 @@ package goruntime import ( "fmt" + "log/slog" "strings" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "go.uber.org/automaxprocs/maxprocs" ) -func SetMaxProcs(logger log.Logger) { +func SetMaxProcs(logger *slog.Logger) { l := func(format string, a ...interface{}) { - level.Info(logger).Log("msg", fmt.Sprintf(strings.TrimPrefix(format, "maxprocs: "), a...)) + logger.Info(fmt.Sprintf(strings.TrimPrefix(format, "maxprocs: "), a...)) } if _, err := maxprocs.Set(maxprocs.Logger(l)); err != nil { - level.Warn(logger).Log("msg", "Failed to set GOMAXPROCS automatically", "err", err) + logger.Warn("Failed to set GOMAXPROCS automatically", "err", err) } } diff --git a/internal/goruntime/memory.go b/internal/goruntime/memory.go index 3088addf8d9..d646b1b7635 100644 --- a/internal/goruntime/memory.go +++ b/internal/goruntime/memory.go @@ -15,14 +15,14 @@ package goruntime import ( + "fmt" + "log/slog" "runtime/debug" "github.com/KimMachineGun/automemlimit/memlimit" - "github.com/go-kit/log" - "github.com/go-kit/log/level" ) -func SetMemLimit(logger log.Logger, memlimitRatio float64) { +func SetMemLimit(logger *slog.Logger, memlimitRatio float64) { if memlimitRatio >= 1.0 { memlimitRatio = 1.0 } else if memlimitRatio <= 0.0 { @@ -43,8 +43,8 @@ func SetMemLimit(logger log.Logger, memlimitRatio float64) { ), ), ); err != nil { - level.Warn(logger).Log("component", "automemlimit", "msg", "Failed to set GOMEMLIMIT automatically", "err", err) + logger.Warn("Failed to set GOMEMLIMIT automatically", "component", "automemlimit", "err", err) } - level.Info(logger).Log("GOMEMLIMIT set to %d", debug.SetMemoryLimit(-1)) + logger.Info(fmt.Sprintf("GOMEMLIMIT set to %d", debug.SetMemoryLimit(-1))) } diff --git a/internal/log/log.go b/internal/log/log.go index af349061530..466d11040c0 100644 --- a/internal/log/log.go +++ b/internal/log/log.go @@ -59,7 +59,6 @@ func NewLogger(c Config) (log.Logger, error) { ) // For log levels other than debug, the klog verbosity level is 0. - klogv2.ClampLevel(0) switch strings.ToLower(c.Level) { case LevelAll: lvlOption = loglevel.AllowAll() @@ -93,8 +92,6 @@ func NewLogger(c Config) (log.Logger, error) { logger = log.With(logger, "ts", log.DefaultTimestampUTC) logger = log.With(logger, "caller", log.DefaultCaller) - klogv2.SetLogger(log.With(logger, "component", "k8s_client_runtime")) - return logger, nil } diff --git a/internal/log/slog.go b/internal/log/slog.go new file mode 100644 index 00000000000..221b0afd429 --- /dev/null +++ b/internal/log/slog.go @@ -0,0 +1,108 @@ +// Copyright 2021 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package log + +import ( + "fmt" + "log/slog" + "math" + "os" + "strings" + "time" +) + +// NewLoggerSlog returns a *slog.Logger that prints in the provided format at the +// provided level with a UTC timestamp and the caller of the log entry. +func NewLoggerSlog(c Config) (*slog.Logger, error) { + lvlOption, err := parseLevel(c.Level) + if err != nil { + return nil, err + } + + handler, err := getHandlerFromFormat(c.Format, slog.HandlerOptions{ + Level: lvlOption, + AddSource: true, + ReplaceAttr: replaceSlogAttributes, + }) + if err != nil { + return nil, err + } + + return slog.New(handler), nil +} + +// replaceSlogAttributes replaces fields that were added by default by slog, but had different +// formats or key names in github.com/go-kit/log. The operator was originally implemented with go-kit/log, +// so we use these replacements to make the migration smoother. +func replaceSlogAttributes(_ []string, a slog.Attr) slog.Attr { + if a.Key == "time" { + return slog.Attr{ + Key: "ts", + Value: slog.StringValue(a.Value.Time().UTC().Format(time.RFC3339Nano)), + } + } + + if a.Key == "level" { + return slog.Attr{ + Key: "level", + Value: slog.StringValue(strings.ToLower(a.Value.String())), + } + } + + if a.Key == "source" { + return slog.Attr{ + Key: "caller", + Value: a.Value, + } + } + + return a +} + +// getHandlerFromFormat returns a slog.Handler based on the provided format and slog options. +func getHandlerFromFormat(format string, opts slog.HandlerOptions) (slog.Handler, error) { + var handler slog.Handler + switch strings.ToLower(format) { + case FormatLogFmt: + handler = slog.NewTextHandler(os.Stdout, &opts) + return handler, nil + case FormatJSON: + handler = slog.NewJSONHandler(os.Stdout, &opts) + return handler, nil + default: + return nil, fmt.Errorf("log format %s unknown, %v are possible values", format, AvailableLogFormats) + } +} + +// parseLevel returns the slog.Level based on the provided string. +func parseLevel(lvl string) (slog.Level, error) { + switch strings.ToLower(lvl) { + case LevelAll: + return slog.LevelDebug, nil + case LevelDebug: + return slog.LevelDebug, nil + case LevelInfo: + return slog.LevelInfo, nil + case LevelWarn: + return slog.LevelWarn, nil + case LevelError: + return slog.LevelError, nil + case LevelNone: + // Level with math.MaxInt is used to disable logging. + return math.MaxInt, nil + default: + return math.MaxInt, fmt.Errorf("log log_level %s unknown, %v are possible values", lvl, AvailableLogLevels) + } +} diff --git a/internal/log/slog_test.go b/internal/log/slog_test.go new file mode 100644 index 00000000000..b748ad35ece --- /dev/null +++ b/internal/log/slog_test.go @@ -0,0 +1,157 @@ +// Copyright The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package log + +import ( + "bytes" + "encoding/json" + "log/slog" + "math" + "os" + "testing" + + "github.com/stretchr/testify/require" +) + +// TestReplaceAttribute validates if all attributes that were replaced are present in the slog.Logger output. +func TestReplaceAttributes(t *testing.T) { + var buf bytes.Buffer + h := slog.NewJSONHandler(&buf, &slog.HandlerOptions{ + AddSource: true, + Level: slog.LevelDebug, + ReplaceAttr: replaceSlogAttributes, + }) + + l := slog.New(h) + + l.Info("test") + + var m map[string]interface{} + err := json.Unmarshal(buf.Bytes(), &m) + require.NoError(t, err) + + require.Contains(t, m, "level") + require.Contains(t, m, "msg") + require.Contains(t, m, "caller") +} + +func TestParseFmt(t *testing.T) { + handler, err := getHandlerFromFormat(FormatJSON, slog.HandlerOptions{ + Level: slog.LevelDebug, + AddSource: true, + }) + + require.NoError(t, err) + + wantJSONHandler := slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{ + Level: slog.LevelDebug, + AddSource: true, + }) + + require.Equal(t, wantJSONHandler, handler) + + handler, err = getHandlerFromFormat(FormatLogFmt, slog.HandlerOptions{ + Level: slog.LevelDebug, + AddSource: true, + }) + + require.NoError(t, err) + + wantTextHandler := slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + Level: slog.LevelDebug, + AddSource: true, + }) + + require.Equal(t, wantTextHandler, handler) +} + +func TestParseLevel(t *testing.T) { + type args struct { + lvl string + } + tests := []struct { + name string + args args + want slog.Level + wantErr bool + }{ + { + name: "all", + args: args{ + lvl: LevelAll, + }, + want: slog.LevelDebug, + wantErr: false, + }, + { + name: "debug", + args: args{ + lvl: LevelDebug, + }, + want: slog.LevelDebug, + wantErr: false, + }, + { + name: "info", + args: args{ + lvl: LevelInfo, + }, + want: slog.LevelInfo, + wantErr: false, + }, + { + name: "warn", + args: args{ + lvl: LevelWarn, + }, + want: slog.LevelWarn, + wantErr: false, + }, + { + name: "error", + args: args{ + lvl: LevelError, + }, + want: slog.LevelError, + wantErr: false, + }, + { + name: "none", + args: args{ + lvl: LevelNone, + }, + want: math.MaxInt, + wantErr: false, + }, + { + name: "unknown", + args: args{ + lvl: "unknown", + }, + want: math.MaxInt, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := parseLevel(tt.args.lvl) + if (err != nil) != tt.wantErr { + t.Errorf("ParseLevel() error = %v, wantErr %v", err, tt.wantErr) + return + } + require.Equal(t, tt.want, got) + }) + } +} diff --git a/internal/util/sort.go b/internal/util/sort.go new file mode 100644 index 00000000000..ba1062e1434 --- /dev/null +++ b/internal/util/sort.go @@ -0,0 +1,30 @@ +// Copyright 2024 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package util + +import ( + "cmp" + "slices" +) + +// SortedKeys returns a slice of the map keys in sorted order. +func SortedKeys[Key cmp.Ordered, Value any](m map[Key]Value) []Key { + keys := make([]Key, 0) + for k := range m { + keys = append(keys, k) + } + slices.Sort(keys) + return keys +} diff --git a/internal/util/sort_test.go b/internal/util/sort_test.go new file mode 100644 index 00000000000..0e5a2e61943 --- /dev/null +++ b/internal/util/sort_test.go @@ -0,0 +1,55 @@ +// Copyright 2024 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package util + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestSortKeysEmptyMap(t *testing.T) { + var emptyMap map[int]string + keys := SortedKeys(emptyMap) + target := []int{} + require.Equal(t, keys, target) +} + +func TestSortKeys(t *testing.T) { + + intKeys := SortedKeys(map[int]interface{}{ + -10: 6, + 0: "", + 5: []byte(""), + -1: -9.56, + }) + require.Equal(t, []int{-10, -1, 0, 5}, intKeys) + + strKeys := SortedKeys(map[string]interface{}{ + "a": 6, + "c": "", + "d": []byte(""), + "b": -9.56, + }) + require.Equal(t, []string{"a", "b", "c", "d"}, strKeys) + + int32Keys := SortedKeys(map[int32]interface{}{ + -10: 6, + 0: "", + 5: []byte(""), + -1: -9.56, + }) + require.Equal(t, []int32{-10, -1, 0, 5}, int32Keys) +} diff --git a/jsonnet/prometheus-operator/alertmanagerconfigs-crd.json b/jsonnet/prometheus-operator/alertmanagerconfigs-crd.json index 4866128623c..7a09a52bd0b 100644 --- a/jsonnet/prometheus-operator/alertmanagerconfigs-crd.json +++ b/jsonnet/prometheus-operator/alertmanagerconfigs-crd.json @@ -3,8 +3,8 @@ "kind": "CustomResourceDefinition", "metadata": { "annotations": { - "controller-gen.kubebuilder.io/version": "v0.15.0", - "operator.prometheus.io/version": "0.75.2" + "controller-gen.kubebuilder.io/version": "v0.16.4", + "operator.prometheus.io/version": "0.78.2" }, "name": "alertmanagerconfigs.monitoring.coreos.com" }, @@ -42,7 +42,7 @@ "type": "object" }, "spec": { - "description": "AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration.\nBy definition, the Alertmanager configuration only applies to alerts for which\nthe `namespace` label is equal to the namespace of the AlertmanagerConfig resource.", + "description": "AlertmanagerConfigSpec is a specification of the desired behavior of the\nAlertmanager configuration.\nBy default, the Alertmanager configuration only applies to alerts for which\nthe `namespace` label is equal to the namespace of the AlertmanagerConfig\nresource (see the `.spec.alertmanagerConfigMatcherStrategy` field of the\nAlertmanager CRD).", "properties": { "inhibitRules": { "description": "List of inhibition rules. The rules will only apply to alerts matching\nthe resource's namespace.", @@ -222,6 +222,9 @@ "type": "array" } }, + "required": [ + "name" + ], "type": "object" }, "type": "array" @@ -245,7 +248,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -274,7 +277,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -289,7 +292,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -307,7 +310,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -330,7 +333,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -356,7 +359,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -374,6 +377,10 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { @@ -389,7 +396,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -412,7 +419,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -438,7 +445,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -459,6 +466,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -466,6 +517,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -479,8 +691,48 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", "type": "string" }, "tlsConfig": { @@ -498,7 +750,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -521,7 +773,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -550,7 +802,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -573,7 +825,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -603,7 +855,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -617,6 +869,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -665,7 +937,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -688,7 +960,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -772,7 +1044,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -795,7 +1067,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -824,7 +1096,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -847,7 +1119,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -877,7 +1149,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -891,6 +1163,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -927,7 +1219,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -942,7 +1234,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -960,7 +1252,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -983,7 +1275,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1009,7 +1301,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1027,6 +1319,10 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { @@ -1042,7 +1338,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1065,7 +1361,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1091,7 +1387,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1112,6 +1408,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -1119,6 +1459,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -1132,8 +1633,48 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", "type": "string" }, "tlsConfig": { @@ -1151,7 +1692,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1174,7 +1715,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1203,7 +1744,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1226,7 +1767,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1256,7 +1797,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1270,6 +1811,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -1305,7 +1866,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1350,7 +1911,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1414,7 +1975,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1429,7 +1990,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -1447,7 +2008,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1470,7 +2031,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1496,7 +2057,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1514,6 +2075,10 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { @@ -1529,7 +2094,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1552,7 +2117,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1578,7 +2143,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1599,35 +2164,280 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyURL": { - "description": "Optional proxy URL.", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -1638,7 +2448,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1661,7 +2471,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1690,7 +2500,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1713,7 +2523,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1743,7 +2553,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1757,6 +2567,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -1897,7 +2727,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1912,7 +2742,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -1930,7 +2760,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1953,7 +2783,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1979,7 +2809,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1997,6 +2827,10 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { @@ -2012,7 +2846,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2035,7 +2869,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2061,7 +2895,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2082,6 +2916,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -2089,6 +2967,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -2102,8 +3141,48 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", "type": "string" }, "tlsConfig": { @@ -2121,7 +3200,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2144,7 +3223,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2173,7 +3252,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2196,7 +3275,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2226,7 +3305,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2240,6 +3319,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -2299,7 +3398,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2326,7 +3425,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2390,7 +3489,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2405,7 +3504,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -2423,7 +3522,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2446,7 +3545,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2472,7 +3571,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2490,6 +3589,10 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { @@ -2505,7 +3608,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2528,7 +3631,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2554,7 +3657,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2575,18 +3678,223 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" - } + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } }, "required": [ "clientId", @@ -2595,8 +3903,48 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", "type": "string" }, "tlsConfig": { @@ -2614,7 +3962,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2637,7 +3985,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2666,7 +4014,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2689,7 +4037,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2719,7 +4067,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2733,6 +4081,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -2777,7 +4145,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2817,7 +4185,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2910,7 +4278,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2980,7 +4348,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2995,7 +4363,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -3013,7 +4381,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3036,7 +4404,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3062,7 +4430,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3080,6 +4448,10 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { @@ -3095,7 +4467,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3118,7 +4490,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3144,7 +4516,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3165,6 +4537,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -3172,6 +4588,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -3185,8 +4762,48 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", "type": "string" }, "tlsConfig": { @@ -3204,7 +4821,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3227,7 +4844,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3256,7 +4873,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3279,7 +4896,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3309,7 +4926,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3323,6 +4940,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -3412,7 +5049,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3427,7 +5064,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -3445,7 +5082,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3468,7 +5105,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3494,7 +5131,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3512,6 +5149,10 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { @@ -3527,7 +5168,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3550,7 +5191,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3576,7 +5217,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3597,35 +5238,280 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyURL": { - "description": "Optional proxy URL.", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -3636,7 +5522,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3659,7 +5545,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3688,7 +5574,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3711,7 +5597,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3741,7 +5627,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3755,6 +5641,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -3789,7 +5695,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3824,7 +5730,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3868,7 +5774,7 @@ "type": "string" }, "botToken": { - "description": "Telegram bot token. It is mutually exclusive with `botTokenFile`.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\n\n\nEither `botToken` or `botTokenFile` is required.", + "description": "Telegram bot token. It is mutually exclusive with `botTokenFile`.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\n\nEither `botToken` or `botTokenFile` is required.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", @@ -3876,7 +5782,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3891,7 +5797,7 @@ "x-kubernetes-map-type": "atomic" }, "botTokenFile": { - "description": "File to read the Telegram bot token from. It is mutually exclusive with `botToken`.\nEither `botToken` or `botTokenFile` is required.\n\n\nIt requires Alertmanager >= v0.26.0.", + "description": "File to read the Telegram bot token from. It is mutually exclusive with `botToken`.\nEither `botToken` or `botTokenFile` is required.\n\nIt requires Alertmanager >= v0.26.0.", "type": "string" }, "chatID": { @@ -3918,7 +5824,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3933,7 +5839,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -3951,7 +5857,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3974,7 +5880,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4000,7 +5906,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4018,6 +5924,10 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { @@ -4033,7 +5943,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4056,7 +5966,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4082,7 +5992,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4103,6 +6013,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -4110,6 +6064,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -4123,8 +6238,48 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", "type": "string" }, "tlsConfig": { @@ -4142,7 +6297,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4165,7 +6320,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4194,7 +6349,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4217,7 +6372,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4247,7 +6402,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4261,6 +6416,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -4289,6 +6464,9 @@ "type": "boolean" } }, + "required": [ + "chatID" + ], "type": "object" }, "type": "array" @@ -4307,7 +6485,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4367,7 +6545,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4382,7 +6560,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -4400,7 +6578,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4423,7 +6601,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4449,7 +6627,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4467,6 +6645,10 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { @@ -4482,7 +6664,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4505,7 +6687,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4531,7 +6713,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4552,6 +6734,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -4559,6 +6785,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -4572,8 +6959,48 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", "type": "string" }, "tlsConfig": { @@ -4591,7 +7018,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4614,7 +7041,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4643,7 +7070,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4666,7 +7093,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4696,7 +7123,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4710,6 +7137,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -4770,7 +7217,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4785,7 +7232,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -4803,7 +7250,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4826,7 +7273,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4852,7 +7299,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4870,6 +7317,10 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { @@ -4885,7 +7336,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4908,7 +7359,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4934,7 +7385,264 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4948,35 +7656,23 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } + "type": "array" }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", "type": "string" }, "tlsConfig": { @@ -4994,7 +7690,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5017,7 +7713,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5046,7 +7742,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5069,7 +7765,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5099,7 +7795,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5113,6 +7809,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -5164,7 +7880,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5179,7 +7895,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -5197,7 +7913,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5220,7 +7936,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5246,7 +7962,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5264,6 +7980,10 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { @@ -5279,7 +7999,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5302,7 +8022,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5328,7 +8048,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5349,6 +8069,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -5356,6 +8120,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -5369,8 +8294,48 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", "type": "string" }, "tlsConfig": { @@ -5388,7 +8353,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5411,7 +8376,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5440,7 +8405,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5463,7 +8428,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5493,7 +8458,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5507,6 +8472,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -5540,7 +8525,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5576,7 +8561,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5613,7 +8598,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5628,7 +8613,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -5646,7 +8631,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5669,7 +8654,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5695,7 +8680,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5713,6 +8698,10 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { @@ -5728,7 +8717,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5751,7 +8740,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5777,7 +8766,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5798,6 +8787,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -5805,6 +8838,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -5818,8 +9012,48 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", "type": "string" }, "tlsConfig": { @@ -5837,7 +9071,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5860,7 +9094,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5889,7 +9123,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5912,7 +9146,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5942,7 +9176,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5956,6 +9190,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" diff --git a/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet b/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet index f3cb87e1a9b..b1cd3c96e0b 100644 --- a/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet +++ b/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet @@ -4,7 +4,7 @@ name: 'v1beta1', schema: { openAPIV3Schema: { - description: 'AlertmanagerConfig configures the Prometheus Alertmanager,\nspecifying how alerts should be grouped, inhibited and notified to external systems.', + description: 'The `AlertmanagerConfig` custom resource definition (CRD) defines how `Alertmanager` objects process Prometheus alerts. It allows to specify alert grouping and routing, notification receivers and inhibition rules.\n\n`Alertmanager` objects select `AlertmanagerConfig` objects using label and namespace selectors.', properties: { apiVersion: { description: 'APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources', @@ -120,7 +120,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -149,7 +149,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -164,7 +164,7 @@ 'x-kubernetes-map-type': 'atomic', }, type: { - description: 'Defines the authentication type. The value is case-insensitive.\n\n\n"Basic" is not a supported value.\n\n\nDefault: "Bearer"', + description: 'Defines the authentication type. The value is case-insensitive.\n\n"Basic" is not a supported value.\n\nDefault: "Bearer"', type: 'string', }, }, @@ -182,7 +182,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -205,7 +205,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -246,6 +246,10 @@ description: 'FollowRedirects specifies whether the client should follow HTTP 3xx redirects.', type: 'boolean', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, oauth2: { description: 'OAuth2 client credentials used to fetch a token for the targets.', properties: { @@ -261,7 +265,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -284,7 +288,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -310,7 +314,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -331,6 +335,50 @@ description: '`endpointParams` configures the HTTP parameters to append to the token\nURL.', type: 'object', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, scopes: { description: '`scopes` defines the OAuth2 scopes used for the token request.', items: { @@ -338,6 +386,167 @@ }, type: 'array', }, + tlsConfig: { + description: 'TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.', + properties: { + ca: { + description: 'Certificate authority used when verifying server certificates.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + cert: { + description: 'Client certificate to present when doing client-authentication.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + insecureSkipVerify: { + description: 'Disable target certificate validation.', + type: 'boolean', + }, + keySecret: { + description: 'Secret containing the client key file for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + serverName: { + description: 'Used to verify the hostname for the targets.', + type: 'string', + }, + }, + type: 'object', + }, tokenUrl: { description: '`tokenURL` configures the URL to fetch the token from.', minLength: 1, @@ -351,8 +560,48 @@ ], type: 'object', }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, proxyURL: { - description: 'Optional proxy URL.', + description: 'Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.', + type: 'string', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', type: 'string', }, tlsConfig: { @@ -370,7 +619,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -393,7 +642,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -422,7 +671,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -445,7 +694,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -475,7 +724,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -489,6 +738,26 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, serverName: { description: 'Used to verify the hostname for the targets.', type: 'string', @@ -512,6 +781,9 @@ type: 'string', }, }, + required: [ + 'apiURL', + ], type: 'object', }, type: 'array', @@ -635,7 +907,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -658,7 +930,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -687,7 +959,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -710,7 +982,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -740,7 +1012,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -754,6 +1026,26 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, serverName: { description: 'Used to verify the hostname for the targets.', type: 'string', @@ -790,7 +1082,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -805,7 +1097,7 @@ 'x-kubernetes-map-type': 'atomic', }, type: { - description: 'Defines the authentication type. The value is case-insensitive.\n\n\n"Basic" is not a supported value.\n\n\nDefault: "Bearer"', + description: 'Defines the authentication type. The value is case-insensitive.\n\n"Basic" is not a supported value.\n\nDefault: "Bearer"', type: 'string', }, }, @@ -823,7 +1115,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -846,7 +1138,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -887,6 +1179,10 @@ description: 'FollowRedirects specifies whether the client should follow HTTP 3xx redirects.', type: 'boolean', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, oauth2: { description: 'OAuth2 client credentials used to fetch a token for the targets.', properties: { @@ -902,7 +1198,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -925,7 +1221,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -951,7 +1247,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -972,6 +1268,50 @@ description: '`endpointParams` configures the HTTP parameters to append to the token\nURL.', type: 'object', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, scopes: { description: '`scopes` defines the OAuth2 scopes used for the token request.', items: { @@ -979,6 +1319,167 @@ }, type: 'array', }, + tlsConfig: { + description: 'TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.', + properties: { + ca: { + description: 'Certificate authority used when verifying server certificates.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + cert: { + description: 'Client certificate to present when doing client-authentication.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + insecureSkipVerify: { + description: 'Disable target certificate validation.', + type: 'boolean', + }, + keySecret: { + description: 'Secret containing the client key file for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + serverName: { + description: 'Used to verify the hostname for the targets.', + type: 'string', + }, + }, + type: 'object', + }, tokenUrl: { description: '`tokenURL` configures the URL to fetch the token from.', minLength: 1, @@ -992,8 +1493,48 @@ ], type: 'object', }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, proxyURL: { - description: 'Optional proxy URL.', + description: 'Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.', + type: 'string', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', type: 'string', }, tlsConfig: { @@ -1011,7 +1552,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1034,7 +1575,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1063,7 +1604,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1086,7 +1627,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1116,7 +1657,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1130,6 +1671,26 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, serverName: { description: 'Used to verify the hostname for the targets.', type: 'string', @@ -1165,7 +1726,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1271,7 +1832,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1286,7 +1847,7 @@ 'x-kubernetes-map-type': 'atomic', }, type: { - description: 'Defines the authentication type. The value is case-insensitive.\n\n\n"Basic" is not a supported value.\n\n\nDefault: "Bearer"', + description: 'Defines the authentication type. The value is case-insensitive.\n\n"Basic" is not a supported value.\n\nDefault: "Bearer"', type: 'string', }, }, @@ -1304,7 +1865,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1327,7 +1888,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1368,6 +1929,10 @@ description: 'FollowRedirects specifies whether the client should follow HTTP 3xx redirects.', type: 'boolean', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, oauth2: { description: 'OAuth2 client credentials used to fetch a token for the targets.', properties: { @@ -1383,7 +1948,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1406,7 +1971,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1432,7 +1997,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1453,33 +2018,278 @@ description: '`endpointParams` configures the HTTP parameters to append to the token\nURL.', type: 'object', }, - scopes: { - description: '`scopes` defines the OAuth2 scopes used for the token request.', - items: { - type: 'string', - }, - type: 'array', - }, - tokenUrl: { - description: '`tokenURL` configures the URL to fetch the token from.', - minLength: 1, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', type: 'string', }, - }, - required: [ - 'clientId', - 'clientSecret', - 'tokenUrl', - ], - type: 'object', - }, - proxyURL: { - description: 'Optional proxy URL.', - type: 'string', - }, - tlsConfig: { - description: 'TLS configuration for the client.', - properties: { + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, + scopes: { + description: '`scopes` defines the OAuth2 scopes used for the token request.', + items: { + type: 'string', + }, + type: 'array', + }, + tlsConfig: { + description: 'TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.', + properties: { + ca: { + description: 'Certificate authority used when verifying server certificates.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + cert: { + description: 'Client certificate to present when doing client-authentication.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + insecureSkipVerify: { + description: 'Disable target certificate validation.', + type: 'boolean', + }, + keySecret: { + description: 'Secret containing the client key file for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + serverName: { + description: 'Used to verify the hostname for the targets.', + type: 'string', + }, + }, + type: 'object', + }, + tokenUrl: { + description: '`tokenURL` configures the URL to fetch the token from.', + minLength: 1, + type: 'string', + }, + }, + required: [ + 'clientId', + 'clientSecret', + 'tokenUrl', + ], + type: 'object', + }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyURL: { + description: 'Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.', + type: 'string', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, + tlsConfig: { + description: 'TLS configuration for the client.', + properties: { ca: { description: 'Certificate authority used when verifying server certificates.', properties: { @@ -1492,7 +2302,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1515,7 +2325,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1544,7 +2354,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1567,7 +2377,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1597,7 +2407,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1611,6 +2421,26 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, serverName: { description: 'Used to verify the hostname for the targets.', type: 'string', @@ -1754,7 +2584,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1769,7 +2599,7 @@ 'x-kubernetes-map-type': 'atomic', }, type: { - description: 'Defines the authentication type. The value is case-insensitive.\n\n\n"Basic" is not a supported value.\n\n\nDefault: "Bearer"', + description: 'Defines the authentication type. The value is case-insensitive.\n\n"Basic" is not a supported value.\n\nDefault: "Bearer"', type: 'string', }, }, @@ -1787,7 +2617,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1810,7 +2640,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1851,6 +2681,10 @@ description: 'FollowRedirects specifies whether the client should follow HTTP 3xx redirects.', type: 'boolean', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, oauth2: { description: 'OAuth2 client credentials used to fetch a token for the targets.', properties: { @@ -1866,7 +2700,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1889,7 +2723,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1915,7 +2749,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1936,6 +2770,50 @@ description: '`endpointParams` configures the HTTP parameters to append to the token\nURL.', type: 'object', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, scopes: { description: '`scopes` defines the OAuth2 scopes used for the token request.', items: { @@ -1943,6 +2821,167 @@ }, type: 'array', }, + tlsConfig: { + description: 'TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.', + properties: { + ca: { + description: 'Certificate authority used when verifying server certificates.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + cert: { + description: 'Client certificate to present when doing client-authentication.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + insecureSkipVerify: { + description: 'Disable target certificate validation.', + type: 'boolean', + }, + keySecret: { + description: 'Secret containing the client key file for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + serverName: { + description: 'Used to verify the hostname for the targets.', + type: 'string', + }, + }, + type: 'object', + }, tokenUrl: { description: '`tokenURL` configures the URL to fetch the token from.', minLength: 1, @@ -1956,8 +2995,48 @@ ], type: 'object', }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, proxyURL: { - description: 'Optional proxy URL.', + description: 'Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.', + type: 'string', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', type: 'string', }, tlsConfig: { @@ -1975,7 +3054,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -1998,7 +3077,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2027,7 +3106,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2050,7 +3129,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2080,7 +3159,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2094,6 +3173,26 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, serverName: { description: 'Used to verify the hostname for the targets.', type: 'string', @@ -2238,7 +3337,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2253,7 +3352,7 @@ 'x-kubernetes-map-type': 'atomic', }, type: { - description: 'Defines the authentication type. The value is case-insensitive.\n\n\n"Basic" is not a supported value.\n\n\nDefault: "Bearer"', + description: 'Defines the authentication type. The value is case-insensitive.\n\n"Basic" is not a supported value.\n\nDefault: "Bearer"', type: 'string', }, }, @@ -2271,7 +3370,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2294,7 +3393,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2335,6 +3434,10 @@ description: 'FollowRedirects specifies whether the client should follow HTTP 3xx redirects.', type: 'boolean', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, oauth2: { description: 'OAuth2 client credentials used to fetch a token for the targets.', properties: { @@ -2350,7 +3453,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2373,7 +3476,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2399,7 +3502,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2420,16 +3523,221 @@ description: '`endpointParams` configures the HTTP parameters to append to the token\nURL.', type: 'object', }, - scopes: { - description: '`scopes` defines the OAuth2 scopes used for the token request.', - items: { - type: 'string', - }, - type: 'array', - }, - tokenUrl: { - description: '`tokenURL` configures the URL to fetch the token from.', - minLength: 1, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, + scopes: { + description: '`scopes` defines the OAuth2 scopes used for the token request.', + items: { + type: 'string', + }, + type: 'array', + }, + tlsConfig: { + description: 'TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.', + properties: { + ca: { + description: 'Certificate authority used when verifying server certificates.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + cert: { + description: 'Client certificate to present when doing client-authentication.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + insecureSkipVerify: { + description: 'Disable target certificate validation.', + type: 'boolean', + }, + keySecret: { + description: 'Secret containing the client key file for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + serverName: { + description: 'Used to verify the hostname for the targets.', + type: 'string', + }, + }, + type: 'object', + }, + tokenUrl: { + description: '`tokenURL` configures the URL to fetch the token from.', + minLength: 1, type: 'string', }, }, @@ -2440,8 +3748,48 @@ ], type: 'object', }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, proxyURL: { - description: 'Optional proxy URL.', + description: 'Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.', + type: 'string', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', type: 'string', }, tlsConfig: { @@ -2459,7 +3807,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2482,7 +3830,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2511,7 +3859,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2534,7 +3882,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2564,7 +3912,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2578,6 +3926,26 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, serverName: { description: 'Used to verify the hostname for the targets.', type: 'string', @@ -2816,7 +4184,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2831,7 +4199,7 @@ 'x-kubernetes-map-type': 'atomic', }, type: { - description: 'Defines the authentication type. The value is case-insensitive.\n\n\n"Basic" is not a supported value.\n\n\nDefault: "Bearer"', + description: 'Defines the authentication type. The value is case-insensitive.\n\n"Basic" is not a supported value.\n\nDefault: "Bearer"', type: 'string', }, }, @@ -2849,7 +4217,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2872,7 +4240,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2913,6 +4281,10 @@ description: 'FollowRedirects specifies whether the client should follow HTTP 3xx redirects.', type: 'boolean', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, oauth2: { description: 'OAuth2 client credentials used to fetch a token for the targets.', properties: { @@ -2928,7 +4300,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2951,7 +4323,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2977,7 +4349,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -2998,6 +4370,50 @@ description: '`endpointParams` configures the HTTP parameters to append to the token\nURL.', type: 'object', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, scopes: { description: '`scopes` defines the OAuth2 scopes used for the token request.', items: { @@ -3005,6 +4421,167 @@ }, type: 'array', }, + tlsConfig: { + description: 'TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.', + properties: { + ca: { + description: 'Certificate authority used when verifying server certificates.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + cert: { + description: 'Client certificate to present when doing client-authentication.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + insecureSkipVerify: { + description: 'Disable target certificate validation.', + type: 'boolean', + }, + keySecret: { + description: 'Secret containing the client key file for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + serverName: { + description: 'Used to verify the hostname for the targets.', + type: 'string', + }, + }, + type: 'object', + }, tokenUrl: { description: '`tokenURL` configures the URL to fetch the token from.', minLength: 1, @@ -3018,8 +4595,48 @@ ], type: 'object', }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, proxyURL: { - description: 'Optional proxy URL.', + description: 'Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.', + type: 'string', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', type: 'string', }, tlsConfig: { @@ -3037,7 +4654,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3060,7 +4677,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3089,7 +4706,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3112,7 +4729,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3142,7 +4759,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3156,6 +4773,26 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, serverName: { description: 'Used to verify the hostname for the targets.', type: 'string', @@ -3245,7 +4882,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3260,7 +4897,7 @@ 'x-kubernetes-map-type': 'atomic', }, type: { - description: 'Defines the authentication type. The value is case-insensitive.\n\n\n"Basic" is not a supported value.\n\n\nDefault: "Bearer"', + description: 'Defines the authentication type. The value is case-insensitive.\n\n"Basic" is not a supported value.\n\nDefault: "Bearer"', type: 'string', }, }, @@ -3278,7 +4915,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3301,7 +4938,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3342,6 +4979,10 @@ description: 'FollowRedirects specifies whether the client should follow HTTP 3xx redirects.', type: 'boolean', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, oauth2: { description: 'OAuth2 client credentials used to fetch a token for the targets.', properties: { @@ -3357,7 +4998,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3380,7 +5021,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3406,7 +5047,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3427,33 +5068,278 @@ description: '`endpointParams` configures the HTTP parameters to append to the token\nURL.', type: 'object', }, - scopes: { - description: '`scopes` defines the OAuth2 scopes used for the token request.', - items: { - type: 'string', - }, - type: 'array', - }, - tokenUrl: { - description: '`tokenURL` configures the URL to fetch the token from.', - minLength: 1, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', type: 'string', }, - }, - required: [ - 'clientId', - 'clientSecret', - 'tokenUrl', - ], - type: 'object', - }, - proxyURL: { - description: 'Optional proxy URL.', - type: 'string', - }, - tlsConfig: { - description: 'TLS configuration for the client.', - properties: { + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, + scopes: { + description: '`scopes` defines the OAuth2 scopes used for the token request.', + items: { + type: 'string', + }, + type: 'array', + }, + tlsConfig: { + description: 'TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.', + properties: { + ca: { + description: 'Certificate authority used when verifying server certificates.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + cert: { + description: 'Client certificate to present when doing client-authentication.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + insecureSkipVerify: { + description: 'Disable target certificate validation.', + type: 'boolean', + }, + keySecret: { + description: 'Secret containing the client key file for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + serverName: { + description: 'Used to verify the hostname for the targets.', + type: 'string', + }, + }, + type: 'object', + }, + tokenUrl: { + description: '`tokenURL` configures the URL to fetch the token from.', + minLength: 1, + type: 'string', + }, + }, + required: [ + 'clientId', + 'clientSecret', + 'tokenUrl', + ], + type: 'object', + }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyURL: { + description: 'Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.', + type: 'string', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, + tlsConfig: { + description: 'TLS configuration for the client.', + properties: { ca: { description: 'Certificate authority used when verifying server certificates.', properties: { @@ -3466,7 +5352,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3489,7 +5375,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3518,7 +5404,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3541,7 +5427,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3571,7 +5457,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3585,6 +5471,26 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, serverName: { description: 'Used to verify the hostname for the targets.', type: 'string', @@ -3619,7 +5525,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3654,7 +5560,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3698,7 +5604,7 @@ type: 'string', }, botToken: { - description: 'Telegram bot token. It is mutually exclusive with `botTokenFile`.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\n\n\nEither `botToken` or `botTokenFile` is required.', + description: 'Telegram bot token. It is mutually exclusive with `botTokenFile`.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\n\nEither `botToken` or `botTokenFile` is required.', properties: { key: { description: 'The key of the secret to select from. Must be a valid secret key.', @@ -3718,7 +5624,7 @@ type: 'object', }, botTokenFile: { - description: 'File to read the Telegram bot token from. It is mutually exclusive with `botToken`.\nEither `botToken` or `botTokenFile` is required.\n\n\nIt requires Alertmanager >= v0.26.0.', + description: 'File to read the Telegram bot token from. It is mutually exclusive with `botToken`.\nEither `botToken` or `botTokenFile` is required.\n\nIt requires Alertmanager >= v0.26.0.', type: 'string', }, chatID: { @@ -3745,7 +5651,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3760,7 +5666,7 @@ 'x-kubernetes-map-type': 'atomic', }, type: { - description: 'Defines the authentication type. The value is case-insensitive.\n\n\n"Basic" is not a supported value.\n\n\nDefault: "Bearer"', + description: 'Defines the authentication type. The value is case-insensitive.\n\n"Basic" is not a supported value.\n\nDefault: "Bearer"', type: 'string', }, }, @@ -3778,7 +5684,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3801,7 +5707,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3842,6 +5748,10 @@ description: 'FollowRedirects specifies whether the client should follow HTTP 3xx redirects.', type: 'boolean', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, oauth2: { description: 'OAuth2 client credentials used to fetch a token for the targets.', properties: { @@ -3857,7 +5767,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3880,7 +5790,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3906,7 +5816,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3927,6 +5837,50 @@ description: '`endpointParams` configures the HTTP parameters to append to the token\nURL.', type: 'object', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, scopes: { description: '`scopes` defines the OAuth2 scopes used for the token request.', items: { @@ -3934,6 +5888,167 @@ }, type: 'array', }, + tlsConfig: { + description: 'TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.', + properties: { + ca: { + description: 'Certificate authority used when verifying server certificates.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + cert: { + description: 'Client certificate to present when doing client-authentication.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + insecureSkipVerify: { + description: 'Disable target certificate validation.', + type: 'boolean', + }, + keySecret: { + description: 'Secret containing the client key file for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + serverName: { + description: 'Used to verify the hostname for the targets.', + type: 'string', + }, + }, + type: 'object', + }, tokenUrl: { description: '`tokenURL` configures the URL to fetch the token from.', minLength: 1, @@ -3947,8 +6062,48 @@ ], type: 'object', }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, proxyURL: { - description: 'Optional proxy URL.', + description: 'Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.', + type: 'string', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', type: 'string', }, tlsConfig: { @@ -3966,7 +6121,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -3989,7 +6144,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4018,7 +6173,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4041,7 +6196,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4071,7 +6226,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4085,6 +6240,26 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, serverName: { description: 'Used to verify the hostname for the targets.', type: 'string', @@ -4113,6 +6288,9 @@ type: 'boolean', }, }, + required: [ + 'chatID', + ], type: 'object', }, type: 'array', @@ -4188,7 +6366,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4203,7 +6381,7 @@ 'x-kubernetes-map-type': 'atomic', }, type: { - description: 'Defines the authentication type. The value is case-insensitive.\n\n\n"Basic" is not a supported value.\n\n\nDefault: "Bearer"', + description: 'Defines the authentication type. The value is case-insensitive.\n\n"Basic" is not a supported value.\n\nDefault: "Bearer"', type: 'string', }, }, @@ -4221,7 +6399,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4244,7 +6422,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4285,6 +6463,10 @@ description: 'FollowRedirects specifies whether the client should follow HTTP 3xx redirects.', type: 'boolean', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, oauth2: { description: 'OAuth2 client credentials used to fetch a token for the targets.', properties: { @@ -4300,7 +6482,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4323,7 +6505,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4349,7 +6531,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4370,6 +6552,50 @@ description: '`endpointParams` configures the HTTP parameters to append to the token\nURL.', type: 'object', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, scopes: { description: '`scopes` defines the OAuth2 scopes used for the token request.', items: { @@ -4377,6 +6603,167 @@ }, type: 'array', }, + tlsConfig: { + description: 'TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.', + properties: { + ca: { + description: 'Certificate authority used when verifying server certificates.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + cert: { + description: 'Client certificate to present when doing client-authentication.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + insecureSkipVerify: { + description: 'Disable target certificate validation.', + type: 'boolean', + }, + keySecret: { + description: 'Secret containing the client key file for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + serverName: { + description: 'Used to verify the hostname for the targets.', + type: 'string', + }, + }, + type: 'object', + }, tokenUrl: { description: '`tokenURL` configures the URL to fetch the token from.', minLength: 1, @@ -4390,8 +6777,48 @@ ], type: 'object', }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, proxyURL: { - description: 'Optional proxy URL.', + description: 'Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.', + type: 'string', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', type: 'string', }, tlsConfig: { @@ -4409,7 +6836,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4432,7 +6859,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4461,7 +6888,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4484,7 +6911,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4514,7 +6941,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4528,6 +6955,26 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, serverName: { description: 'Used to verify the hostname for the targets.', type: 'string', @@ -4588,7 +7035,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4603,7 +7050,7 @@ 'x-kubernetes-map-type': 'atomic', }, type: { - description: 'Defines the authentication type. The value is case-insensitive.\n\n\n"Basic" is not a supported value.\n\n\nDefault: "Bearer"', + description: 'Defines the authentication type. The value is case-insensitive.\n\n"Basic" is not a supported value.\n\nDefault: "Bearer"', type: 'string', }, }, @@ -4621,7 +7068,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4644,7 +7091,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4685,6 +7132,10 @@ description: 'FollowRedirects specifies whether the client should follow HTTP 3xx redirects.', type: 'boolean', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, oauth2: { description: 'OAuth2 client credentials used to fetch a token for the targets.', properties: { @@ -4700,7 +7151,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4723,7 +7174,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4749,7 +7200,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4770,28 +7221,273 @@ description: '`endpointParams` configures the HTTP parameters to append to the token\nURL.', type: 'object', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, scopes: { description: '`scopes` defines the OAuth2 scopes used for the token request.', items: { type: 'string', }, - type: 'array', - }, - tokenUrl: { - description: '`tokenURL` configures the URL to fetch the token from.', - minLength: 1, - type: 'string', + type: 'array', + }, + tlsConfig: { + description: 'TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.', + properties: { + ca: { + description: 'Certificate authority used when verifying server certificates.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + cert: { + description: 'Client certificate to present when doing client-authentication.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + insecureSkipVerify: { + description: 'Disable target certificate validation.', + type: 'boolean', + }, + keySecret: { + description: 'Secret containing the client key file for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + serverName: { + description: 'Used to verify the hostname for the targets.', + type: 'string', + }, + }, + type: 'object', + }, + tokenUrl: { + description: '`tokenURL` configures the URL to fetch the token from.', + minLength: 1, + type: 'string', + }, + }, + required: [ + 'clientId', + 'clientSecret', + 'tokenUrl', + ], + type: 'object', + }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', }, + type: 'array', }, - required: [ - 'clientId', - 'clientSecret', - 'tokenUrl', - ], + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', }, proxyURL: { - description: 'Optional proxy URL.', + description: 'Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.', + type: 'string', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', type: 'string', }, tlsConfig: { @@ -4809,7 +7505,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4832,7 +7528,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4861,7 +7557,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4884,7 +7580,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4914,7 +7610,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4928,6 +7624,26 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, serverName: { description: 'Used to verify the hostname for the targets.', type: 'string', @@ -4979,7 +7695,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -4994,7 +7710,7 @@ 'x-kubernetes-map-type': 'atomic', }, type: { - description: 'Defines the authentication type. The value is case-insensitive.\n\n\n"Basic" is not a supported value.\n\n\nDefault: "Bearer"', + description: 'Defines the authentication type. The value is case-insensitive.\n\n"Basic" is not a supported value.\n\nDefault: "Bearer"', type: 'string', }, }, @@ -5012,7 +7728,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5035,7 +7751,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5076,6 +7792,10 @@ description: 'FollowRedirects specifies whether the client should follow HTTP 3xx redirects.', type: 'boolean', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, oauth2: { description: 'OAuth2 client credentials used to fetch a token for the targets.', properties: { @@ -5091,7 +7811,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5114,7 +7834,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5140,7 +7860,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5161,6 +7881,50 @@ description: '`endpointParams` configures the HTTP parameters to append to the token\nURL.', type: 'object', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, scopes: { description: '`scopes` defines the OAuth2 scopes used for the token request.', items: { @@ -5168,6 +7932,167 @@ }, type: 'array', }, + tlsConfig: { + description: 'TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.', + properties: { + ca: { + description: 'Certificate authority used when verifying server certificates.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + cert: { + description: 'Client certificate to present when doing client-authentication.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + insecureSkipVerify: { + description: 'Disable target certificate validation.', + type: 'boolean', + }, + keySecret: { + description: 'Secret containing the client key file for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + serverName: { + description: 'Used to verify the hostname for the targets.', + type: 'string', + }, + }, + type: 'object', + }, tokenUrl: { description: '`tokenURL` configures the URL to fetch the token from.', minLength: 1, @@ -5181,8 +8106,48 @@ ], type: 'object', }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, proxyURL: { - description: 'Optional proxy URL.', + description: 'Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.', + type: 'string', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', type: 'string', }, tlsConfig: { @@ -5200,7 +8165,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5223,7 +8188,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5252,7 +8217,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5275,7 +8240,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5305,7 +8270,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5319,6 +8284,26 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, serverName: { description: 'Used to verify the hostname for the targets.', type: 'string', @@ -5419,7 +8404,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5434,7 +8419,7 @@ 'x-kubernetes-map-type': 'atomic', }, type: { - description: 'Defines the authentication type. The value is case-insensitive.\n\n\n"Basic" is not a supported value.\n\n\nDefault: "Bearer"', + description: 'Defines the authentication type. The value is case-insensitive.\n\n"Basic" is not a supported value.\n\nDefault: "Bearer"', type: 'string', }, }, @@ -5452,7 +8437,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5475,7 +8460,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5516,6 +8501,10 @@ description: 'FollowRedirects specifies whether the client should follow HTTP 3xx redirects.', type: 'boolean', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, oauth2: { description: 'OAuth2 client credentials used to fetch a token for the targets.', properties: { @@ -5531,7 +8520,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5554,7 +8543,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5580,7 +8569,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5601,6 +8590,50 @@ description: '`endpointParams` configures the HTTP parameters to append to the token\nURL.', type: 'object', }, + noProxy: { + description: '`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'string', + }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', + type: 'string', + }, scopes: { description: '`scopes` defines the OAuth2 scopes used for the token request.', items: { @@ -5608,6 +8641,167 @@ }, type: 'array', }, + tlsConfig: { + description: 'TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.', + properties: { + ca: { + description: 'Certificate authority used when verifying server certificates.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + cert: { + description: 'Client certificate to present when doing client-authentication.', + properties: { + configMap: { + description: 'ConfigMap containing data to use for the targets.', + properties: { + key: { + description: 'The key to select.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the ConfigMap or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + secret: { + description: 'Secret containing data to use for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + }, + type: 'object', + }, + insecureSkipVerify: { + description: 'Disable target certificate validation.', + type: 'boolean', + }, + keySecret: { + description: 'Secret containing the client key file for the targets.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + serverName: { + description: 'Used to verify the hostname for the targets.', + type: 'string', + }, + }, + type: 'object', + }, tokenUrl: { description: '`tokenURL` configures the URL to fetch the token from.', minLength: 1, @@ -5621,8 +8815,48 @@ ], type: 'object', }, + proxyConnectHeader: { + additionalProperties: { + items: { + description: 'SecretKeySelector selects a key of a Secret.', + properties: { + key: { + description: 'The key of the secret to select from. Must be a valid secret key.', + type: 'string', + }, + name: { + default: '', + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', + type: 'string', + }, + optional: { + description: 'Specify whether the Secret or its key must be defined', + type: 'boolean', + }, + }, + required: [ + 'key', + ], + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + type: 'array', + }, + description: 'ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'object', + 'x-kubernetes-map-type': 'atomic', + }, + proxyFromEnvironment: { + description: 'Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.', + type: 'boolean', + }, proxyURL: { - description: 'Optional proxy URL.', + description: 'Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.', + type: 'string', + }, + proxyUrl: { + description: '`proxyURL` defines the HTTP proxy server to use.', + pattern: '^http(s)?://.+$', type: 'string', }, tlsConfig: { @@ -5640,7 +8874,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5663,7 +8897,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5692,7 +8926,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5715,7 +8949,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5745,7 +8979,7 @@ }, name: { default: '', - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + description: 'Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names', type: 'string', }, optional: { @@ -5759,6 +8993,26 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + maxVersion: { + description: 'Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, + minVersion: { + description: 'Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.', + enum: [ + 'TLS10', + 'TLS11', + 'TLS12', + 'TLS13', + ], + type: 'string', + }, serverName: { description: 'Used to verify the hostname for the targets.', type: 'string', @@ -5977,6 +9231,9 @@ type: 'array', }, }, + required: [ + 'name', + ], type: 'object', }, type: 'array', diff --git a/jsonnet/prometheus-operator/alertmanagers-crd.json b/jsonnet/prometheus-operator/alertmanagers-crd.json index 5b71164ebfa..a5a457b1184 100644 --- a/jsonnet/prometheus-operator/alertmanagers-crd.json +++ b/jsonnet/prometheus-operator/alertmanagers-crd.json @@ -3,8 +3,8 @@ "kind": "CustomResourceDefinition", "metadata": { "annotations": { - "controller-gen.kubebuilder.io/version": "v0.15.0", - "operator.prometheus.io/version": "0.75.2" + "controller-gen.kubebuilder.io/version": "v0.16.4", + "operator.prometheus.io/version": "0.78.2" }, "name": "alertmanagers.monitoring.coreos.com" }, @@ -70,7 +70,7 @@ "name": "v1", "schema": { "openAPIV3Schema": { - "description": "Alertmanager describes an Alertmanager cluster.", + "description": "The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more.\n\nFor each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode.\n\nThe resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -332,7 +332,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -340,7 +340,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -476,7 +476,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -484,7 +484,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -617,7 +617,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -625,7 +625,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -761,7 +761,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -769,7 +769,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -849,11 +849,11 @@ "type": "object" }, "alertmanagerConfigMatcherStrategy": { - "description": "The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts.\nIn the future more options may be added.", + "description": "AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects\nprocess incoming alerts.", "properties": { "type": { "default": "OnNamespace", - "description": "If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules.\n`None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig.\nDefault is `OnNamespace`.", + "description": "AlertmanagerConfigMatcherStrategyType defines the strategy used by\nAlertmanagerConfig objects to match alerts in the routes and inhibition\nrules.\n\nThe default value is `OnNamespace`.", "enum": [ "OnNamespace", "None" @@ -954,7 +954,7 @@ "x-kubernetes-map-type": "atomic" }, "alertmanagerConfiguration": { - "description": "alertmanagerConfiguration specifies the configuration of Alertmanager.\n\n\nIf defined, it takes precedence over the `configSecret` field.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "description": "alertmanagerConfiguration specifies the configuration of Alertmanager.\n\nIf defined, it takes precedence over the `configSecret` field.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", "properties": { "global": { "description": "Defines the global parameters of the Alertmanager configuration.", @@ -974,7 +974,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -989,7 +989,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -1007,7 +1007,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1030,7 +1030,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1056,7 +1056,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1074,6 +1074,10 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { @@ -1089,7 +1093,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1112,7 +1116,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1138,7 +1142,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1159,6 +1163,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -1166,6 +1214,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -1179,8 +1388,44 @@ ], "type": "object" }, - "proxyURL": { - "description": "Optional proxy URL.", + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", "type": "string" }, "tlsConfig": { @@ -1198,7 +1443,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1221,7 +1466,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1250,7 +1495,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1273,7 +1518,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1303,7 +1548,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1317,6 +1562,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -1336,7 +1601,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1359,7 +1624,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1391,7 +1656,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1421,7 +1686,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1444,7 +1709,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1519,7 +1784,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1542,7 +1807,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1603,7 +1868,7 @@ "type": "array" }, "configSecret": { - "description": "ConfigSecret is the name of a Kubernetes Secret in the same namespace as the\nAlertmanager object, which contains the configuration for this Alertmanager\ninstance. If empty, it defaults to `alertmanager-`.\n\n\nThe Alertmanager configuration should be available under the\n`alertmanager.yaml` key. Additional keys from the original secret are\ncopied to the generated secret and mounted into the\n`/etc/alertmanager/config` directory in the `alertmanager` container.\n\n\nIf either the secret or the `alertmanager.yaml` key is missing, the\noperator provisions a minimal Alertmanager configuration with one empty\nreceiver (effectively dropping alert notifications).", + "description": "ConfigSecret is the name of a Kubernetes Secret in the same namespace as the\nAlertmanager object, which contains the configuration for this Alertmanager\ninstance. If empty, it defaults to `alertmanager-`.\n\nThe Alertmanager configuration should be available under the\n`alertmanager.yaml` key. Additional keys from the original secret are\ncopied to the generated secret and mounted into the\n`/etc/alertmanager/config` directory in the `alertmanager` container.\n\nIf either the secret or the `alertmanager.yaml` key is missing, the\noperator provisions a minimal Alertmanager configuration with one empty\nreceiver (effectively dropping alert notifications).", "type": "string" }, "containers": { @@ -1652,7 +1917,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1724,7 +1989,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1763,7 +2028,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1783,7 +2048,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2075,7 +2340,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -2269,7 +2535,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -2414,13 +2681,17 @@ "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -2526,7 +2797,7 @@ "type": "boolean" }, "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { @@ -2577,7 +2848,7 @@ "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -2642,7 +2913,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -2828,7 +3100,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -2864,8 +3136,68 @@ }, "type": "array" }, + "dnsConfig": { + "description": "Defines the DNS configuration for the pods.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "properties": { + "name": { + "description": "Name is required and must be unique.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value is optional.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "type": "object" + }, + "dnsPolicy": { + "description": "Defines the DNS policy for the pods.", + "enum": [ + "ClusterFirstWithHostNet", + "ClusterFirst", + "Default", + "None" + ], + "type": "string" + }, "enableFeatures": { - "description": "Enable access to Alertmanager feature flags. By default, no features are enabled.\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\n\nIt requires Alertmanager >= 0.27.0.", + "description": "Enable access to Alertmanager feature flags. By default, no features are enabled.\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nIt requires Alertmanager >= 0.27.0.", "items": { "type": "string" }, @@ -2929,7 +3261,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -2984,7 +3316,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3056,7 +3388,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3095,7 +3427,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3115,7 +3447,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3407,7 +3739,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3601,7 +3934,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3746,13 +4080,17 @@ "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -3858,7 +4196,7 @@ "type": "boolean" }, "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { @@ -3909,7 +4247,7 @@ "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -3974,7 +4312,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -4160,7 +4499,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -4237,7 +4576,7 @@ "type": "boolean" }, "podMetadata": { - "description": "PodMetadata configures labels and annotations which are propagated to the Alertmanager pods.\n\n\nThe following items are reserved and cannot be overridden:\n* \"alertmanager\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/instance\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"alertmanager\".\n* \"app.kubernetes.io/version\" label, set to the Alertmanager version.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"alertmanager\".", + "description": "PodMetadata configures labels and annotations which are propagated to the Alertmanager pods.\n\nThe following items are reserved and cannot be overridden:\n* \"alertmanager\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/instance\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"alertmanager\".\n* \"app.kubernetes.io/version\" label, set to the Alertmanager version.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"alertmanager\".", "properties": { "annotations": { "additionalProperties": { @@ -4278,13 +4617,17 @@ "description": "Define resources requests and limits for single Pods.", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -4371,7 +4714,7 @@ "type": "object" }, "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, @@ -4423,7 +4766,7 @@ "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -4433,7 +4776,7 @@ "type": "object" }, "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", "items": { "format": "int64", "type": "integer" @@ -4441,6 +4784,10 @@ "type": "array", "x-kubernetes-list-type": "atomic" }, + "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, "sysctls": { "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", "items": { @@ -4531,7 +4878,7 @@ "description": "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes", "properties": { "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil.", + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { "metadata": { "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", @@ -4685,7 +5032,7 @@ "type": "string" }, "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { @@ -4891,7 +5238,7 @@ "type": "string" }, "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { @@ -4921,7 +5268,7 @@ "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", "type": "string" }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object", "x-kubernetes-map-type": "granular" }, @@ -4938,7 +5285,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object" }, "capacity": { @@ -4984,7 +5331,7 @@ "type": "string" }, "type": { - "description": "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type", + "description": "PersistentVolumeClaimConditionType defines the condition of PV claim.\nValid values are:\n - \"Resizing\", \"FileSystemResizePending\"\n\nIf RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:\n - \"ControllerResizeError\", \"NodeResizeError\"\n\nIf VolumeAttributesClass feature gate is enabled, then following additional values can be expected:\n - \"ModifyVolumeError\", \"ModifyingVolume\"", "type": "string" } }, @@ -5001,11 +5348,11 @@ "x-kubernetes-list-type": "map" }, "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "type": "string" }, "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "properties": { "status": { "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", @@ -5120,7 +5467,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", "items": { "type": "string" }, @@ -5133,16 +5480,16 @@ "type": "integer" }, "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", "format": "int32", "type": "integer" }, "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "topologyKey": { @@ -5189,7 +5536,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -5218,7 +5565,7 @@ "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "properties": { "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" }, "partition": { @@ -5256,6 +5603,7 @@ "type": "string" }, "fsType": { + "default": "ext4", "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, @@ -5264,6 +5612,7 @@ "type": "string" }, "readOnly": { + "default": false, "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" } @@ -5324,7 +5673,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5357,7 +5706,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5412,7 +5761,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5439,7 +5788,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5570,10 +5919,10 @@ "type": "object" }, "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", "properties": { "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil.", + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { "metadata": { "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", @@ -5727,7 +6076,7 @@ "type": "string" }, "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { @@ -5754,7 +6103,7 @@ "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "properties": { "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "lun": { @@ -5812,7 +6161,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5843,7 +6192,7 @@ "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "properties": { "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "partition": { @@ -5909,7 +6258,7 @@ "type": "object" }, "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write.", + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "properties": { "path": { "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", @@ -5925,6 +6274,20 @@ ], "type": "object" }, + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", + "properties": { + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string" + }, + "reference": { + "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + } + }, + "type": "object" + }, "iscsi": { "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", "properties": { @@ -5937,7 +6300,7 @@ "type": "boolean" }, "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", "type": "string" }, "initiatorName": { @@ -5949,6 +6312,7 @@ "type": "string" }, "iscsiInterface": { + "default": "default", "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", "type": "string" }, @@ -5974,7 +6338,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -6083,12 +6447,12 @@ "type": "integer" }, "sources": { - "description": "sources is the list of volume projections", + "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", "items": { - "description": "Projection that may be projected along with other supported volume types", + "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", "properties": { "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", "properties": { "labelSelector": { "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", @@ -6190,7 +6554,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6312,7 +6676,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6392,7 +6756,7 @@ "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", "properties": { "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", "type": "string" }, "image": { @@ -6400,6 +6764,7 @@ "type": "string" }, "keyring": { + "default": "/etc/ceph/keyring", "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, @@ -6412,6 +6777,7 @@ "x-kubernetes-list-type": "atomic" }, "pool": { + "default": "rbd", "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, @@ -6424,7 +6790,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -6432,6 +6798,7 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "default": "admin", "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } @@ -6446,6 +6813,7 @@ "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", "properties": { "fsType": { + "default": "xfs", "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", "type": "string" }, @@ -6466,7 +6834,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -6478,6 +6846,7 @@ "type": "boolean" }, "storageMode": { + "default": "ThinProvisioned", "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", "type": "string" }, @@ -6564,7 +6933,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -6688,7 +7057,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6711,7 +7080,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6728,6 +7097,10 @@ }, "type": "object" }, + "certFile": { + "description": "Path to the TLS certificate file in the Prometheus container for the server.\nMutually exclusive with `cert`.", + "type": "string" + }, "cipherSuites": { "description": "List of supported cipher suites for TLS versions up to TLS 1.2. If empty,\nGo default cipher suites are used. Available cipher suites are documented\nin the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants", "items": { @@ -6739,6 +7112,10 @@ "description": "Server policy for client authentication. Maps to ClientAuth Policies.\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", "type": "string" }, + "clientCAFile": { + "description": "Path to the CA certificate file for client certificate authentication to the server.\nMutually exclusive with `client_ca`.", + "type": "string" + }, "client_ca": { "description": "Contains the CA certificate for client certificate authentication to the server.", "properties": { @@ -6751,7 +7128,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6774,7 +7151,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6798,6 +7175,10 @@ }, "type": "array" }, + "keyFile": { + "description": "Path to the TLS key file in the Prometheus container for the server.\nMutually exclusive with `keySecret`.", + "type": "string" + }, "keySecret": { "description": "Secret containing the TLS key for the server.", "properties": { @@ -6807,7 +7188,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6834,10 +7215,6 @@ "type": "boolean" } }, - "required": [ - "cert", - "keySecret" - ], "type": "object" } }, @@ -6908,6 +7285,10 @@ "format": "int32", "type": "integer" }, + "selector": { + "description": "The selector used to match the pods targeted by this Alertmanager object.", + "type": "string" + }, "unavailableReplicas": { "description": "Total number of unavailable pods targeted by this Alertmanager object.", "format": "int32", @@ -6938,6 +7319,11 @@ "served": true, "storage": true, "subresources": { + "scale": { + "labelSelectorPath": ".status.selector", + "specReplicasPath": ".spec.replicas", + "statusReplicasPath": ".status.replicas" + }, "status": {} } } diff --git a/jsonnet/prometheus-operator/podmonitors-crd.json b/jsonnet/prometheus-operator/podmonitors-crd.json index 6cbe9bc3b97..bc7d7fdb625 100644 --- a/jsonnet/prometheus-operator/podmonitors-crd.json +++ b/jsonnet/prometheus-operator/podmonitors-crd.json @@ -3,8 +3,8 @@ "kind": "CustomResourceDefinition", "metadata": { "annotations": { - "controller-gen.kubebuilder.io/version": "v0.15.0", - "operator.prometheus.io/version": "0.75.2" + "controller-gen.kubebuilder.io/version": "v0.16.4", + "operator.prometheus.io/version": "0.78.2" }, "name": "podmonitors.monitoring.coreos.com" }, @@ -28,7 +28,7 @@ "name": "v1", "schema": { "openAPIV3Schema": { - "description": "PodMonitor defines monitoring for a set of pods.", + "description": "The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods.\nAmong other things, it allows to specify:\n* The pods to scrape via label selectors.\n* The container ports to scrape.\n* Authentication credentials to use.\n* Target and metric relabeling.\n\n`Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -45,46 +45,46 @@ "description": "Specification of desired Pod selection for target discovery by Prometheus.", "properties": { "attachMetadata": { - "description": "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\n\nIt requires Prometheus >= v2.37.0.", + "description": "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\nIt requires Prometheus >= v2.35.0.", "properties": { "node": { - "description": "When set to true, Prometheus must have the `get` permission on the\n`Nodes` objects.", + "description": "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects.", "type": "boolean" } }, "type": "object" }, "bodySizeLimit": { - "description": "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\n\nIt requires Prometheus >= v2.28.0.", + "description": "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\nIt requires Prometheus >= v2.28.0.", "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", "type": "string" }, "jobLabel": { - "description": "The label to use to retrieve the job name from.\n`jobLabel` selects the label from the associated Kubernetes `Pod`\nobject which will be used as the `job` label for all metrics.\n\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Pod`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\n\nIf the value of this field is empty, the `job` label of the metrics\ndefaults to the namespace and name of the PodMonitor object (e.g. `/`).", + "description": "The label to use to retrieve the job name from.\n`jobLabel` selects the label from the associated Kubernetes `Pod`\nobject which will be used as the `job` label for all metrics.\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Pod`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\nIf the value of this field is empty, the `job` label of the metrics\ndefaults to the namespace and name of the PodMonitor object (e.g. `/`).", "type": "string" }, "keepDroppedTargets": { - "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0.", + "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.", "format": "int64", "type": "integer" }, "labelLimit": { - "description": "Per-scrape limit on number of labels that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0.", + "description": "Per-scrape limit on number of labels that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", "format": "int64", "type": "integer" }, "labelNameLengthLimit": { - "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0.", + "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", "format": "int64", "type": "integer" }, "labelValueLengthLimit": { - "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0.", + "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", "format": "int64", "type": "integer" }, "namespaceSelector": { - "description": "Selector to select which namespaces the Kubernetes `Pods` objects\nare discovered from.", + "description": "`namespaceSelector` defines in which namespace(s) Prometheus should discover the pods.\nBy default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces.", "properties": { "any": { "description": "Boolean describing whether all namespaces are selected in contrast to a\nlist restricting them.", @@ -100,13 +100,31 @@ }, "type": "object" }, + "nativeHistogramBucketLimit": { + "description": "If there are more than this many buckets in a native histogram,\nbuckets will be merged to stay within the limit.\nIt requires Prometheus >= v2.45.0.", + "format": "int64", + "type": "integer" + }, + "nativeHistogramMinBucketFactor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "If the growth factor of one bucket to the next is smaller than this,\nbuckets will be merged to increase the factor sufficiently.\nIt requires Prometheus >= v2.50.0.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, "podMetricsEndpoints": { - "description": "List of endpoints part of this PodMonitor.", + "description": "Defines how to scrape metrics from the selected pods.", "items": { "description": "PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus.", "properties": { "authorization": { - "description": "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.", + "description": "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -117,7 +135,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -132,14 +150,14 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `authorization`, or `oauth2`.", + "description": "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\nCannot be set at the same time as `authorization`, or `oauth2`.", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -150,7 +168,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -173,7 +191,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -191,7 +209,7 @@ "type": "object" }, "bearerTokenSecret": { - "description": "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the PodMonitor object and readable by the Prometheus Operator.\n\n\nDeprecated: use `authorization` instead.", + "description": "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the PodMonitor object and readable by the Prometheus Operator.\n\nDeprecated: use `authorization` instead.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", @@ -199,7 +217,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -218,7 +236,7 @@ "type": "boolean" }, "filterRunning": { - "description": "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\n\nIf unset, the filtering is enabled.\n\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase", + "description": "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\nIf unset, the filtering is enabled.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase", "type": "boolean" }, "followRedirects": { @@ -234,18 +252,18 @@ "type": "boolean" }, "interval": { - "description": "Interval at which Prometheus scrapes the metrics from the target.\n\n\nIf empty, Prometheus uses the global scrape interval.", + "description": "Interval at which Prometheus scrapes the metrics from the target.\n\nIf empty, Prometheus uses the global scrape interval.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, "metricRelabelings": { "description": "`metricRelabelings` configures the relabeling rules to apply to the\nsamples before ingestion.", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -273,7 +291,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -282,7 +300,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -299,7 +317,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -308,7 +326,7 @@ "type": "array" }, "oauth2": { - "description": "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\n\nIt requires Prometheus >= 2.27.0.\n\n\nCannot be set at the same time as `authorization`, or `basicAuth`.", + "description": "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`.", "properties": { "clientId": { "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", @@ -322,7 +340,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -345,7 +363,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -371,7 +389,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -392,6 +410,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -399,6 +461,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -423,11 +646,11 @@ "type": "object" }, "path": { - "description": "HTTP path from which to scrape for metrics.\n\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`).", + "description": "HTTP path from which to scrape for metrics.\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`).", "type": "string" }, "port": { - "description": "Name of the Pod port which this endpoint refers to.\n\n\nIt takes precedence over `targetPort`.", + "description": "Name of the Pod port which this endpoint refers to.\n\nIt takes precedence over `targetPort`.", "type": "string" }, "proxyUrl": { @@ -435,13 +658,13 @@ "type": "string" }, "relabelings": { - "description": "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -469,7 +692,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -478,7 +701,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -495,7 +718,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -504,7 +727,7 @@ "type": "array" }, "scheme": { - "description": "HTTP scheme to use for scraping.\n\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\n\nIf empty, Prometheus uses the default value `http`.", + "description": "HTTP scheme to use for scraping.\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\nIf empty, Prometheus uses the default value `http`.", "enum": [ "http", "https" @@ -512,7 +735,7 @@ "type": "string" }, "scrapeTimeout": { - "description": "Timeout after which Prometheus considers the scrape to be failed.\n\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used.", + "description": "Timeout after which Prometheus considers the scrape to be failed.\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, @@ -525,7 +748,7 @@ "type": "string" } ], - "description": "Name or number of the target port of the `Pod` object behind the Service, the\nport must be specified with container port property.\n\n\nDeprecated: use 'port' instead.", + "description": "Name or number of the target port of the `Pod` object behind the Service, the\nport must be specified with container port property.\n\nDeprecated: use 'port' instead.", "x-kubernetes-int-or-string": true }, "tlsConfig": { @@ -543,7 +766,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -566,7 +789,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -595,7 +818,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -618,7 +841,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -648,7 +871,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -662,6 +885,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -670,7 +913,7 @@ "type": "object" }, "trackTimestampsStaleness": { - "description": "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\n\nIt requires Prometheus >= v2.48.0.", + "description": "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\nIt requires Prometheus >= v2.48.0.", "type": "boolean" } }, @@ -695,8 +938,12 @@ "minLength": 1, "type": "string" }, + "scrapeClassicHistograms": { + "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.", + "type": "boolean" + }, "scrapeProtocols": { - "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0.", + "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", "items": { "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`", "enum": [ @@ -711,7 +958,7 @@ "x-kubernetes-list-type": "set" }, "selector": { - "description": "Label selector to select the Kubernetes `Pod` objects.", + "description": "Label selector to select the Kubernetes `Pod` objects to scrape metrics from.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", diff --git a/jsonnet/prometheus-operator/probes-crd.json b/jsonnet/prometheus-operator/probes-crd.json index f15c5aef3e1..0133f83d2b1 100644 --- a/jsonnet/prometheus-operator/probes-crd.json +++ b/jsonnet/prometheus-operator/probes-crd.json @@ -3,8 +3,8 @@ "kind": "CustomResourceDefinition", "metadata": { "annotations": { - "controller-gen.kubebuilder.io/version": "v0.15.0", - "operator.prometheus.io/version": "0.75.2" + "controller-gen.kubebuilder.io/version": "v0.16.4", + "operator.prometheus.io/version": "0.78.2" }, "name": "probes.monitoring.coreos.com" }, @@ -28,7 +28,7 @@ "name": "v1", "schema": { "openAPIV3Schema": { - "description": "Probe defines monitoring for a set of static targets or ingresses.", + "description": "The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter).\n\nThe `Probe` resource needs 2 pieces of information:\n* The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects.\n* The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics.\n\n`Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -56,7 +56,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -71,7 +71,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -89,7 +89,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -112,7 +112,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -138,7 +138,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -162,7 +162,7 @@ "type": "string" }, "keepDroppedTargets": { - "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0.", + "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.", "format": "int64", "type": "integer" }, @@ -184,11 +184,11 @@ "metricRelabelings": { "description": "MetricRelabelConfigs to apply to samples before ingestion.", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -216,7 +216,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -225,7 +225,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -242,7 +242,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -254,6 +254,24 @@ "description": "The module to use for probing specifying how to probe the target.\nExample module configuring in the blackbox exporter:\nhttps://github.com/prometheus/blackbox_exporter/blob/master/example.yml", "type": "string" }, + "nativeHistogramBucketLimit": { + "description": "If there are more than this many buckets in a native histogram,\nbuckets will be merged to stay within the limit.\nIt requires Prometheus >= v2.45.0.", + "format": "int64", + "type": "integer" + }, + "nativeHistogramMinBucketFactor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "If the growth factor of one bucket to the next is smaller than this,\nbuckets will be merged to increase the factor sufficiently.\nIt requires Prometheus >= v2.50.0.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, "oauth2": { "description": "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.", "properties": { @@ -269,7 +287,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -292,7 +310,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -318,7 +336,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -339,6 +357,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -346,6 +408,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -399,8 +622,12 @@ "minLength": 1, "type": "string" }, + "scrapeClassicHistograms": { + "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.", + "type": "boolean" + }, "scrapeProtocols": { - "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0.", + "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", "items": { "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`", "enum": [ @@ -450,11 +677,11 @@ "relabelingConfigs": { "description": "RelabelConfigs to apply to the label set of the target before it gets\nscraped.\nThe original ingress address is available via the\n`__tmp_prometheus_ingress_address` label. It can be used to customize the\nprobed URL.\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -482,7 +709,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -491,7 +718,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -508,7 +735,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -577,11 +804,11 @@ "relabelingConfigs": { "description": "RelabelConfigs to apply to the label set of the targets before it gets\nscraped.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -609,7 +836,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -618,7 +845,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -635,7 +862,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -671,7 +898,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -694,7 +921,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -723,7 +950,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -746,7 +973,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -776,7 +1003,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -790,6 +1017,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" diff --git a/jsonnet/prometheus-operator/prometheus-operator.libsonnet b/jsonnet/prometheus-operator/prometheus-operator.libsonnet index d342d9c11fc..c2b363325ce 100644 --- a/jsonnet/prometheus-operator/prometheus-operator.libsonnet +++ b/jsonnet/prometheus-operator/prometheus-operator.libsonnet @@ -27,6 +27,9 @@ local defaults = { if !std.setMember(labelName, ['app.kubernetes.io/version']) }, enableAlertmanagerConfigV1beta1: false, + kubeletService: 'kube-system/kubelet', + kubeletEndpointsEnabled: true, + kubeletEndpointSliceEnabled: false, }; function(params) { @@ -75,80 +78,106 @@ function(params) { labels: po.config.commonLabels, }, rules: [ - { - apiGroups: ['monitoring.coreos.com'], - resources: [ - 'alertmanagers', - 'alertmanagers/finalizers', - 'alertmanagers/status', - 'alertmanagerconfigs', - 'prometheuses', - 'prometheuses/finalizers', - 'prometheuses/status', - 'prometheusagents', - 'prometheusagents/finalizers', - 'prometheusagents/status', - 'thanosrulers', - 'thanosrulers/finalizers', - 'thanosrulers/status', - 'scrapeconfigs', - 'servicemonitors', - 'podmonitors', - 'probes', - 'prometheusrules', - ], - verbs: ['*'], - }, - { - apiGroups: ['apps'], - resources: ['statefulsets'], - verbs: ['*'], - }, - { - apiGroups: [''], - resources: ['configmaps', 'secrets'], - verbs: ['*'], - }, - { - apiGroups: [''], - resources: ['pods'], - verbs: ['list', 'delete'], - }, - { - apiGroups: [''], - resources: [ - 'services', - 'services/finalizers', - 'endpoints', - ], - verbs: ['get', 'create', 'update', 'delete'], - }, - { - apiGroups: [''], - resources: ['nodes'], - verbs: ['list', 'watch'], - }, - { - apiGroups: [''], - resources: ['namespaces'], - verbs: ['get', 'list', 'watch'], - }, - { - apiGroups: [''], - resources: ['events'], - verbs: ['patch', 'create'], - }, - { - apiGroups: ['networking.k8s.io'], - resources: ['ingresses'], - verbs: ['get', 'list', 'watch'], - }, - { - apiGroups: ['storage.k8s.io'], - resources: ['storageclasses'], - verbs: ['get'], - }, - ], + { + apiGroups: ['monitoring.coreos.com'], + resources: [ + 'alertmanagers', + 'alertmanagers/finalizers', + 'alertmanagers/status', + 'alertmanagerconfigs', + 'prometheuses', + 'prometheuses/finalizers', + 'prometheuses/status', + 'prometheusagents', + 'prometheusagents/finalizers', + 'prometheusagents/status', + 'thanosrulers', + 'thanosrulers/finalizers', + 'thanosrulers/status', + 'scrapeconfigs', + 'servicemonitors', + 'podmonitors', + 'probes', + 'prometheusrules', + ], + verbs: ['*'], + }, + { + apiGroups: ['apps'], + resources: ['statefulsets'], + verbs: ['*'], + }, + { + apiGroups: [''], + resources: ['configmaps', 'secrets'], + verbs: ['*'], + }, + { + apiGroups: [''], + resources: ['pods'], + verbs: ['list', 'delete'], + }, + { + apiGroups: [''], + resources: [ + 'services', + 'services/finalizers', + ], + verbs: ['get', 'create', 'update', 'delete'], + }, + { + apiGroups: [''], + resources: ['nodes'], + verbs: ['list', 'watch'], + }, + { + apiGroups: [''], + resources: ['namespaces'], + verbs: ['get', 'list', 'watch'], + }, + { + apiGroups: [''], + resources: ['events'], + verbs: ['patch', 'create'], + }, + { + apiGroups: ['networking.k8s.io'], + resources: ['ingresses'], + verbs: ['get', 'list', 'watch'], + }, + { + apiGroups: ['storage.k8s.io'], + resources: ['storageclasses'], + verbs: ['get'], + }, + ] + ( + if po.config.kubeletEndpointsEnabled then + [ + { + apiGroups: [''], + resources: [ + 'endpoints', + ], + verbs: ['get', 'create', 'update', 'delete'], + }, + ] + else + [] + ) + + ( + if po.config.kubeletEndpointSliceEnabled then + [ + { + apiGroups: ['discovery.k8s.io'], + resources: [ + 'endpointslices', + ], + verbs: ['get', 'create', 'list', 'update', 'delete'], + }, + ] + else + [] + ), }, deployment: @@ -161,9 +190,11 @@ function(params) { name: po.config.name, image: po.config.image, args: [ - '--kubelet-service=kube-system/kubelet', + '--kubelet-service=' + po.config.kubeletService, '--prometheus-config-reloader=' + po.config.configReloaderImage, ] + + [std.format('--kubelet-endpoints=%s', po.config.kubeletEndpointsEnabled)] + + [std.format('--kubelet-endpointslice=%s', po.config.kubeletEndpointSliceEnabled)] + reloaderResourceArg('--config-reloader-cpu-limit', po.config.configReloaderResources.limits.cpu) + reloaderResourceArg('--config-reloader-memory-limit', po.config.configReloaderResources.limits.memory) + reloaderResourceArg('--config-reloader-cpu-request', po.config.configReloaderResources.requests.cpu) + diff --git a/jsonnet/prometheus-operator/prometheusagents-crd.json b/jsonnet/prometheus-operator/prometheusagents-crd.json index 40705594409..e8261e3474f 100644 --- a/jsonnet/prometheus-operator/prometheusagents-crd.json +++ b/jsonnet/prometheus-operator/prometheusagents-crd.json @@ -3,8 +3,8 @@ "kind": "CustomResourceDefinition", "metadata": { "annotations": { - "controller-gen.kubebuilder.io/version": "v0.15.0", - "operator.prometheus.io/version": "0.75.2" + "controller-gen.kubebuilder.io/version": "v0.16.4", + "operator.prometheus.io/version": "0.78.2" }, "name": "prometheusagents.monitoring.coreos.com" }, @@ -70,7 +70,7 @@ "name": "v1alpha1", "schema": { "openAPIV3Schema": { - "description": "PrometheusAgent defines a Prometheus agent deployment.", + "description": "The `PrometheusAgent` custom resource definition (CRD) defines a desired [Prometheus Agent](https://prometheus.io/blog/2021/11/16/agent/) setup to run in a Kubernetes cluster.\n\nThe CRD is very similar to the `Prometheus` CRD except for features which aren't available in agent mode like rule evaluation, persistent storage and Thanos sidecar.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -87,7 +87,7 @@ "description": "Specification of the desired behavior of the Prometheus agent. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "properties": { "additionalArgs": { - "description": "AdditionalArgs allows setting additional arguments for the 'prometheus' container.\n\n\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nPrometheus container which may cause issues if they are invalid or not supported\nby the given Prometheus version.\n\n\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged.", + "description": "AdditionalArgs allows setting additional arguments for the 'prometheus' container.\n\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nPrometheus container which may cause issues if they are invalid or not supported\nby the given Prometheus version.\n\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged.", "items": { "description": "Argument as part of the AdditionalArgs list.", "properties": { @@ -117,7 +117,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -370,7 +370,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -378,7 +378,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -514,7 +514,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -522,7 +522,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -655,7 +655,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -663,7 +663,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -799,7 +799,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -807,7 +807,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -890,7 +890,7 @@ "description": "APIServerConfig allows specifying a host and auth methods to access the\nKuberntees API server.\nIf null, Prometheus is assumed to run inside of the cluster: it will\ndiscover the API servers automatically and use the Pod's CA certificate\nand bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.", "properties": { "authorization": { - "description": "Authorization section for the API server.\n\n\nCannot be set at the same time as `basicAuth`, `bearerToken`, or\n`bearerTokenFile`.", + "description": "Authorization section for the API server.\n\nCannot be set at the same time as `basicAuth`, `bearerToken`, or\n`bearerTokenFile`.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -901,7 +901,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -920,14 +920,14 @@ "type": "string" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth configuration for the API server.\n\n\nCannot be set at the same time as `authorization`, `bearerToken`, or\n`bearerTokenFile`.", + "description": "BasicAuth configuration for the API server.\n\nCannot be set at the same time as `authorization`, `bearerToken`, or\n`bearerTokenFile`.", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -938,7 +938,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -961,7 +961,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -979,11 +979,11 @@ "type": "object" }, "bearerToken": { - "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\n\nDeprecated: this will be removed in a future release.", + "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", "type": "string" }, "bearerTokenFile": { - "description": "File to read bearer token for accessing apiserver.\n\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", + "description": "File to read bearer token for accessing apiserver.\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", "type": "string" }, "host": { @@ -1005,7 +1005,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1028,7 +1028,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1061,7 +1061,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1084,7 +1084,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1122,7 +1122,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1136,6 +1136,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -1159,11 +1179,11 @@ "type": "object" }, "automountServiceAccountToken": { - "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the field isn't set, the operator mounts the service account token by default.\n\n\n**Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.\nIt is possible to use strategic merge patch to project the service account token into the 'prometheus' container.", + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the field isn't set, the operator mounts the service account token by default.\n\n**Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.\nIt is possible to use strategic merge patch to project the service account token into the 'prometheus' container.", "type": "boolean" }, "bodySizeLimit": { - "description": "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.", + "description": "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.", "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", "type": "string" }, @@ -1175,7 +1195,7 @@ "type": "array" }, "containers": { - "description": "Containers allows injecting additional containers or modifying operator\ngenerated containers. This can be used to allow adding an authentication\nproxy to the Pods or to change the behavior of an operator generated\ncontainer. Containers described here modify an operator generated\ncontainer if they share the same name and modifications are done via a\nstrategic merge patch.\n\n\nThe names of containers managed by the operator are:\n* `prometheus`\n* `config-reloader`\n* `thanos-sidecar`\n\n\nOverriding containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", + "description": "Containers allows injecting additional containers or modifying operator\ngenerated containers. This can be used to allow adding an authentication\nproxy to the Pods or to change the behavior of an operator generated\ncontainer. Containers described here modify an operator generated\ncontainer if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of containers managed by the operator are:\n* `prometheus`\n* `config-reloader`\n* `thanos-sidecar`\n\nOverriding containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", "items": { "description": "A single application container that you want to run within a pod.", "properties": { @@ -1220,7 +1240,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1292,7 +1312,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1331,7 +1351,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1351,7 +1371,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1643,7 +1663,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -1837,7 +1858,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -1982,13 +2004,17 @@ "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -2094,7 +2120,7 @@ "type": "boolean" }, "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { @@ -2145,7 +2171,7 @@ "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -2210,7 +2236,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -2396,7 +2423,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -2432,8 +2459,68 @@ }, "type": "array" }, + "dnsConfig": { + "description": "Defines the DNS configuration for the pods.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "properties": { + "name": { + "description": "Name is required and must be unique.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value is optional.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "type": "object" + }, + "dnsPolicy": { + "description": "Defines the DNS policy for the pods.", + "enum": [ + "ClusterFirstWithHostNet", + "ClusterFirst", + "Default", + "None" + ], + "type": "string" + }, "enableFeatures": { - "description": "Enable access to Prometheus feature flags. By default, no features are enabled.\n\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\n\nFor more information see https://prometheus.io/docs/prometheus/latest/feature_flags/", + "description": "Enable access to Prometheus feature flags. By default, no features are enabled.\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nFor more information see https://prometheus.io/docs/prometheus/latest/feature_flags/", "items": { "minLength": 1, "type": "string" @@ -2442,50 +2529,50 @@ "x-kubernetes-list-type": "set" }, "enableRemoteWriteReceiver": { - "description": "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\n\nIt requires Prometheus >= v2.33.0.", + "description": "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\nIt requires Prometheus >= v2.33.0.", "type": "boolean" }, "enforcedBodySizeLimit": { - "description": "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\n\nIt requires Prometheus >= v2.28.0.\n\n\nWhen both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.\n* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value.\n* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit.", + "description": "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\nIt requires Prometheus >= v2.28.0.\n\nWhen both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.\n* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value.\n* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit.", "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", "type": "string" }, "enforcedKeepDroppedTargets": { - "description": "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\n\nIt requires Prometheus >= v2.47.0.\n\n\nWhen both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.\n* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value.\n* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets.", + "description": "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\nIt requires Prometheus >= v2.47.0.\n\nWhen both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.\n* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value.\n* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets.", "format": "int64", "type": "integer" }, "enforcedLabelLimit": { - "description": "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.\n* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value.\n* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit.", + "description": "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.\n* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value.\n* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit.", "format": "int64", "type": "integer" }, "enforcedLabelNameLengthLimit": { - "description": "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.\n* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value.\n* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit.", + "description": "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.\n* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value.\n* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit.", "format": "int64", "type": "integer" }, "enforcedLabelValueLengthLimit": { - "description": "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.\n* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value.\n* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit.", + "description": "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.\n* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value.\n* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit.", "format": "int64", "type": "integer" }, "enforcedNamespaceLabel": { - "description": "When not empty, a label will be added to:\n\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object.", + "description": "When not empty, a label will be added to:\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object.", "type": "string" }, "enforcedSampleLimit": { - "description": "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit.\n\n\nWhen both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.\n* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value.\n* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit.", + "description": "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit.\n\nWhen both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.\n* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value.\n* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit.", "format": "int64", "type": "integer" }, "enforcedTargetLimit": { - "description": "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit.\n\n\nWhen both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.\n* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value.\n* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit.", + "description": "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit.\n\nWhen both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.\n* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value.\n* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit.", "format": "int64", "type": "integer" }, "excludedFromEnforcement": { - "description": "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\n\n\nIt is only applicable if `spec.enforcedNamespaceLabel` set to true.", + "description": "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\n\nIt is only applicable if `spec.enforcedNamespaceLabel` set to true.", "items": { "description": "ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object.", "properties": { @@ -2567,7 +2654,7 @@ "x-kubernetes-list-type": "map" }, "hostNetwork": { - "description": "Use the host's network namespace if true.\n\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically.", + "description": "Use the host's network namespace if true.\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set\nto a different value).", "type": "boolean" }, "ignoreNamespaceSelectors": { @@ -2575,7 +2662,7 @@ "type": "boolean" }, "image": { - "description": "Container image name for Prometheus. If specified, it takes precedence\nover the `spec.baseImage`, `spec.tag` and `spec.sha` fields.\n\n\nSpecifying `spec.version` is still necessary to ensure the Prometheus\nOperator knows which version of Prometheus is being configured.\n\n\nIf neither `spec.image` nor `spec.baseImage` are defined, the operator\nwill use the latest upstream version of Prometheus available at the time\nwhen the operator was released.", + "description": "Container image name for Prometheus. If specified, it takes precedence\nover the `spec.baseImage`, `spec.tag` and `spec.sha` fields.\n\nSpecifying `spec.version` is still necessary to ensure the Prometheus\nOperator knows which version of Prometheus is being configured.\n\nIf neither `spec.image` nor `spec.baseImage` are defined, the operator\nwill use the latest upstream version of Prometheus available at the time\nwhen the operator was released.", "type": "string" }, "imagePullPolicy": { @@ -2595,7 +2682,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -2605,7 +2692,7 @@ "type": "array" }, "initContainers": { - "description": "InitContainers allows injecting initContainers to the Pod definition. Those\ncan be used to e.g. fetch secrets for injection into the Prometheus\nconfiguration from external sources. Any errors during the execution of\nan initContainer will lead to a restart of the Pod. More info:\nhttps://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator generated init\ncontainers if they share the same name and modifications are done via a\nstrategic merge patch.\n\n\nThe names of init container name managed by the operator are:\n* `init-config-reloader`.\n\n\nOverriding init containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", + "description": "InitContainers allows injecting initContainers to the Pod definition. Those\ncan be used to e.g. fetch secrets for injection into the Prometheus\nconfiguration from external sources. Any errors during the execution of\nan initContainer will lead to a restart of the Pod. More info:\nhttps://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator generated init\ncontainers if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of init container name managed by the operator are:\n* `init-config-reloader`.\n\nOverriding init containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", "items": { "description": "A single application container that you want to run within a pod.", "properties": { @@ -2650,7 +2737,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2722,7 +2809,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2761,7 +2848,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2781,7 +2868,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3073,7 +3160,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3267,7 +3355,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3412,13 +3501,17 @@ "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -3524,7 +3617,7 @@ "type": "boolean" }, "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { @@ -3575,7 +3668,7 @@ "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -3640,7 +3733,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3826,7 +3920,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -3863,22 +3957,22 @@ "type": "array" }, "keepDroppedTargets": { - "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.", + "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.", "format": "int64", "type": "integer" }, "labelLimit": { - "description": "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.", + "description": "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.", "format": "int64", "type": "integer" }, "labelNameLengthLimit": { - "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.", + "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.", "format": "int64", "type": "integer" }, "labelValueLengthLimit": { - "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.", + "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.", "format": "int64", "type": "integer" }, @@ -3913,12 +4007,12 @@ "type": "integer" }, "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate.", + "description": "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate.", "format": "int32", "type": "integer" }, "mode": { - "description": "Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s).\nFor now this field has no effect.\n\n\n(Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled.", + "description": "Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s).\nFor now this field has no effect.\n\n(Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled.", "enum": [ "StatefulSet", "DaemonSet" @@ -3932,6 +4026,22 @@ "description": "Defines on which Nodes the Pods are scheduled.", "type": "object" }, + "otlp": { + "description": "Settings related to the OTLP receiver feature.\nIt requires Prometheus >= v2.55.0.", + "properties": { + "promoteResourceAttributes": { + "description": "List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none.", + "items": { + "minLength": 1, + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "type": "object" + }, "overrideHonorLabels": { "description": "When true, Prometheus resolves label conflicts by renaming the labels in the scraped data\n to “exported_” for all targets created from ServiceMonitor, PodMonitor and\nScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies.\nIn practice,`overrideHonorLaels:true` enforces `honorLabels:false`\nfor all ServiceMonitor, PodMonitor and ScrapeConfig objects.", "type": "boolean" @@ -3959,7 +4069,7 @@ "type": "object" }, "podMetadata": { - "description": "PodMetadata configures labels and annotations which are propagated to the Prometheus pods.\n\n\nThe following items are reserved and cannot be overridden:\n* \"prometheus\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/instance\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"prometheus\".\n* \"app.kubernetes.io/version\" label, set to the Prometheus version.\n* \"operator.prometheus.io/name\" label, set to the name of the Prometheus object.\n* \"operator.prometheus.io/shard\" label, set to the shard number of the Prometheus object.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"prometheus\".", + "description": "PodMetadata configures labels and annotations which are propagated to the Prometheus pods.\n\nThe following items are reserved and cannot be overridden:\n* \"prometheus\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/instance\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"prometheus\".\n* \"app.kubernetes.io/version\" label, set to the Prometheus version.\n* \"operator.prometheus.io/name\" label, set to the name of the Prometheus object.\n* \"operator.prometheus.io/shard\" label, set to the shard number of the Prometheus object.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"prometheus\".", "properties": { "annotations": { "additionalProperties": { @@ -4028,7 +4138,7 @@ "x-kubernetes-map-type": "atomic" }, "podMonitorSelector": { - "description": "PodMonitors to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", + "description": "PodMonitors to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -4134,7 +4244,7 @@ "x-kubernetes-map-type": "atomic" }, "probeSelector": { - "description": "Probes to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", + "description": "Probes to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -4179,7 +4289,7 @@ "x-kubernetes-map-type": "atomic" }, "prometheusExternalLabelName": { - "description": "Name of Prometheus external label used to denote the Prometheus instance\nname. The external label will _not_ be added when the field is set to\nthe empty string (`\"\"`).\n\n\nDefault: \"prometheus\"", + "description": "Name of Prometheus external label used to denote the Prometheus instance\nname. The external label will _not_ be added when the field is set to\nthe empty string (`\"\"`).\n\nDefault: \"prometheus\"", "type": "string" }, "reloadStrategy": { @@ -4196,7 +4306,7 @@ "description": "RemoteWriteSpec defines the configuration to write samples from Prometheus\nto a remote endpoint.", "properties": { "authorization": { - "description": "Authorization section for the URL.\n\n\nIt requires Prometheus >= v2.26.0.\n\n\nCannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.", + "description": "Authorization section for the URL.\n\nIt requires Prometheus >= v2.26.0.\n\nCannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -4207,7 +4317,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4226,14 +4336,14 @@ "type": "string" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "azureAd": { - "description": "AzureAD for the URL.\n\n\nIt requires Prometheus >= v2.45.0.\n\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.", + "description": "AzureAD for the URL.\n\nIt requires Prometheus >= v2.45.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.", "properties": { "cloud": { "description": "The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'.", @@ -4258,7 +4368,7 @@ "type": "object" }, "oauth": { - "description": "OAuth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\n\nIt requires Prometheus >= v2.48.0.", + "description": "OAuth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\nIt requires Prometheus >= v2.48.0.", "properties": { "clientId": { "description": "`clientID` is the clientId of the Azure Active Directory application that is being used to authenticate.", @@ -4274,7 +4384,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4303,7 +4413,7 @@ "type": "object" }, "sdk": { - "description": "SDK defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\n\nIt requires Prometheus >= 2.52.0.", + "description": "SDK defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\nIt requires Prometheus >= 2.52.0.", "properties": { "tenantId": { "description": "`tenantId` is the tenant ID of the azure active directory application that is being used to authenticate.", @@ -4317,7 +4427,7 @@ "type": "object" }, "basicAuth": { - "description": "BasicAuth configuration for the URL.\n\n\nCannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.", + "description": "BasicAuth configuration for the URL.\n\nCannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -4328,7 +4438,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4351,7 +4461,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4369,11 +4479,11 @@ "type": "object" }, "bearerToken": { - "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\n\nDeprecated: this will be removed in a future release.", + "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", "type": "string" }, "bearerTokenFile": { - "description": "File from which to read bearer token for the URL.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", + "description": "File from which to read bearer token for the URL.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", "type": "string" }, "enableHTTP2": { @@ -4381,16 +4491,24 @@ "type": "boolean" }, "followRedirects": { - "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\n\nIt requires Prometheus >= v2.26.0.", + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nIt requires Prometheus >= v2.26.0.", "type": "boolean" }, "headers": { "additionalProperties": { "type": "string" }, - "description": "Custom HTTP headers to be sent along with each remote write request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n\n\nIt requires Prometheus >= v2.25.0.", + "description": "Custom HTTP headers to be sent along with each remote write request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n\nIt requires Prometheus >= v2.25.0.", "type": "object" }, + "messageVersion": { + "description": "The Remote Write message's version to use when writing to the endpoint.\n\n`Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0.\n`Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0.\n\nWhen `Version2.0` is selected, Prometheus will automatically be\nconfigured to append the metadata of scraped metrics to the WAL.\n\nBefore setting this field, consult with your remote storage provider\nwhat message version it supports.\n\nIt requires Prometheus >= v2.54.0.", + "enum": [ + "V1.0", + "V2.0" + ], + "type": "string" + }, "metadataConfig": { "description": "MetadataConfig configures the sending of series metadata to the remote storage.", "properties": { @@ -4407,15 +4525,15 @@ "type": "object" }, "name": { - "description": "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\n\nIt requires Prometheus >= v2.15.0.", + "description": "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\nIt requires Prometheus >= v2.15.0.", "type": "string" }, "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, "oauth2": { - "description": "OAuth2 configuration for the URL.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.", + "description": "OAuth2 configuration for the URL.\n\nIt requires Prometheus >= v2.27.0.\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.", "properties": { "clientId": { "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", @@ -4429,7 +4547,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4452,7 +4570,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4478,7 +4596,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4499,6 +4617,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -4506,6 +4668,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -4530,7 +4853,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4546,16 +4869,16 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, @@ -4598,7 +4921,7 @@ "type": "integer" }, "retryOnRateLimit": { - "description": "Retry upon receiving a 429 status code from the remote-write storage.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "description": "Retry upon receiving a 429 status code from the remote-write storage.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", "type": "boolean" }, "sampleAgeLimit": { @@ -4615,15 +4938,15 @@ "type": "string" }, "sendExemplars": { - "description": "Enables sending of exemplars over remote write. Note that\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\n\nIt requires Prometheus >= v2.27.0.", + "description": "Enables sending of exemplars over remote write. Note that\nexemplar-storage itself must be enabled using the `spec.enableFeatures`\noption for exemplars to be scraped in the first place.\n\nIt requires Prometheus >= v2.27.0.", "type": "boolean" }, "sendNativeHistograms": { - "description": "Enables sending of native histograms, also known as sparse histograms\nover remote write.\n\n\nIt requires Prometheus >= v2.40.0.", + "description": "Enables sending of native histograms, also known as sparse histograms\nover remote write.\n\nIt requires Prometheus >= v2.40.0.", "type": "boolean" }, "sigv4": { - "description": "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\n\nIt requires Prometheus >= v2.26.0.\n\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.", + "description": "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\nIt requires Prometheus >= v2.26.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.", "properties": { "accessKey": { "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", @@ -4634,7 +4957,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4669,7 +4992,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4701,7 +5024,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4724,7 +5047,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4757,7 +5080,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4780,7 +5103,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4818,7 +5141,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4832,6 +5155,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -4841,16 +5184,17 @@ }, "url": { "description": "The URL of the endpoint to send samples to.", + "minLength": 1, "type": "string" }, "writeRelabelConfigs": { "description": "The list of remote write relabel configurations.", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -4878,7 +5222,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -4887,7 +5231,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -4904,7 +5248,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -4920,12 +5264,25 @@ }, "type": "array" }, + "remoteWriteReceiverMessageVersions": { + "description": "List of the protobuf message versions to accept when receiving the\nremote writes.\n\nIt requires Prometheus >= v2.54.0.", + "items": { + "enum": [ + "V1.0", + "V2.0" + ], + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, "replicaExternalLabelName": { - "description": "Name of Prometheus external label used to denote the replica name.\nThe external label will _not_ be added when the field is set to the\nempty string (`\"\"`).\n\n\nDefault: \"prometheus_replica\"", + "description": "Name of Prometheus external label used to denote the replica name.\nThe external label will _not_ be added when the field is set to the\nempty string (`\"\"`).\n\nDefault: \"prometheus_replica\"", "type": "string" }, "replicas": { - "description": "Number of replicas of each shard to deploy for a Prometheus deployment.\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\ncreated.\n\n\nDefault: 1", + "description": "Number of replicas of each shard to deploy for a Prometheus deployment.\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\ncreated.\n\nDefault: 1", "format": "int32", "type": "integer" }, @@ -4933,13 +5290,17 @@ "description": "Defines the resources requests and limits of the 'prometheus' container.", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -4989,30 +5350,40 @@ "type": "object" }, "routePrefix": { - "description": "The route prefix Prometheus registers HTTP handlers for.\n\n\nThis is useful when using `spec.externalURL`, and a proxy is rewriting\nHTTP routes of a request, and the actual ExternalURL is still true, but\nthe server serves requests under a different route prefix. For example\nfor use with `kubectl proxy`.", + "description": "The route prefix Prometheus registers HTTP handlers for.\n\nThis is useful when using `spec.externalURL`, and a proxy is rewriting\nHTTP routes of a request, and the actual ExternalURL is still true, but\nthe server serves requests under a different route prefix. For example\nfor use with `kubectl proxy`.", "type": "string" }, "sampleLimit": { - "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.", + "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.", "format": "int64", "type": "integer" }, "scrapeClasses": { - "description": "List of scrape classes to expose to scraping objects such as\nPodMonitors, ServiceMonitors, Probes and ScrapeConfigs.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "description": "List of scrape classes to expose to scraping objects such as\nPodMonitors, ServiceMonitors, Probes and ScrapeConfigs.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", "items": { "properties": { + "attachMetadata": { + "description": "AttachMetadata configures additional metadata to the discovered targets.\nWhen the scrape object defines its own configuration, it takes\nprecedence over the scrape class configuration.", + "properties": { + "node": { + "description": "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects.", + "type": "boolean" + } + }, + "type": "object" + }, "default": { - "description": "Default indicates that the scrape applies to all scrape objects that\ndon't configure an explicit scrape class name.\n\n\nOnly one scrape class can be set as the default.", + "description": "Default indicates that the scrape applies to all scrape objects that\ndon't configure an explicit scrape class name.\n\nOnly one scrape class can be set as the default.", "type": "boolean" }, "metricRelabelings": { - "description": "MetricRelabelings configures the relabeling rules to apply to all samples before ingestion.\n\n\nThe Operator adds the scrape class metric relabelings defined here.\nThen the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs.\nThen the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs", + "description": "MetricRelabelings configures the relabeling rules to apply to all samples before ingestion.\n\nThe Operator adds the scrape class metric relabelings defined here.\nThen the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs.\nThen the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -5040,7 +5411,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -5049,7 +5420,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -5066,7 +5437,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -5080,13 +5451,13 @@ "type": "string" }, "relabelings": { - "description": "Relabelings configures the relabeling rules to apply to all scrape targets.\n\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields\nlike `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`.\nThen the Operator adds the scrape class relabelings defined here.\nThen the Operator adds the target-specific relabelings defined in the scrape object.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "Relabelings configures the relabeling rules to apply to all scrape targets.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields\nlike `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`.\nThen the Operator adds the scrape class relabelings defined here.\nThen the Operator adds the target-specific relabelings defined in the scrape object.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -5114,7 +5485,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -5123,7 +5494,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -5140,7 +5511,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -5149,7 +5520,7 @@ "type": "array" }, "tlsConfig": { - "description": "TLSConfig defines the TLS settings to use for the scrape. When the\nscrape objects define their own CA, certificate and/or key, they take\nprecedence over the corresponding scrape class fields.\n\n\nFor now only the `caFile`, `certFile` and `keyFile` fields are supported.", + "description": "TLSConfig defines the TLS settings to use for the scrape. When the\nscrape objects define their own CA, certificate and/or key, they take\nprecedence over the corresponding scrape class fields.\n\nFor now only the `caFile`, `certFile` and `keyFile` fields are supported.", "properties": { "ca": { "description": "Certificate authority used when verifying server certificates.", @@ -5163,7 +5534,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5186,7 +5557,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5219,7 +5590,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5242,7 +5613,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5280,7 +5651,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5294,6 +5665,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -5314,7 +5705,7 @@ "x-kubernetes-list-type": "map" }, "scrapeConfigNamespaceSelector": { - "description": "Namespaces to match for ScrapeConfig discovery. An empty label selector\nmatches all namespaces. A null label selector matches the current\nnamespace only.\n\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level.", + "description": "Namespaces to match for ScrapeConfig discovery. An empty label selector\nmatches all namespaces. A null label selector matches the current\nnamespace only.\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -5359,7 +5750,7 @@ "x-kubernetes-map-type": "atomic" }, "scrapeConfigSelector": { - "description": "ScrapeConfigs to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.\n\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level.", + "description": "ScrapeConfigs to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -5405,12 +5796,12 @@ }, "scrapeInterval": { "default": "30s", - "description": "Interval between consecutive scrapes.\n\n\nDefault: \"30s\"", + "description": "Interval between consecutive scrapes.\n\nDefault: \"30s\"", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, "scrapeProtocols": { - "description": "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0.", + "description": "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", "items": { "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`", "enum": [ @@ -5434,7 +5825,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "set" }, "securityContext": { "description": "SecurityContext holds pod-level security attributes and common container settings.\nThis defaults to the default PodSecurityContext.", @@ -5457,7 +5849,7 @@ "type": "object" }, "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, @@ -5509,7 +5901,7 @@ "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -5519,7 +5911,7 @@ "type": "object" }, "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", "items": { "format": "int64", "type": "integer" @@ -5527,6 +5919,10 @@ "type": "array", "x-kubernetes-list-type": "atomic" }, + "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, "sysctls": { "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", "items": { @@ -5579,6 +5975,14 @@ "description": "ServiceAccountName is the name of the ServiceAccount to use to run the\nPrometheus Pods.", "type": "string" }, + "serviceDiscoveryRole": { + "description": "Defines the service discovery role used to discover targets from\n`ServiceMonitor` objects and Alertmanager endpoints.\n\nIf set, the value should be either \"Endpoints\" or \"EndpointSlice\".\nIf unset, the operator assumes the \"Endpoints\" role.", + "enum": [ + "Endpoints", + "EndpointSlice" + ], + "type": "string" + }, "serviceMonitorNamespaceSelector": { "description": "Namespaces to match for ServicedMonitors discovery. An empty label selector\nmatches all namespaces. A null label selector (default value) matches the current\nnamespace only.", "properties": { @@ -5625,7 +6029,7 @@ "x-kubernetes-map-type": "atomic" }, "serviceMonitorSelector": { - "description": "ServiceMonitors to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", + "description": "ServiceMonitors to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -5670,7 +6074,7 @@ "x-kubernetes-map-type": "atomic" }, "shards": { - "description": "Number of shards to distribute targets onto. `spec.replicas`\nmultiplied by `spec.shards` is the total number of Pods created.\n\n\nNote that scaling down shards will not reshard data onto remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\n\n\nSharding is performed on the content of the `__address__` target meta-label\nfor PodMonitors and ServiceMonitors and `__param_target__` for Probes.\n\n\nDefault: 1", + "description": "Number of shards to distribute targets onto. `spec.replicas`\nmultiplied by `spec.shards` is the total number of Pods created.\n\nNote that scaling down shards will not reshard data onto remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\n\nSharding is performed on the content of the `__address__` target meta-label\nfor PodMonitors and ServiceMonitors and `__param_target__` for Probes.\n\nDefault: 1", "format": "int32", "type": "integer" }, @@ -5708,7 +6112,7 @@ "description": "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes", "properties": { "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil.", + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { "metadata": { "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", @@ -5862,7 +6266,7 @@ "type": "string" }, "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { @@ -6068,7 +6472,7 @@ "type": "string" }, "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { @@ -6098,7 +6502,7 @@ "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", "type": "string" }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object", "x-kubernetes-map-type": "granular" }, @@ -6115,7 +6519,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object" }, "capacity": { @@ -6161,7 +6565,7 @@ "type": "string" }, "type": { - "description": "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type", + "description": "PersistentVolumeClaimConditionType defines the condition of PV claim.\nValid values are:\n - \"Resizing\", \"FileSystemResizePending\"\n\nIf RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:\n - \"ControllerResizeError\", \"NodeResizeError\"\n\nIf VolumeAttributesClass feature gate is enabled, then following additional values can be expected:\n - \"ModifyVolumeError\", \"ModifyingVolume\"", "type": "string" } }, @@ -6178,11 +6582,11 @@ "x-kubernetes-list-type": "map" }, "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "type": "string" }, "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "properties": { "status": { "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", @@ -6212,7 +6616,7 @@ "type": "object" }, "targetLimit": { - "description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit.", + "description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit.", "format": "int64", "type": "integer" }, @@ -6305,7 +6709,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", "items": { "type": "string" }, @@ -6318,16 +6722,16 @@ "type": "integer" }, "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", "format": "int32", "type": "integer" }, "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "topologyKey": { @@ -6349,7 +6753,7 @@ "type": "array" }, "tracingConfig": { - "description": "TracingConfig configures tracing in Prometheus.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "description": "TracingConfig configures tracing in Prometheus.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", "properties": { "clientType": { "description": "Client used to export the traces. Supported values are `http` or `grpc`.", @@ -6415,7 +6819,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6438,7 +6842,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6471,7 +6875,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6494,7 +6898,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6532,7 +6936,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6546,6 +6950,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -6559,12 +6983,23 @@ ], "type": "object" }, + "tsdb": { + "description": "Defines the runtime reloadable configuration of the timeseries database(TSDB).\nIt requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.", + "properties": { + "outOfOrderTimeWindow": { + "description": "Configures how old an out-of-order/out-of-bounds sample can be with\nrespect to the TSDB max time.\n\nAn out-of-order/out-of-bounds sample is ingested into the TSDB as long as\nthe timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow).\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nIt requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + } + }, + "type": "object" + }, "version": { - "description": "Version of Prometheus being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\n\nIf not specified, the operator assumes the latest upstream version of\nPrometheus available at the time when the version of the operator was\nreleased.", + "description": "Version of Prometheus being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\nIf not specified, the operator assumes the latest upstream version of\nPrometheus available at the time when the version of the operator was\nreleased.", "type": "string" }, "volumeMounts": { - "description": "VolumeMounts allows the configuration of additional VolumeMounts.\n\n\nVolumeMounts will be appended to other VolumeMounts in the 'prometheus'\ncontainer, that are generated as a result of StorageSpec objects.", + "description": "VolumeMounts allows the configuration of additional VolumeMounts.\n\nVolumeMounts will be appended to other VolumeMounts in the 'prometheus'\ncontainer, that are generated as a result of StorageSpec objects.", "items": { "description": "VolumeMount describes a mounting of a Volume within a container.", "properties": { @@ -6585,7 +7020,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -6614,7 +7049,7 @@ "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "properties": { "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" }, "partition": { @@ -6652,6 +7087,7 @@ "type": "string" }, "fsType": { + "default": "ext4", "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, @@ -6660,6 +7096,7 @@ "type": "string" }, "readOnly": { + "default": false, "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" } @@ -6720,7 +7157,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -6753,7 +7190,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -6808,7 +7245,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6835,7 +7272,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -6966,10 +7403,10 @@ "type": "object" }, "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", "properties": { "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil.", + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { "metadata": { "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", @@ -7123,7 +7560,7 @@ "type": "string" }, "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { @@ -7150,7 +7587,7 @@ "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "properties": { "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "lun": { @@ -7208,7 +7645,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -7239,7 +7676,7 @@ "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "properties": { "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "partition": { @@ -7305,7 +7742,7 @@ "type": "object" }, "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write.", + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "properties": { "path": { "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", @@ -7321,6 +7758,20 @@ ], "type": "object" }, + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", + "properties": { + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string" + }, + "reference": { + "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + } + }, + "type": "object" + }, "iscsi": { "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", "properties": { @@ -7333,7 +7784,7 @@ "type": "boolean" }, "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", "type": "string" }, "initiatorName": { @@ -7345,6 +7796,7 @@ "type": "string" }, "iscsiInterface": { + "default": "default", "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", "type": "string" }, @@ -7370,7 +7822,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -7479,12 +7931,12 @@ "type": "integer" }, "sources": { - "description": "sources is the list of volume projections", + "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", "items": { - "description": "Projection that may be projected along with other supported volume types", + "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", "properties": { "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", "properties": { "labelSelector": { "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", @@ -7586,7 +8038,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -7708,7 +8160,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -7788,7 +8240,7 @@ "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", "properties": { "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", "type": "string" }, "image": { @@ -7796,6 +8248,7 @@ "type": "string" }, "keyring": { + "default": "/etc/ceph/keyring", "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, @@ -7808,6 +8261,7 @@ "x-kubernetes-list-type": "atomic" }, "pool": { + "default": "rbd", "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, @@ -7820,7 +8274,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -7828,6 +8282,7 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "default": "admin", "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } @@ -7842,6 +8297,7 @@ "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", "properties": { "fsType": { + "default": "xfs", "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", "type": "string" }, @@ -7862,7 +8318,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -7874,6 +8330,7 @@ "type": "boolean" }, "storageMode": { + "default": "ThinProvisioned", "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", "type": "string" }, @@ -7960,7 +8417,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -8012,7 +8469,7 @@ "type": "array" }, "walCompression": { - "description": "Configures compression of the write-ahead log (WAL) using Snappy.\n\n\nWAL compression is enabled by default for Prometheus >= 2.20.0\n\n\nRequires Prometheus v2.11.0 and above.", + "description": "Configures compression of the write-ahead log (WAL) using Snappy.\n\nWAL compression is enabled by default for Prometheus >= 2.20.0\n\nRequires Prometheus v2.11.0 and above.", "type": "boolean" }, "web": { @@ -8088,7 +8545,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -8111,7 +8568,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -8128,6 +8585,10 @@ }, "type": "object" }, + "certFile": { + "description": "Path to the TLS certificate file in the Prometheus container for the server.\nMutually exclusive with `cert`.", + "type": "string" + }, "cipherSuites": { "description": "List of supported cipher suites for TLS versions up to TLS 1.2. If empty,\nGo default cipher suites are used. Available cipher suites are documented\nin the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants", "items": { @@ -8139,6 +8600,10 @@ "description": "Server policy for client authentication. Maps to ClientAuth Policies.\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", "type": "string" }, + "clientCAFile": { + "description": "Path to the CA certificate file for client certificate authentication to the server.\nMutually exclusive with `client_ca`.", + "type": "string" + }, "client_ca": { "description": "Contains the CA certificate for client certificate authentication to the server.", "properties": { @@ -8151,7 +8616,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -8174,7 +8639,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -8198,6 +8663,10 @@ }, "type": "array" }, + "keyFile": { + "description": "Path to the TLS key file in the Prometheus container for the server.\nMutually exclusive with `keySecret`.", + "type": "string" + }, "keySecret": { "description": "Secret containing the TLS key for the server.", "properties": { @@ -8207,7 +8676,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -8234,10 +8703,6 @@ "type": "boolean" } }, - "required": [ - "cert", - "keySecret" - ], "type": "object" } }, diff --git a/jsonnet/prometheus-operator/prometheuses-crd.json b/jsonnet/prometheus-operator/prometheuses-crd.json index 9b79d49614b..a0667574c8a 100644 --- a/jsonnet/prometheus-operator/prometheuses-crd.json +++ b/jsonnet/prometheus-operator/prometheuses-crd.json @@ -3,8 +3,8 @@ "kind": "CustomResourceDefinition", "metadata": { "annotations": { - "controller-gen.kubebuilder.io/version": "v0.15.0", - "operator.prometheus.io/version": "0.75.2" + "controller-gen.kubebuilder.io/version": "v0.16.4", + "operator.prometheus.io/version": "0.78.2" }, "name": "prometheuses.monitoring.coreos.com" }, @@ -70,7 +70,7 @@ "name": "v1", "schema": { "openAPIV3Schema": { - "description": "Prometheus defines a Prometheus deployment.", + "description": "The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more.\n\nFor each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default.\n\nThe resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances.\n\nThe Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -87,7 +87,7 @@ "description": "Specification of the desired behavior of the Prometheus cluster. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "properties": { "additionalAlertManagerConfigs": { - "description": "AdditionalAlertManagerConfigs specifies a key of a Secret containing\nadditional Prometheus Alertmanager configurations. The Alertmanager\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config\n\n\nThe user is responsible for making sure that the configurations are valid\n\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible AlertManager configs are going to break\nPrometheus after the upgrade.", + "description": "AdditionalAlertManagerConfigs specifies a key of a Secret containing\nadditional Prometheus Alertmanager configurations. The Alertmanager\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config\n\nThe user is responsible for making sure that the configurations are valid\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible AlertManager configs are going to break\nPrometheus after the upgrade.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", @@ -95,7 +95,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -110,7 +110,7 @@ "x-kubernetes-map-type": "atomic" }, "additionalAlertRelabelConfigs": { - "description": "AdditionalAlertRelabelConfigs specifies a key of a Secret containing\nadditional Prometheus alert relabel configurations. The alert relabel\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\n\nThe user is responsible for making sure that the configurations are valid\n\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible alert relabel configs are going to break\nPrometheus after the upgrade.", + "description": "AdditionalAlertRelabelConfigs specifies a key of a Secret containing\nadditional Prometheus alert relabel configurations. The alert relabel\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\nThe user is responsible for making sure that the configurations are valid\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible alert relabel configs are going to break\nPrometheus after the upgrade.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", @@ -118,7 +118,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -133,7 +133,7 @@ "x-kubernetes-map-type": "atomic" }, "additionalArgs": { - "description": "AdditionalArgs allows setting additional arguments for the 'prometheus' container.\n\n\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nPrometheus container which may cause issues if they are invalid or not supported\nby the given Prometheus version.\n\n\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged.", + "description": "AdditionalArgs allows setting additional arguments for the 'prometheus' container.\n\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nPrometheus container which may cause issues if they are invalid or not supported\nby the given Prometheus version.\n\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged.", "items": { "description": "Argument as part of the AdditionalArgs list.", "properties": { @@ -163,7 +163,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -416,7 +416,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -424,7 +424,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -560,7 +560,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -568,7 +568,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -701,7 +701,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -709,7 +709,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -845,7 +845,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -853,7 +853,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -936,18 +936,18 @@ "description": "Defines the settings related to Alertmanager.", "properties": { "alertmanagers": { - "description": "AlertmanagerEndpoints Prometheus should fire alerts against.", + "description": "Alertmanager endpoints where Prometheus should send alerts to.", "items": { "description": "AlertmanagerEndpoints defines a selection of a single Endpoints object\ncontaining Alertmanager IPs to fire alerts against.", "properties": { "alertRelabelings": { "description": "Relabeling configs applied before sending alerts to a specific Alertmanager.\nIt requires Prometheus >= v2.51.0.", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -975,7 +975,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -984,7 +984,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -1001,7 +1001,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -1014,7 +1014,7 @@ "type": "string" }, "authorization": { - "description": "Authorization section for Alertmanager.\n\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`.", + "description": "Authorization section for Alertmanager.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -1025,7 +1025,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1040,14 +1040,14 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth configuration for Alertmanager.\n\n\nCannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`.", + "description": "BasicAuth configuration for Alertmanager.\n\nCannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`.", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -1058,7 +1058,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1081,7 +1081,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1099,7 +1099,7 @@ "type": "object" }, "bearerTokenFile": { - "description": "File to read bearer token for Alertmanager.\n\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", + "description": "File to read bearer token for Alertmanager.\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", "type": "string" }, "enableHttp2": { @@ -1108,10 +1108,12 @@ }, "name": { "description": "Name of the Endpoints object in the namespace.", + "minLength": 1, "type": "string" }, "namespace": { - "description": "Namespace of the Endpoints object.", + "description": "Namespace of the Endpoints object.\n\nIf not set, the object will be discovered in the namespace of the\nPrometheus object.", + "minLength": 1, "type": "string" }, "pathPrefix": { @@ -1133,11 +1135,11 @@ "relabelings": { "description": "Relabel configuration applied to the discovered Alertmanagers.", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -1165,7 +1167,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -1174,7 +1176,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -1191,7 +1193,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -1204,7 +1206,7 @@ "type": "string" }, "sigv4": { - "description": "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\n\nIt requires Prometheus >= v2.48.0.\n\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`.", + "description": "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\nIt requires Prometheus >= v2.48.0.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`.", "properties": { "accessKey": { "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", @@ -1215,7 +1217,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1250,7 +1252,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1287,7 +1289,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1310,7 +1312,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1343,7 +1345,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1366,7 +1368,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1404,7 +1406,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1418,6 +1420,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -1428,7 +1450,6 @@ }, "required": [ "name", - "namespace", "port" ], "type": "object" @@ -1442,14 +1463,14 @@ "type": "object" }, "allowOverlappingBlocks": { - "description": "AllowOverlappingBlocks enables vertical compaction and vertical query\nmerge in Prometheus.\n\n\nDeprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.", + "description": "AllowOverlappingBlocks enables vertical compaction and vertical query\nmerge in Prometheus.\n\nDeprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.", "type": "boolean" }, "apiserverConfig": { "description": "APIServerConfig allows specifying a host and auth methods to access the\nKuberntees API server.\nIf null, Prometheus is assumed to run inside of the cluster: it will\ndiscover the API servers automatically and use the Pod's CA certificate\nand bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.", "properties": { "authorization": { - "description": "Authorization section for the API server.\n\n\nCannot be set at the same time as `basicAuth`, `bearerToken`, or\n`bearerTokenFile`.", + "description": "Authorization section for the API server.\n\nCannot be set at the same time as `basicAuth`, `bearerToken`, or\n`bearerTokenFile`.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -1460,7 +1481,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1479,14 +1500,14 @@ "type": "string" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth configuration for the API server.\n\n\nCannot be set at the same time as `authorization`, `bearerToken`, or\n`bearerTokenFile`.", + "description": "BasicAuth configuration for the API server.\n\nCannot be set at the same time as `authorization`, `bearerToken`, or\n`bearerTokenFile`.", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -1497,7 +1518,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1520,7 +1541,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1538,11 +1559,11 @@ "type": "object" }, "bearerToken": { - "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\n\nDeprecated: this will be removed in a future release.", + "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", "type": "string" }, "bearerTokenFile": { - "description": "File to read bearer token for accessing apiserver.\n\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", + "description": "File to read bearer token for accessing apiserver.\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", "type": "string" }, "host": { @@ -1564,7 +1585,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1587,7 +1608,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1620,7 +1641,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1643,7 +1664,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1681,7 +1702,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1695,6 +1716,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -1718,7 +1759,7 @@ "type": "object" }, "automountServiceAccountToken": { - "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the field isn't set, the operator mounts the service account token by default.\n\n\n**Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.\nIt is possible to use strategic merge patch to project the service account token into the 'prometheus' container.", + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the field isn't set, the operator mounts the service account token by default.\n\n**Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.\nIt is possible to use strategic merge patch to project the service account token into the 'prometheus' container.", "type": "boolean" }, "baseImage": { @@ -1726,7 +1767,7 @@ "type": "string" }, "bodySizeLimit": { - "description": "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.", + "description": "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.", "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", "type": "string" }, @@ -1738,7 +1779,7 @@ "type": "array" }, "containers": { - "description": "Containers allows injecting additional containers or modifying operator\ngenerated containers. This can be used to allow adding an authentication\nproxy to the Pods or to change the behavior of an operator generated\ncontainer. Containers described here modify an operator generated\ncontainer if they share the same name and modifications are done via a\nstrategic merge patch.\n\n\nThe names of containers managed by the operator are:\n* `prometheus`\n* `config-reloader`\n* `thanos-sidecar`\n\n\nOverriding containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", + "description": "Containers allows injecting additional containers or modifying operator\ngenerated containers. This can be used to allow adding an authentication\nproxy to the Pods or to change the behavior of an operator generated\ncontainer. Containers described here modify an operator generated\ncontainer if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of containers managed by the operator are:\n* `prometheus`\n* `config-reloader`\n* `thanos-sidecar`\n\nOverriding containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", "items": { "description": "A single application container that you want to run within a pod.", "properties": { @@ -1783,7 +1824,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1855,7 +1896,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1894,7 +1935,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1914,7 +1955,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2206,7 +2247,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -2400,7 +2442,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -2545,13 +2588,17 @@ "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -2657,7 +2704,7 @@ "type": "boolean" }, "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { @@ -2708,7 +2755,7 @@ "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -2773,7 +2820,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -2959,7 +3007,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -2999,12 +3047,72 @@ "description": "When true, the Prometheus compaction is disabled.", "type": "boolean" }, + "dnsConfig": { + "description": "Defines the DNS configuration for the pods.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "properties": { + "name": { + "description": "Name is required and must be unique.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value is optional.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "type": "object" + }, + "dnsPolicy": { + "description": "Defines the DNS policy for the pods.", + "enum": [ + "ClusterFirstWithHostNet", + "ClusterFirst", + "Default", + "None" + ], + "type": "string" + }, "enableAdminAPI": { - "description": "Enables access to the Prometheus web admin API.\n\n\nWARNING: Enabling the admin APIs enables mutating endpoints, to delete data,\nshutdown Prometheus, and more. Enabling this should be done with care and the\nuser is advised to add additional authentication authorization via a proxy to\nensure only clients authorized to perform these actions can do so.\n\n\nFor more information:\nhttps://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis", + "description": "Enables access to the Prometheus web admin API.\n\nWARNING: Enabling the admin APIs enables mutating endpoints, to delete data,\nshutdown Prometheus, and more. Enabling this should be done with care and the\nuser is advised to add additional authentication authorization via a proxy to\nensure only clients authorized to perform these actions can do so.\n\nFor more information:\nhttps://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis", "type": "boolean" }, "enableFeatures": { - "description": "Enable access to Prometheus feature flags. By default, no features are enabled.\n\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\n\nFor more information see https://prometheus.io/docs/prometheus/latest/feature_flags/", + "description": "Enable access to Prometheus feature flags. By default, no features are enabled.\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nFor more information see https://prometheus.io/docs/prometheus/latest/feature_flags/", "items": { "minLength": 1, "type": "string" @@ -3013,45 +3121,45 @@ "x-kubernetes-list-type": "set" }, "enableRemoteWriteReceiver": { - "description": "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\n\nIt requires Prometheus >= v2.33.0.", + "description": "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\nIt requires Prometheus >= v2.33.0.", "type": "boolean" }, "enforcedBodySizeLimit": { - "description": "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\n\nIt requires Prometheus >= v2.28.0.\n\n\nWhen both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.\n* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value.\n* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit.", + "description": "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\nIt requires Prometheus >= v2.28.0.\n\nWhen both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.\n* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value.\n* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit.", "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", "type": "string" }, "enforcedKeepDroppedTargets": { - "description": "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\n\nIt requires Prometheus >= v2.47.0.\n\n\nWhen both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.\n* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value.\n* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets.", + "description": "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\nIt requires Prometheus >= v2.47.0.\n\nWhen both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.\n* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value.\n* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets.", "format": "int64", "type": "integer" }, "enforcedLabelLimit": { - "description": "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.\n* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value.\n* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit.", + "description": "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.\n* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value.\n* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit.", "format": "int64", "type": "integer" }, "enforcedLabelNameLengthLimit": { - "description": "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.\n* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value.\n* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit.", + "description": "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.\n* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value.\n* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit.", "format": "int64", "type": "integer" }, "enforcedLabelValueLengthLimit": { - "description": "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.\n* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value.\n* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit.", + "description": "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.\n* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value.\n* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit.", "format": "int64", "type": "integer" }, "enforcedNamespaceLabel": { - "description": "When not empty, a label will be added to:\n\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object.", + "description": "When not empty, a label will be added to:\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object.", "type": "string" }, "enforcedSampleLimit": { - "description": "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit.\n\n\nWhen both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.\n* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value.\n* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit.", + "description": "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit.\n\nWhen both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.\n* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value.\n* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit.", "format": "int64", "type": "integer" }, "enforcedTargetLimit": { - "description": "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit.\n\n\nWhen both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.\n* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value.\n* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit.", + "description": "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit.\n\nWhen both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.\n* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value.\n* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit.", "format": "int64", "type": "integer" }, @@ -3062,7 +3170,7 @@ "type": "string" }, "excludedFromEnforcement": { - "description": "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\n\n\nIt is only applicable if `spec.enforcedNamespaceLabel` set to true.", + "description": "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\n\nIt is only applicable if `spec.enforcedNamespaceLabel` set to true.", "items": { "description": "ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object.", "properties": { @@ -3107,7 +3215,7 @@ "description": "Exemplars related settings that are runtime reloadable.\nIt requires to enable the `exemplar-storage` feature flag to be effective.", "properties": { "maxSize": { - "description": "Maximum number of exemplars stored in memory for all series.\n\n\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\n\nIf not set, Prometheus uses its default value. A value of zero or less\nthan zero disables the storage.", + "description": "Maximum number of exemplars stored in memory for all series.\n\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\nIf not set, Prometheus uses its default value. A value of zero or less\nthan zero disables the storage.", "format": "int64", "type": "integer" } @@ -3155,7 +3263,7 @@ "x-kubernetes-list-type": "map" }, "hostNetwork": { - "description": "Use the host's network namespace if true.\n\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically.", + "description": "Use the host's network namespace if true.\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set\nto a different value).", "type": "boolean" }, "ignoreNamespaceSelectors": { @@ -3163,7 +3271,7 @@ "type": "boolean" }, "image": { - "description": "Container image name for Prometheus. If specified, it takes precedence\nover the `spec.baseImage`, `spec.tag` and `spec.sha` fields.\n\n\nSpecifying `spec.version` is still necessary to ensure the Prometheus\nOperator knows which version of Prometheus is being configured.\n\n\nIf neither `spec.image` nor `spec.baseImage` are defined, the operator\nwill use the latest upstream version of Prometheus available at the time\nwhen the operator was released.", + "description": "Container image name for Prometheus. If specified, it takes precedence\nover the `spec.baseImage`, `spec.tag` and `spec.sha` fields.\n\nSpecifying `spec.version` is still necessary to ensure the Prometheus\nOperator knows which version of Prometheus is being configured.\n\nIf neither `spec.image` nor `spec.baseImage` are defined, the operator\nwill use the latest upstream version of Prometheus available at the time\nwhen the operator was released.", "type": "string" }, "imagePullPolicy": { @@ -3183,7 +3291,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -3193,7 +3301,7 @@ "type": "array" }, "initContainers": { - "description": "InitContainers allows injecting initContainers to the Pod definition. Those\ncan be used to e.g. fetch secrets for injection into the Prometheus\nconfiguration from external sources. Any errors during the execution of\nan initContainer will lead to a restart of the Pod. More info:\nhttps://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator generated init\ncontainers if they share the same name and modifications are done via a\nstrategic merge patch.\n\n\nThe names of init container name managed by the operator are:\n* `init-config-reloader`.\n\n\nOverriding init containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", + "description": "InitContainers allows injecting initContainers to the Pod definition. Those\ncan be used to e.g. fetch secrets for injection into the Prometheus\nconfiguration from external sources. Any errors during the execution of\nan initContainer will lead to a restart of the Pod. More info:\nhttps://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator generated init\ncontainers if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of init container name managed by the operator are:\n* `init-config-reloader`.\n\nOverriding init containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", "items": { "description": "A single application container that you want to run within a pod.", "properties": { @@ -3238,7 +3346,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3310,7 +3418,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3349,7 +3457,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3369,7 +3477,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3661,7 +3769,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3855,7 +3964,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -4000,13 +4110,17 @@ "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -4112,7 +4226,7 @@ "type": "boolean" }, "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { @@ -4163,7 +4277,7 @@ "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -4228,7 +4342,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -4414,7 +4529,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -4451,22 +4566,22 @@ "type": "array" }, "keepDroppedTargets": { - "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.", + "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.", "format": "int64", "type": "integer" }, "labelLimit": { - "description": "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.", + "description": "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.", "format": "int64", "type": "integer" }, "labelNameLengthLimit": { - "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.", + "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.", "format": "int64", "type": "integer" }, "labelValueLengthLimit": { - "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.", + "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.", "format": "int64", "type": "integer" }, @@ -4501,7 +4616,7 @@ "type": "integer" }, "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate.", + "description": "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate.", "format": "int32", "type": "integer" }, @@ -4512,6 +4627,22 @@ "description": "Defines on which Nodes the Pods are scheduled.", "type": "object" }, + "otlp": { + "description": "Settings related to the OTLP receiver feature.\nIt requires Prometheus >= v2.55.0.", + "properties": { + "promoteResourceAttributes": { + "description": "List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none.", + "items": { + "minLength": 1, + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "type": "object" + }, "overrideHonorLabels": { "description": "When true, Prometheus resolves label conflicts by renaming the labels in the scraped data\n to “exported_” for all targets created from ServiceMonitor, PodMonitor and\nScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies.\nIn practice,`overrideHonorLaels:true` enforces `honorLabels:false`\nfor all ServiceMonitor, PodMonitor and ScrapeConfig objects.", "type": "boolean" @@ -4539,7 +4670,7 @@ "type": "object" }, "podMetadata": { - "description": "PodMetadata configures labels and annotations which are propagated to the Prometheus pods.\n\n\nThe following items are reserved and cannot be overridden:\n* \"prometheus\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/instance\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"prometheus\".\n* \"app.kubernetes.io/version\" label, set to the Prometheus version.\n* \"operator.prometheus.io/name\" label, set to the name of the Prometheus object.\n* \"operator.prometheus.io/shard\" label, set to the shard number of the Prometheus object.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"prometheus\".", + "description": "PodMetadata configures labels and annotations which are propagated to the Prometheus pods.\n\nThe following items are reserved and cannot be overridden:\n* \"prometheus\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/instance\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"prometheus\".\n* \"app.kubernetes.io/version\" label, set to the Prometheus version.\n* \"operator.prometheus.io/name\" label, set to the name of the Prometheus object.\n* \"operator.prometheus.io/shard\" label, set to the shard number of the Prometheus object.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"prometheus\".", "properties": { "annotations": { "additionalProperties": { @@ -4608,7 +4739,7 @@ "x-kubernetes-map-type": "atomic" }, "podMonitorSelector": { - "description": "PodMonitors to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", + "description": "PodMonitors to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -4714,7 +4845,7 @@ "x-kubernetes-map-type": "atomic" }, "probeSelector": { - "description": "Probes to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", + "description": "Probes to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -4759,7 +4890,7 @@ "x-kubernetes-map-type": "atomic" }, "prometheusExternalLabelName": { - "description": "Name of Prometheus external label used to denote the Prometheus instance\nname. The external label will _not_ be added when the field is set to\nthe empty string (`\"\"`).\n\n\nDefault: \"prometheus\"", + "description": "Name of Prometheus external label used to denote the Prometheus instance\nname. The external label will _not_ be added when the field is set to\nthe empty string (`\"\"`).\n\nDefault: \"prometheus\"", "type": "string" }, "prometheusRulesExcludedFromEnforce": { @@ -4811,7 +4942,7 @@ "type": "object" }, "queryLogFile": { - "description": "queryLogFile specifies where the file to which PromQL queries are logged.\n\n\nIf the filename has an empty path, e.g. 'query.log', The Prometheus Pods\nwill mount the file into an emptyDir volume at `/var/log/prometheus`.\nIf a full path is provided, e.g. '/var/log/prometheus/query.log', you\nmust mount a volume in the specified directory and it must be writable.\nThis is because the prometheus container runs with a read-only root\nfilesystem for security reasons.\nAlternatively, the location can be set to a standard I/O stream, e.g.\n`/dev/stdout`, to log query information to the default Prometheus log\nstream.", + "description": "queryLogFile specifies where the file to which PromQL queries are logged.\n\nIf the filename has an empty path, e.g. 'query.log', The Prometheus Pods\nwill mount the file into an emptyDir volume at `/var/log/prometheus`.\nIf a full path is provided, e.g. '/var/log/prometheus/query.log', you\nmust mount a volume in the specified directory and it must be writable.\nThis is because the prometheus container runs with a read-only root\nfilesystem for security reasons.\nAlternatively, the location can be set to a standard I/O stream, e.g.\n`/dev/stdout`, to log query information to the default Prometheus log\nstream.", "type": "string" }, "reloadStrategy": { @@ -4828,7 +4959,7 @@ "description": "RemoteReadSpec defines the configuration for Prometheus to read back samples\nfrom a remote endpoint.", "properties": { "authorization": { - "description": "Authorization section for the URL.\n\n\nIt requires Prometheus >= v2.26.0.\n\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.", + "description": "Authorization section for the URL.\n\nIt requires Prometheus >= v2.26.0.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -4839,7 +4970,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4858,14 +4989,14 @@ "type": "string" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth configuration for the URL.\n\n\nCannot be set at the same time as `authorization`, or `oauth2`.", + "description": "BasicAuth configuration for the URL.\n\nCannot be set at the same time as `authorization`, or `oauth2`.", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -4876,7 +5007,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4899,7 +5030,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4917,19 +5048,19 @@ "type": "object" }, "bearerToken": { - "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\n\nDeprecated: this will be removed in a future release.", + "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", "type": "string" }, "bearerTokenFile": { - "description": "File from which to read the bearer token for the URL.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", + "description": "File from which to read the bearer token for the URL.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", "type": "string" }, "filterExternalLabels": { - "description": "Whether to use the external labels as selectors for the remote read endpoint.\n\n\nIt requires Prometheus >= v2.34.0.", + "description": "Whether to use the external labels as selectors for the remote read endpoint.\n\nIt requires Prometheus >= v2.34.0.", "type": "boolean" }, "followRedirects": { - "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\n\nIt requires Prometheus >= v2.26.0.", + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nIt requires Prometheus >= v2.26.0.", "type": "boolean" }, "headers": { @@ -4940,15 +5071,15 @@ "type": "object" }, "name": { - "description": "The name of the remote read queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate read\nconfigurations.\n\n\nIt requires Prometheus >= v2.15.0.", + "description": "The name of the remote read queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate read\nconfigurations.\n\nIt requires Prometheus >= v2.15.0.", "type": "string" }, "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, "oauth2": { - "description": "OAuth2 configuration for the URL.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nCannot be set at the same time as `authorization`, or `basicAuth`.", + "description": "OAuth2 configuration for the URL.\n\nIt requires Prometheus >= v2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`.", "properties": { "clientId": { "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", @@ -4962,7 +5093,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4985,7 +5116,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5011,7 +5142,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5032,6 +5163,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -5039,6 +5214,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -5063,7 +5399,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5079,16 +5415,16 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, @@ -5123,7 +5459,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5146,7 +5482,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5179,7 +5515,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5202,7 +5538,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5240,7 +5576,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5254,6 +5590,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -5279,7 +5635,7 @@ "description": "RemoteWriteSpec defines the configuration to write samples from Prometheus\nto a remote endpoint.", "properties": { "authorization": { - "description": "Authorization section for the URL.\n\n\nIt requires Prometheus >= v2.26.0.\n\n\nCannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.", + "description": "Authorization section for the URL.\n\nIt requires Prometheus >= v2.26.0.\n\nCannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -5290,7 +5646,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5309,14 +5665,14 @@ "type": "string" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "azureAd": { - "description": "AzureAD for the URL.\n\n\nIt requires Prometheus >= v2.45.0.\n\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.", + "description": "AzureAD for the URL.\n\nIt requires Prometheus >= v2.45.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.", "properties": { "cloud": { "description": "The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'.", @@ -5341,7 +5697,7 @@ "type": "object" }, "oauth": { - "description": "OAuth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\n\nIt requires Prometheus >= v2.48.0.", + "description": "OAuth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\nIt requires Prometheus >= v2.48.0.", "properties": { "clientId": { "description": "`clientID` is the clientId of the Azure Active Directory application that is being used to authenticate.", @@ -5357,7 +5713,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5386,7 +5742,7 @@ "type": "object" }, "sdk": { - "description": "SDK defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\n\nIt requires Prometheus >= 2.52.0.", + "description": "SDK defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\nIt requires Prometheus >= 2.52.0.", "properties": { "tenantId": { "description": "`tenantId` is the tenant ID of the azure active directory application that is being used to authenticate.", @@ -5400,7 +5756,7 @@ "type": "object" }, "basicAuth": { - "description": "BasicAuth configuration for the URL.\n\n\nCannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.", + "description": "BasicAuth configuration for the URL.\n\nCannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -5411,7 +5767,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5434,7 +5790,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5452,11 +5808,11 @@ "type": "object" }, "bearerToken": { - "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\n\nDeprecated: this will be removed in a future release.", + "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", "type": "string" }, "bearerTokenFile": { - "description": "File from which to read bearer token for the URL.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", + "description": "File from which to read bearer token for the URL.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", "type": "string" }, "enableHTTP2": { @@ -5464,16 +5820,24 @@ "type": "boolean" }, "followRedirects": { - "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\n\nIt requires Prometheus >= v2.26.0.", + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nIt requires Prometheus >= v2.26.0.", "type": "boolean" }, "headers": { "additionalProperties": { "type": "string" }, - "description": "Custom HTTP headers to be sent along with each remote write request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n\n\nIt requires Prometheus >= v2.25.0.", + "description": "Custom HTTP headers to be sent along with each remote write request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n\nIt requires Prometheus >= v2.25.0.", "type": "object" }, + "messageVersion": { + "description": "The Remote Write message's version to use when writing to the endpoint.\n\n`Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0.\n`Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0.\n\nWhen `Version2.0` is selected, Prometheus will automatically be\nconfigured to append the metadata of scraped metrics to the WAL.\n\nBefore setting this field, consult with your remote storage provider\nwhat message version it supports.\n\nIt requires Prometheus >= v2.54.0.", + "enum": [ + "V1.0", + "V2.0" + ], + "type": "string" + }, "metadataConfig": { "description": "MetadataConfig configures the sending of series metadata to the remote storage.", "properties": { @@ -5490,15 +5854,15 @@ "type": "object" }, "name": { - "description": "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\n\nIt requires Prometheus >= v2.15.0.", + "description": "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\nIt requires Prometheus >= v2.15.0.", "type": "string" }, "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, "oauth2": { - "description": "OAuth2 configuration for the URL.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.", + "description": "OAuth2 configuration for the URL.\n\nIt requires Prometheus >= v2.27.0.\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.", "properties": { "clientId": { "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", @@ -5512,11 +5876,96 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -5526,8 +5975,141 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "secret": { - "description": "Secret containing data to use for the targets.", + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", @@ -5535,7 +6117,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5548,47 +6130,34 @@ ], "type": "object", "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" } }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -5613,7 +6182,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5629,16 +6198,16 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, @@ -5681,7 +6250,7 @@ "type": "integer" }, "retryOnRateLimit": { - "description": "Retry upon receiving a 429 status code from the remote-write storage.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "description": "Retry upon receiving a 429 status code from the remote-write storage.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", "type": "boolean" }, "sampleAgeLimit": { @@ -5698,15 +6267,15 @@ "type": "string" }, "sendExemplars": { - "description": "Enables sending of exemplars over remote write. Note that\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\n\nIt requires Prometheus >= v2.27.0.", + "description": "Enables sending of exemplars over remote write. Note that\nexemplar-storage itself must be enabled using the `spec.enableFeatures`\noption for exemplars to be scraped in the first place.\n\nIt requires Prometheus >= v2.27.0.", "type": "boolean" }, "sendNativeHistograms": { - "description": "Enables sending of native histograms, also known as sparse histograms\nover remote write.\n\n\nIt requires Prometheus >= v2.40.0.", + "description": "Enables sending of native histograms, also known as sparse histograms\nover remote write.\n\nIt requires Prometheus >= v2.40.0.", "type": "boolean" }, "sigv4": { - "description": "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\n\nIt requires Prometheus >= v2.26.0.\n\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.", + "description": "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\nIt requires Prometheus >= v2.26.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.", "properties": { "accessKey": { "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", @@ -5717,7 +6286,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5752,7 +6321,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5784,7 +6353,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5807,7 +6376,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5840,7 +6409,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5863,7 +6432,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5901,7 +6470,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5915,6 +6484,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -5924,16 +6513,17 @@ }, "url": { "description": "The URL of the endpoint to send samples to.", + "minLength": 1, "type": "string" }, "writeRelabelConfigs": { "description": "The list of remote write relabel configurations.", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -5961,7 +6551,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -5970,7 +6560,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -5987,7 +6577,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -6003,12 +6593,25 @@ }, "type": "array" }, + "remoteWriteReceiverMessageVersions": { + "description": "List of the protobuf message versions to accept when receiving the\nremote writes.\n\nIt requires Prometheus >= v2.54.0.", + "items": { + "enum": [ + "V1.0", + "V2.0" + ], + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, "replicaExternalLabelName": { - "description": "Name of Prometheus external label used to denote the replica name.\nThe external label will _not_ be added when the field is set to the\nempty string (`\"\"`).\n\n\nDefault: \"prometheus_replica\"", + "description": "Name of Prometheus external label used to denote the replica name.\nThe external label will _not_ be added when the field is set to the\nempty string (`\"\"`).\n\nDefault: \"prometheus_replica\"", "type": "string" }, "replicas": { - "description": "Number of replicas of each shard to deploy for a Prometheus deployment.\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\ncreated.\n\n\nDefault: 1", + "description": "Number of replicas of each shard to deploy for a Prometheus deployment.\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\ncreated.\n\nDefault: 1", "format": "int32", "type": "integer" }, @@ -6016,13 +6619,17 @@ "description": "Defines the resources requests and limits of the 'prometheus' container.", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -6072,7 +6679,7 @@ "type": "object" }, "retention": { - "description": "How long to retain the Prometheus data.\n\n\nDefault: \"24h\" if `spec.retention` and `spec.retentionSize` are empty.", + "description": "How long to retain the Prometheus data.\n\nDefault: \"24h\" if `spec.retention` and `spec.retentionSize` are empty.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, @@ -6082,7 +6689,7 @@ "type": "string" }, "routePrefix": { - "description": "The route prefix Prometheus registers HTTP handlers for.\n\n\nThis is useful when using `spec.externalURL`, and a proxy is rewriting\nHTTP routes of a request, and the actual ExternalURL is still true, but\nthe server serves requests under a different route prefix. For example\nfor use with `kubectl proxy`.", + "description": "The route prefix Prometheus registers HTTP handlers for.\n\nThis is useful when using `spec.externalURL`, and a proxy is rewriting\nHTTP routes of a request, and the actual ExternalURL is still true, but\nthe server serves requests under a different route prefix. For example\nfor use with `kubectl proxy`.", "type": "string" }, "ruleNamespaceSelector": { @@ -6130,6 +6737,11 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "ruleQueryOffset": { + "description": "Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past.\nIt requires Prometheus >= v2.53.0.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, "ruleSelector": { "description": "PrometheusRule objects to be selected for rule evaluation. An empty\nlabel selector matches all objects. A null label selector matches no\nobjects.", "properties": { @@ -6179,10 +6791,10 @@ "description": "Defines the configuration of the Prometheus rules' engine.", "properties": { "alert": { - "description": "Defines the parameters of the Prometheus rules' engine.\n\n\nAny update to these parameters trigger a restart of the pods.", + "description": "Defines the parameters of the Prometheus rules' engine.\n\nAny update to these parameters trigger a restart of the pods.", "properties": { "forGracePeriod": { - "description": "Minimum duration between alert and restored 'for' state.\n\n\nThis is maintained only for alerts with a configured 'for' time greater\nthan the grace period.", + "description": "Minimum duration between alert and restored 'for' state.\n\nThis is maintained only for alerts with a configured 'for' time greater\nthan the grace period.", "type": "string" }, "forOutageTolerance": { @@ -6199,27 +6811,49 @@ }, "type": "object" }, + "runtime": { + "description": "RuntimeConfig configures the values for the Prometheus process behavior", + "properties": { + "goGC": { + "description": "The Go garbage collection target percentage. Lowering this number may increase the CPU usage.\nSee: https://tip.golang.org/doc/gc-guide#GOGC", + "format": "int32", + "minimum": -1, + "type": "integer" + } + }, + "type": "object" + }, "sampleLimit": { - "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.", + "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.", "format": "int64", "type": "integer" }, "scrapeClasses": { - "description": "List of scrape classes to expose to scraping objects such as\nPodMonitors, ServiceMonitors, Probes and ScrapeConfigs.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "description": "List of scrape classes to expose to scraping objects such as\nPodMonitors, ServiceMonitors, Probes and ScrapeConfigs.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", "items": { "properties": { + "attachMetadata": { + "description": "AttachMetadata configures additional metadata to the discovered targets.\nWhen the scrape object defines its own configuration, it takes\nprecedence over the scrape class configuration.", + "properties": { + "node": { + "description": "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects.", + "type": "boolean" + } + }, + "type": "object" + }, "default": { - "description": "Default indicates that the scrape applies to all scrape objects that\ndon't configure an explicit scrape class name.\n\n\nOnly one scrape class can be set as the default.", + "description": "Default indicates that the scrape applies to all scrape objects that\ndon't configure an explicit scrape class name.\n\nOnly one scrape class can be set as the default.", "type": "boolean" }, "metricRelabelings": { - "description": "MetricRelabelings configures the relabeling rules to apply to all samples before ingestion.\n\n\nThe Operator adds the scrape class metric relabelings defined here.\nThen the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs.\nThen the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs", + "description": "MetricRelabelings configures the relabeling rules to apply to all samples before ingestion.\n\nThe Operator adds the scrape class metric relabelings defined here.\nThen the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs.\nThen the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -6247,7 +6881,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -6256,7 +6890,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -6273,7 +6907,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -6287,13 +6921,13 @@ "type": "string" }, "relabelings": { - "description": "Relabelings configures the relabeling rules to apply to all scrape targets.\n\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields\nlike `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`.\nThen the Operator adds the scrape class relabelings defined here.\nThen the Operator adds the target-specific relabelings defined in the scrape object.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "Relabelings configures the relabeling rules to apply to all scrape targets.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields\nlike `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`.\nThen the Operator adds the scrape class relabelings defined here.\nThen the Operator adds the target-specific relabelings defined in the scrape object.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -6321,7 +6955,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -6330,7 +6964,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -6347,7 +6981,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -6356,7 +6990,7 @@ "type": "array" }, "tlsConfig": { - "description": "TLSConfig defines the TLS settings to use for the scrape. When the\nscrape objects define their own CA, certificate and/or key, they take\nprecedence over the corresponding scrape class fields.\n\n\nFor now only the `caFile`, `certFile` and `keyFile` fields are supported.", + "description": "TLSConfig defines the TLS settings to use for the scrape. When the\nscrape objects define their own CA, certificate and/or key, they take\nprecedence over the corresponding scrape class fields.\n\nFor now only the `caFile`, `certFile` and `keyFile` fields are supported.", "properties": { "ca": { "description": "Certificate authority used when verifying server certificates.", @@ -6370,7 +7004,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6393,7 +7027,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6426,7 +7060,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6449,7 +7083,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6487,7 +7121,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6501,6 +7135,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -6521,7 +7175,7 @@ "x-kubernetes-list-type": "map" }, "scrapeConfigNamespaceSelector": { - "description": "Namespaces to match for ScrapeConfig discovery. An empty label selector\nmatches all namespaces. A null label selector matches the current\nnamespace only.\n\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level.", + "description": "Namespaces to match for ScrapeConfig discovery. An empty label selector\nmatches all namespaces. A null label selector matches the current\nnamespace only.\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -6566,7 +7220,7 @@ "x-kubernetes-map-type": "atomic" }, "scrapeConfigSelector": { - "description": "ScrapeConfigs to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.\n\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level.", + "description": "ScrapeConfigs to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -6612,12 +7266,12 @@ }, "scrapeInterval": { "default": "30s", - "description": "Interval between consecutive scrapes.\n\n\nDefault: \"30s\"", + "description": "Interval between consecutive scrapes.\n\nDefault: \"30s\"", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, "scrapeProtocols": { - "description": "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0.", + "description": "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", "items": { "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`", "enum": [ @@ -6641,7 +7295,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "set" }, "securityContext": { "description": "SecurityContext holds pod-level security attributes and common container settings.\nThis defaults to the default PodSecurityContext.", @@ -6664,7 +7319,7 @@ "type": "object" }, "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, @@ -6716,7 +7371,7 @@ "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -6726,7 +7381,7 @@ "type": "object" }, "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", "items": { "format": "int64", "type": "integer" @@ -6734,6 +7389,10 @@ "type": "array", "x-kubernetes-list-type": "atomic" }, + "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, "sysctls": { "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", "items": { @@ -6786,6 +7445,14 @@ "description": "ServiceAccountName is the name of the ServiceAccount to use to run the\nPrometheus Pods.", "type": "string" }, + "serviceDiscoveryRole": { + "description": "Defines the service discovery role used to discover targets from\n`ServiceMonitor` objects and Alertmanager endpoints.\n\nIf set, the value should be either \"Endpoints\" or \"EndpointSlice\".\nIf unset, the operator assumes the \"Endpoints\" role.", + "enum": [ + "Endpoints", + "EndpointSlice" + ], + "type": "string" + }, "serviceMonitorNamespaceSelector": { "description": "Namespaces to match for ServicedMonitors discovery. An empty label selector\nmatches all namespaces. A null label selector (default value) matches the current\nnamespace only.", "properties": { @@ -6832,7 +7499,7 @@ "x-kubernetes-map-type": "atomic" }, "serviceMonitorSelector": { - "description": "ServiceMonitors to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", + "description": "ServiceMonitors to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -6881,7 +7548,7 @@ "type": "string" }, "shards": { - "description": "Number of shards to distribute targets onto. `spec.replicas`\nmultiplied by `spec.shards` is the total number of Pods created.\n\n\nNote that scaling down shards will not reshard data onto remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\n\n\nSharding is performed on the content of the `__address__` target meta-label\nfor PodMonitors and ServiceMonitors and `__param_target__` for Probes.\n\n\nDefault: 1", + "description": "Number of shards to distribute targets onto. `spec.replicas`\nmultiplied by `spec.shards` is the total number of Pods created.\n\nNote that scaling down shards will not reshard data onto remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\n\nSharding is performed on the content of the `__address__` target meta-label\nfor PodMonitors and ServiceMonitors and `__param_target__` for Probes.\n\nDefault: 1", "format": "int32", "type": "integer" }, @@ -6919,7 +7586,7 @@ "description": "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes", "properties": { "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil.", + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { "metadata": { "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", @@ -7073,7 +7740,7 @@ "type": "string" }, "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { @@ -7279,7 +7946,7 @@ "type": "string" }, "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { @@ -7309,7 +7976,7 @@ "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", "type": "string" }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object", "x-kubernetes-map-type": "granular" }, @@ -7326,7 +7993,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object" }, "capacity": { @@ -7372,7 +8039,7 @@ "type": "string" }, "type": { - "description": "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type", + "description": "PersistentVolumeClaimConditionType defines the condition of PV claim.\nValid values are:\n - \"Resizing\", \"FileSystemResizePending\"\n\nIf RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:\n - \"ControllerResizeError\", \"NodeResizeError\"\n\nIf VolumeAttributesClass feature gate is enabled, then following additional values can be expected:\n - \"ModifyVolumeError\", \"ModifyingVolume\"", "type": "string" } }, @@ -7389,11 +8056,11 @@ "x-kubernetes-list-type": "map" }, "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "type": "string" }, "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "properties": { "status": { "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", @@ -7427,7 +8094,7 @@ "type": "string" }, "targetLimit": { - "description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit.", + "description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit.", "format": "int64", "type": "integer" }, @@ -7462,7 +8129,7 @@ }, "blockSize": { "default": "2h", - "description": "BlockDuration controls the size of TSDB blocks produced by Prometheus.\nThe default value is 2h to match the upstream Prometheus defaults.\n\n\nWARNING: Changing the block duration can impact the performance and\nefficiency of the entire Prometheus/Thanos stack due to how it interacts\nwith memory and Thanos compactors. It is recommended to keep this value\nset to a multiple of 120 times your longest scrape or rule interval. For\nexample, 30s * 120 = 1h.", + "description": "BlockDuration controls the size of TSDB blocks produced by Prometheus.\nThe default value is 2h to match the upstream Prometheus defaults.\n\nWARNING: Changing the block duration can impact the performance and\nefficiency of the entire Prometheus/Thanos stack due to how it interacts\nwith memory and Thanos compactors. It is recommended to keep this value\nset to a multiple of 120 times your longest scrape or rule interval. For\nexample, 30s * 120 = 1h.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, @@ -7477,11 +8144,11 @@ "type": "string" }, "grpcListenLocal": { - "description": "When true, the Thanos sidecar listens on the loopback interface instead\nof the Pod IP's address for the gRPC endpoints.\n\n\nIt has no effect if `listenLocal` is true.", + "description": "When true, the Thanos sidecar listens on the loopback interface instead\nof the Pod IP's address for the gRPC endpoints.\n\nIt has no effect if `listenLocal` is true.", "type": "boolean" }, "grpcServerTlsConfig": { - "description": "Configures the TLS parameters for the gRPC server providing the StoreAPI.\n\n\nNote: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported.", + "description": "Configures the TLS parameters for the gRPC server providing the StoreAPI.\n\nNote: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported.", "properties": { "ca": { "description": "Certificate authority used when verifying server certificates.", @@ -7495,7 +8162,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -7518,7 +8185,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -7551,7 +8218,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -7574,7 +8241,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -7612,7 +8279,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -7626,6 +8293,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -7634,11 +8321,11 @@ "type": "object" }, "httpListenLocal": { - "description": "When true, the Thanos sidecar listens on the loopback interface instead\nof the Pod IP's address for the HTTP endpoints.\n\n\nIt has no effect if `listenLocal` is true.", + "description": "When true, the Thanos sidecar listens on the loopback interface instead\nof the Pod IP's address for the HTTP endpoints.\n\nIt has no effect if `listenLocal` is true.", "type": "boolean" }, "image": { - "description": "Container image name for Thanos. If specified, it takes precedence over\nthe `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha`\nfields.\n\n\nSpecifying `spec.thanos.version` is still necessary to ensure the\nPrometheus Operator knows which version of Thanos is being configured.\n\n\nIf neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined,\nthe operator will use the latest upstream version of Thanos available at\nthe time when the operator was released.", + "description": "Container image name for Thanos. If specified, it takes precedence over\nthe `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha`\nfields.\n\nSpecifying `spec.thanos.version` is still necessary to ensure the\nPrometheus Operator knows which version of Thanos is being configured.\n\nIf neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined,\nthe operator will use the latest upstream version of Thanos available at\nthe time when the operator was released.", "type": "string" }, "listenLocal": { @@ -7670,7 +8357,7 @@ "type": "string" }, "objectStorageConfig": { - "description": "Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage.\n\n\nMore info: https://thanos.io/tip/thanos/storage.md/\n\n\nobjectStorageConfigFile takes precedence over this field.", + "description": "Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage.\n\nMore info: https://thanos.io/tip/thanos/storage.md/\n\nobjectStorageConfigFile takes precedence over this field.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", @@ -7678,7 +8365,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -7693,7 +8380,7 @@ "x-kubernetes-map-type": "atomic" }, "objectStorageConfigFile": { - "description": "Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage.\n\n\nMore info: https://thanos.io/tip/thanos/storage.md/\n\n\nThis field takes precedence over objectStorageConfig.", + "description": "Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage.\n\nMore info: https://thanos.io/tip/thanos/storage.md/\n\nThis field takes precedence over objectStorageConfig.", "type": "string" }, "readyTimeout": { @@ -7705,13 +8392,17 @@ "description": "Defines the resources requests and limits of the Thanos sidecar.", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -7769,7 +8460,7 @@ "type": "string" }, "tracingConfig": { - "description": "Defines the tracing configuration for the Thanos sidecar.\n\n\n`tracingConfigFile` takes precedence over this field.\n\n\nMore info: https://thanos.io/tip/thanos/tracing.md/\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "description": "Defines the tracing configuration for the Thanos sidecar.\n\n`tracingConfigFile` takes precedence over this field.\n\nMore info: https://thanos.io/tip/thanos/tracing.md/\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", @@ -7777,7 +8468,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -7792,11 +8483,11 @@ "x-kubernetes-map-type": "atomic" }, "tracingConfigFile": { - "description": "Defines the tracing configuration file for the Thanos sidecar.\n\n\nThis field takes precedence over `tracingConfig`.\n\n\nMore info: https://thanos.io/tip/thanos/tracing.md/\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "description": "Defines the tracing configuration file for the Thanos sidecar.\n\nThis field takes precedence over `tracingConfig`.\n\nMore info: https://thanos.io/tip/thanos/tracing.md/\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", "type": "string" }, "version": { - "description": "Version of Thanos being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\n\nIf not specified, the operator assumes the latest upstream release of\nThanos available at the time when the version of the operator was\nreleased.", + "description": "Version of Thanos being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\nIf not specified, the operator assumes the latest upstream release of\nThanos available at the time when the version of the operator was\nreleased.", "type": "string" }, "volumeMounts": { @@ -7821,7 +8512,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -7933,7 +8624,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", "items": { "type": "string" }, @@ -7946,16 +8637,16 @@ "type": "integer" }, "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", "format": "int32", "type": "integer" }, "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "topologyKey": { @@ -7977,7 +8668,7 @@ "type": "array" }, "tracingConfig": { - "description": "TracingConfig configures tracing in Prometheus.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "description": "TracingConfig configures tracing in Prometheus.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", "properties": { "clientType": { "description": "Client used to export the traces. Supported values are `http` or `grpc`.", @@ -8043,7 +8734,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -8066,7 +8757,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -8099,7 +8790,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -8122,7 +8813,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -8160,7 +8851,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -8174,6 +8865,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -8188,10 +8899,10 @@ "type": "object" }, "tsdb": { - "description": "Defines the runtime reloadable configuration of the timeseries database\n(TSDB).", + "description": "Defines the runtime reloadable configuration of the timeseries database(TSDB).\nIt requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.", "properties": { "outOfOrderTimeWindow": { - "description": "Configures how old an out-of-order/out-of-bounds sample can be with\nrespect to the TSDB max time.\n\n\nAn out-of-order/out-of-bounds sample is ingested into the TSDB as long as\nthe timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow).\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\n\nIt requires Prometheus >= v2.39.0.", + "description": "Configures how old an out-of-order/out-of-bounds sample can be with\nrespect to the TSDB max time.\n\nAn out-of-order/out-of-bounds sample is ingested into the TSDB as long as\nthe timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow).\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nIt requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" } @@ -8199,11 +8910,11 @@ "type": "object" }, "version": { - "description": "Version of Prometheus being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\n\nIf not specified, the operator assumes the latest upstream version of\nPrometheus available at the time when the version of the operator was\nreleased.", + "description": "Version of Prometheus being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\nIf not specified, the operator assumes the latest upstream version of\nPrometheus available at the time when the version of the operator was\nreleased.", "type": "string" }, "volumeMounts": { - "description": "VolumeMounts allows the configuration of additional VolumeMounts.\n\n\nVolumeMounts will be appended to other VolumeMounts in the 'prometheus'\ncontainer, that are generated as a result of StorageSpec objects.", + "description": "VolumeMounts allows the configuration of additional VolumeMounts.\n\nVolumeMounts will be appended to other VolumeMounts in the 'prometheus'\ncontainer, that are generated as a result of StorageSpec objects.", "items": { "description": "VolumeMount describes a mounting of a Volume within a container.", "properties": { @@ -8224,7 +8935,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -8253,7 +8964,7 @@ "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "properties": { "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" }, "partition": { @@ -8291,6 +9002,7 @@ "type": "string" }, "fsType": { + "default": "ext4", "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, @@ -8299,6 +9011,7 @@ "type": "string" }, "readOnly": { + "default": false, "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" } @@ -8359,7 +9072,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -8392,7 +9105,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -8447,7 +9160,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -8474,7 +9187,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -8605,10 +9318,10 @@ "type": "object" }, "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", "properties": { "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil.", + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { "metadata": { "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", @@ -8762,7 +9475,7 @@ "type": "string" }, "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { @@ -8789,7 +9502,7 @@ "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "properties": { "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "lun": { @@ -8847,7 +9560,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -8878,7 +9591,7 @@ "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "properties": { "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "partition": { @@ -8944,7 +9657,7 @@ "type": "object" }, "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write.", + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "properties": { "path": { "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", @@ -8960,6 +9673,20 @@ ], "type": "object" }, + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", + "properties": { + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string" + }, + "reference": { + "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + } + }, + "type": "object" + }, "iscsi": { "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", "properties": { @@ -8972,7 +9699,7 @@ "type": "boolean" }, "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", "type": "string" }, "initiatorName": { @@ -8984,6 +9711,7 @@ "type": "string" }, "iscsiInterface": { + "default": "default", "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", "type": "string" }, @@ -9009,7 +9737,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -9118,12 +9846,12 @@ "type": "integer" }, "sources": { - "description": "sources is the list of volume projections", + "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", "items": { - "description": "Projection that may be projected along with other supported volume types", + "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", "properties": { "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", "properties": { "labelSelector": { "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", @@ -9225,7 +9953,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -9347,7 +10075,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -9427,7 +10155,7 @@ "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", "properties": { "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", "type": "string" }, "image": { @@ -9435,6 +10163,7 @@ "type": "string" }, "keyring": { + "default": "/etc/ceph/keyring", "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, @@ -9447,6 +10176,7 @@ "x-kubernetes-list-type": "atomic" }, "pool": { + "default": "rbd", "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, @@ -9459,7 +10189,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -9467,6 +10197,7 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "default": "admin", "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } @@ -9481,6 +10212,7 @@ "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", "properties": { "fsType": { + "default": "xfs", "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", "type": "string" }, @@ -9501,7 +10233,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -9513,6 +10245,7 @@ "type": "boolean" }, "storageMode": { + "default": "ThinProvisioned", "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", "type": "string" }, @@ -9599,7 +10332,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -9651,7 +10384,7 @@ "type": "array" }, "walCompression": { - "description": "Configures compression of the write-ahead log (WAL) using Snappy.\n\n\nWAL compression is enabled by default for Prometheus >= 2.20.0\n\n\nRequires Prometheus v2.11.0 and above.", + "description": "Configures compression of the write-ahead log (WAL) using Snappy.\n\nWAL compression is enabled by default for Prometheus >= 2.20.0\n\nRequires Prometheus v2.11.0 and above.", "type": "boolean" }, "web": { @@ -9727,7 +10460,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -9750,7 +10483,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -9767,6 +10500,10 @@ }, "type": "object" }, + "certFile": { + "description": "Path to the TLS certificate file in the Prometheus container for the server.\nMutually exclusive with `cert`.", + "type": "string" + }, "cipherSuites": { "description": "List of supported cipher suites for TLS versions up to TLS 1.2. If empty,\nGo default cipher suites are used. Available cipher suites are documented\nin the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants", "items": { @@ -9778,6 +10515,10 @@ "description": "Server policy for client authentication. Maps to ClientAuth Policies.\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", "type": "string" }, + "clientCAFile": { + "description": "Path to the CA certificate file for client certificate authentication to the server.\nMutually exclusive with `client_ca`.", + "type": "string" + }, "client_ca": { "description": "Contains the CA certificate for client certificate authentication to the server.", "properties": { @@ -9790,7 +10531,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -9813,7 +10554,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -9837,6 +10578,10 @@ }, "type": "array" }, + "keyFile": { + "description": "Path to the TLS key file in the Prometheus container for the server.\nMutually exclusive with `keySecret`.", + "type": "string" + }, "keySecret": { "description": "Secret containing the TLS key for the server.", "properties": { @@ -9846,7 +10591,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -9873,10 +10618,6 @@ "type": "boolean" } }, - "required": [ - "cert", - "keySecret" - ], "type": "object" } }, diff --git a/jsonnet/prometheus-operator/prometheusrules-crd.json b/jsonnet/prometheus-operator/prometheusrules-crd.json index 3f88e8f9d23..3cd0894e82a 100644 --- a/jsonnet/prometheus-operator/prometheusrules-crd.json +++ b/jsonnet/prometheus-operator/prometheusrules-crd.json @@ -3,8 +3,8 @@ "kind": "CustomResourceDefinition", "metadata": { "annotations": { - "controller-gen.kubebuilder.io/version": "v0.15.0", - "operator.prometheus.io/version": "0.75.2" + "controller-gen.kubebuilder.io/version": "v0.16.4", + "operator.prometheus.io/version": "0.78.2" }, "name": "prometheusrules.monitoring.coreos.com" }, @@ -28,7 +28,7 @@ "name": "v1", "schema": { "openAPIV3Schema": { - "description": "PrometheusRule defines recording and alerting rules for a Prometheus instance", + "description": "The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects.\n\n`Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -68,6 +68,11 @@ "pattern": "^(?i)(abort|warn)?$", "type": "string" }, + "query_offset": { + "description": "Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past.\n\nIt requires Prometheus >= v2.53.0.\nIt is not supported for ThanosRuler.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, "rules": { "description": "List of alerting and recording rules.", "items": { diff --git a/jsonnet/prometheus-operator/scrapeconfigs-crd.json b/jsonnet/prometheus-operator/scrapeconfigs-crd.json index 761e17993b1..4f72eaaa02e 100644 --- a/jsonnet/prometheus-operator/scrapeconfigs-crd.json +++ b/jsonnet/prometheus-operator/scrapeconfigs-crd.json @@ -3,8 +3,8 @@ "kind": "CustomResourceDefinition", "metadata": { "annotations": { - "controller-gen.kubebuilder.io/version": "v0.15.0", - "operator.prometheus.io/version": "0.75.2" + "controller-gen.kubebuilder.io/version": "v0.16.4", + "operator.prometheus.io/version": "0.78.2" }, "name": "scrapeconfigs.monitoring.coreos.com" }, @@ -44,17 +44,177 @@ "spec": { "description": "ScrapeConfigSpec is a specification of the desired configuration for a scrape configuration.", "properties": { - "NomadSDConfigs": { - "description": "NomadSDConfigs defines a list of Nomad service discovery configurations.", + "authorization": { + "description": "Authorization header to use on every scrape request.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "azureSDConfigs": { + "description": "AzureSDConfigs defines a list of Azure service discovery configurations.", "items": { - "description": "NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config", + "description": "AzureSDConfig allow retrieving scrape targets from Azure VMs.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config", + "properties": { + "authenticationMethod": { + "description": "# The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`.\nSee https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview\nSDK authentication method uses environment variables by default.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication", + "enum": [ + "OAuth", + "ManagedIdentity", + "SDK" + ], + "type": "string" + }, + "clientID": { + "description": "Optional client ID. Only required with the OAuth authentication method.", + "type": "string" + }, + "clientSecret": { + "description": "Optional client secret. Only required with the OAuth authentication method.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "environment": { + "description": "The Azure environment.", + "type": "string" + }, + "port": { + "description": "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule.", + "type": "integer" + }, + "refreshInterval": { + "description": "RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "resourceGroup": { + "description": "Optional resource group name. Limits discovery to this resource group.", + "type": "string" + }, + "subscriptionID": { + "description": "The subscription ID. Always required.", + "minLength": 1, + "type": "string" + }, + "tenantID": { + "description": "Optional tenant ID. Only required with the OAuth authentication method.", + "type": "string" + } + }, + "required": [ + "subscriptionID" + ], + "type": "object" + }, + "type": "array" + }, + "basicAuth": { + "description": "BasicAuth information to use on every scrape request.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "consulSDConfigs": { + "description": "ConsulSDConfigs defines a list of Consul service discovery configurations.", + "items": { + "description": "ConsulSDConfig defines a Consul service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config", "properties": { "allowStale": { - "description": "The information to access the Nomad API. It is to be defined\nas the Nomad documentation requires.", + "description": "Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul.\nIf unset, Prometheus uses its default value.", "type": "boolean" }, "authorization": { - "description": "Authorization header to use on every scrape request.", + "description": "Authorization header configuration to authenticate against the Consul Server.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -65,7 +225,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -80,14 +240,14 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth information to use on every scrape request.", + "description": "BasicAuth information to authenticate against the Consul Server.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -98,7 +258,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -121,7 +281,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -138,23 +298,36 @@ }, "type": "object" }, + "datacenter": { + "description": "Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter.", + "type": "string" + }, "enableHTTP2": { - "description": "Whether to enable HTTP2.", + "description": "Whether to enable HTTP2.\nIf unset, Prometheus uses its default value.", "type": "boolean" }, "followRedirects": { - "description": "Configure whether HTTP requests follow HTTP 3xx redirects.", + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\nIf unset, Prometheus uses its default value.", "type": "boolean" }, "namespace": { + "description": "Namespaces are only supported in Consul Enterprise.", "type": "string" }, "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, + "nodeMeta": { + "additionalProperties": { + "type": "string" + }, + "description": "Node metadata key/value pairs to filter nodes for a given service.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "oauth2": { - "description": "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization` or `basic_auth`.", + "description": "Optional OAuth 2.0 configuration.", "properties": { "clientId": { "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", @@ -168,7 +341,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -191,7 +364,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -217,7 +390,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -238,6 +411,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -245,76 +462,264 @@ }, "type": "array" }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", + "insecureSkipVerify": { + "description": "Disable target certificate validation.", "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "partition": { + "description": "Admin Partitions are only supported in Consul Enterprise.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, "refreshInterval": { - "description": "Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function.\nSupported units: y, w, d, h, m, s, ms\nExamples: `30s`, `1m`, `1h20m15s`, `15d`", + "description": "The time after which the provided names are refreshed.\nOn large setup it might be a good idea to increase this value because the catalog will change all the time.\nIf unset, Prometheus uses its default value.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, - "region": { + "scheme": { + "description": "HTTP Scheme default \"http\"", + "enum": [ + "HTTP", + "HTTPS" + ], "type": "string" }, "server": { + "description": "A valid string consisting of a hostname or IP followed by an optional port number.", "minLength": 1, "type": "string" }, + "services": { + "description": "A list of services for which targets are retrieved. If omitted, all services are scraped.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "tagSeparator": { + "description": "The string by which Consul tags are joined into the tag label.\nIf unset, Prometheus uses its default value.", "type": "string" }, + "tags": { + "description": "An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "tlsConfig": { - "description": "TLS configuration applying to the target HTTP endpoint.", + "description": "TLS Config", "properties": { "ca": { "description": "Certificate authority used when verifying server certificates.", @@ -328,7 +733,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -351,7 +756,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -380,7 +785,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -403,7 +808,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -433,7 +838,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -447,74 +852,35 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" } }, "type": "object" - } - }, - "required": [ - "server" - ], - "type": "object" - }, - "type": "array" - }, - "authorization": { - "description": "Authorization header to use on every scrape request.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "azureSDConfigs": { - "description": "AzureSDConfigs defines a list of Azure service discovery configurations.", - "items": { - "description": "AzureSDConfig allow retrieving scrape targets from Azure VMs.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config", - "properties": { - "authenticationMethod": { - "description": "# The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`.\nSee https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview\nSDK authentication method uses environment variables by default.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication", - "enum": [ - "OAuth", - "ManagedIdentity", - "SDK" - ], - "type": "string" - }, - "clientID": { - "description": "Optional client ID. Only required with the OAuth authentication method.", - "type": "string" }, - "clientSecret": { - "description": "Optional client secret. Only required with the OAuth authentication method.", + "tokenRef": { + "description": "Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", @@ -522,7 +888,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -535,104 +901,22 @@ ], "type": "object", "x-kubernetes-map-type": "atomic" - }, - "environment": { - "description": "The Azure environment.", - "type": "string" - }, - "port": { - "description": "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule.", - "type": "integer" - }, - "refreshInterval": { - "description": "RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "resourceGroup": { - "description": "Optional resource group name. Limits discovery to this resource group.", - "type": "string" - }, - "subscriptionID": { - "description": "The subscription ID. Always required.", - "minLength": 1, - "type": "string" - }, - "tenantID": { - "description": "Optional tenant ID. Only required with the OAuth authentication method.", - "type": "string" } }, "required": [ - "subscriptionID" + "server" ], "type": "object" }, "type": "array" }, - "basicAuth": { - "description": "BasicAuth information to use on every scrape request.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "consulSDConfigs": { - "description": "ConsulSDConfigs defines a list of Consul service discovery configurations.", + "digitalOceanSDConfigs": { + "description": "DigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations.", "items": { - "description": "ConsulSDConfig defines a Consul service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config", + "description": "DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API.\nThis service discovery uses the public IPv4 address by default, by that can be changed with relabeling\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config", "properties": { - "allowStale": { - "description": "Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul.\nIf unset, Prometheus uses its default value.", - "type": "boolean" - }, "authorization": { - "description": "Authorization header configuration to authenticate against the Consul Server.", + "description": "Authorization header configuration to authenticate against the DigitalOcean API.\nCannot be set at the same time as `oauth2`.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -643,7 +927,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -658,94 +942,26 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, - "basicAuth": { - "description": "BasicAuth information to authenticate against the Consul Server.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "datacenter": { - "description": "Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter.", - "type": "string" - }, "enableHTTP2": { - "description": "Whether to enable HTTP2.\nIf unset, Prometheus uses its default value.", + "description": "Whether to enable HTTP2.", "type": "boolean" }, "followRedirects": { - "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\nIf unset, Prometheus uses its default value.", + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.", "type": "boolean" }, - "namespace": { - "description": "Namespaces are only supported in Consul Enterprise.", - "type": "string" - }, "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, - "nodeMeta": { - "additionalProperties": { - "type": "string" - }, - "description": "Node metadata key/value pairs to filter nodes for a given service.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, "oauth2": { - "description": "Optional OAuth 2.0 configuration.", + "description": "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`.", "properties": { "clientId": { "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", @@ -759,7 +975,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -782,7 +998,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -808,7 +1024,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -829,6 +1045,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -836,6 +1096,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -849,9 +1270,9 @@ ], "type": "object" }, - "partition": { - "description": "Admin Partitions are only supported in Consul Enterprise.", - "type": "string" + "port": { + "description": "The port to scrape metrics from.", + "type": "integer" }, "proxyConnectHeader": { "additionalProperties": { @@ -864,7 +1285,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -880,59 +1301,26 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, "refreshInterval": { - "description": "The time after which the provided names are refreshed.\nOn large setup it might be a good idea to increase this value because the catalog will change all the time.\nIf unset, Prometheus uses its default value.", + "description": "Refresh interval to re-read the instance list.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, - "scheme": { - "description": "HTTP Scheme default \"http\"", - "enum": [ - "HTTP", - "HTTPS" - ], - "type": "string" - }, - "server": { - "description": "A valid string consisting of a hostname or IP followed by an optional port number.", - "minLength": 1, - "type": "string" - }, - "services": { - "description": "A list of services for which targets are retrieved. If omitted, all services are scraped.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "tagSeparator": { - "description": "The string by which Consul tags are joined into the tag label.\nIf unset, Prometheus uses its default value.", - "type": "string" - }, - "tags": { - "description": "An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, "tlsConfig": { - "description": "TLS Config", + "description": "TLS configuration applying to the target HTTP endpoint.", "properties": { "ca": { "description": "Certificate authority used when verifying server certificates.", @@ -946,7 +1334,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -969,7 +1357,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -998,7 +1386,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1021,7 +1409,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1051,7 +1439,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1065,92 +1453,228 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenRef": { - "description": "Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" } }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" } }, - "required": [ - "server" - ], "type": "object" }, "type": "array" }, - "digitalOceanSDConfigs": { - "description": "DigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations.", + "dnsSDConfigs": { + "description": "DNSSDConfigs defines a list of DNS service discovery configurations.", "items": { - "description": "DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API.\nThis service discovery uses the public IPv4 address by default, by that can be changed with relabeling\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config", + "description": "DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets.\nThe DNS servers to be contacted are read from /etc/resolv.conf.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config", "properties": { - "authorization": { - "description": "Authorization header configuration to authenticate against the DigitalOcean API.\nCannot be set at the same time as `oauth2`.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", + "names": { + "description": "A list of DNS domain names to be queried.", + "items": { + "minLength": 1, + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "port": { + "description": "The port number used if the query type is not SRV\nIgnored for SRV records", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, + "refreshInterval": { + "description": "RefreshInterval configures the time after which the provided names are refreshed.\nIf not set, Prometheus uses its default value.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "type": { + "description": "The type of DNS query to perform. One of SRV, A, AAAA, MX or NS.\nIf not set, Prometheus uses its default value.\n\nWhen set to NS, it requires Prometheus >= v2.49.0.\nWhen set to MX, it requires Prometheus >= v2.38.0", + "enum": [ + "A", + "AAAA", + "MX", + "NS", + "SRV" + ], + "type": "string" + } + }, + "required": [ + "names" + ], + "type": "object" + }, + "type": "array" + }, + "dockerSDConfigs": { + "description": "DockerSDConfigs defines a list of Docker service discovery configurations.", + "items": { + "description": "Docker SD configurations allow retrieving scrape targets from Docker Engine hosts.\nThis SD discovers \"containers\" and will create a target for each network IP and\nport the container is configured to expose.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config", + "properties": { + "authorization": { + "description": "Authorization header configuration to authenticate against the Docker API.\nCannot be set at the same time as `oauth2`.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, + "basicAuth": { + "description": "BasicAuth information to use on every scrape request.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, "enableHTTP2": { "description": "Whether to enable HTTP2.", "type": "boolean" }, + "filters": { + "description": "Optional filters to limit the discovery process to a subset of the available resources.", + "items": { + "description": "Filter name and value pairs to limit the discovery process to a subset of available resources.", + "properties": { + "name": { + "description": "Name of the Filter.", + "type": "string" + }, + "values": { + "description": "Value to filter on.", + "items": { + "minLength": 1, + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "name", + "values" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "followRedirects": { "description": "Configure whether HTTP requests follow HTTP 3xx redirects.", "type": "boolean" }, + "host": { + "description": "Address of the docker daemon", + "minLength": 1, + "type": "string" + }, + "hostNetworkingHost": { + "description": "The host to use if the container is in host networking mode.", + "type": "string" + }, + "matchFirstNetwork": { + "description": "Configure whether to match the first network if the container has multiple networks defined.\nIf unset, Prometheus uses true by default.\nIt requires Prometheus >= v2.54.1.", + "type": "boolean" + }, "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, "oauth2": { @@ -1168,7 +1692,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1191,7 +1715,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1217,7 +1741,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1238,6 +1762,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -1245,6 +1813,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -1273,7 +2002,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1289,21 +2018,21 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, "refreshInterval": { - "description": "Refresh interval to re-read the instance list.", + "description": "Time after which the container is refreshed.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, @@ -1322,7 +2051,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1345,7 +2074,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1374,7 +2103,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1397,7 +2126,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1427,7 +2156,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1441,6 +2170,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -1449,58 +2198,20 @@ "type": "object" } }, + "required": [ + "host" + ], "type": "object" }, "type": "array" }, - "dnsSDConfigs": { - "description": "DNSSDConfigs defines a list of DNS service discovery configurations.", + "dockerSwarmSDConfigs": { + "description": "DockerswarmSDConfigs defines a list of Dockerswarm service discovery configurations.", "items": { - "description": "DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets.\nThe DNS servers to be contacted are read from /etc/resolv.conf.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config", - "properties": { - "names": { - "description": "A list of DNS domain names to be queried.", - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "port": { - "description": "The port number used if the query type is not SRV\nIgnored for SRV records", - "type": "integer" - }, - "refreshInterval": { - "description": "RefreshInterval configures the time after which the provided names are refreshed.\nIf not set, Prometheus uses its default value.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "type": { - "description": "The type of DNS query to perform. One of SRV, A, AAAA, MX or NS.\nIf not set, Prometheus uses its default value.\n\n\nWhen set to NS, It requires Prometheus >= 2.49.0.", - "enum": [ - "SRV", - "A", - "AAAA", - "MX", - "NS" - ], - "type": "string" - } - }, - "required": [ - "names" - ], - "type": "object" - }, - "type": "array" - }, - "dockerSDConfigs": { - "description": "DockerSDConfigs defines a list of Docker service discovery configurations.", - "items": { - "description": "Docker SD configurations allow retrieving scrape targets from Docker Engine hosts.\nThis SD discovers \"containers\" and will create a target for each network IP and\nport the container is configured to expose.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config", + "description": "DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config", "properties": { "authorization": { - "description": "Authorization header configuration to authenticate against the Docker API.\nCannot be set at the same time as `oauth2`.", + "description": "Authorization header configuration to authenticate against the target HTTP endpoint.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -1511,7 +2222,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1526,14 +2237,14 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth information to use on every scrape request.", + "description": "Optional HTTP basic authentication information.", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -1544,7 +2255,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1567,7 +2278,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1589,18 +2300,23 @@ "type": "boolean" }, "filters": { - "description": "Optional filters to limit the discovery process to a subset of the available resources.", + "description": "Optional filters to limit the discovery process to a subset of available\nresources.\nThe available filters are listed in the upstream documentation:\nServices: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList\nTasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList\nNodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList", "items": { - "description": "DockerFilter is the configuration to limit the discovery process to a subset of available resources.", + "description": "Filter name and value pairs to limit the discovery process to a subset of available resources.", "properties": { "name": { + "description": "Name of the Filter.", "type": "string" }, "values": { + "description": "Value to filter on.", "items": { + "minLength": 1, "type": "string" }, - "type": "array" + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" } }, "required": [ @@ -1609,27 +2325,27 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, "followRedirects": { "description": "Configure whether HTTP requests follow HTTP 3xx redirects.", "type": "boolean" }, "host": { - "description": "Address of the docker daemon", - "minLength": 1, - "type": "string" - }, - "hostNetworkingHost": { - "description": "The host to use if the container is in host networking mode.", + "description": "Address of the Docker daemon", + "pattern": "^[a-zA-Z][a-zA-Z0-9+.-]*://.+$", "type": "string" }, "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, "oauth2": { - "description": "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`.", + "description": "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`.", "properties": { "clientId": { "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", @@ -1643,7 +2359,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1666,7 +2382,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1692,7 +2408,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1713,6 +2429,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -1720,6 +2480,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -1734,7 +2655,10 @@ "type": "object" }, "port": { - "description": "The port to scrape metrics from.", + "description": "The port to scrape metrics from, when `role` is nodes, and for discovered\ntasks and services that don't have published ports.", + "format": "int32", + "maximum": 65535, + "minimum": 0, "type": "integer" }, "proxyConnectHeader": { @@ -1748,7 +2672,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1764,26 +2688,35 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, "refreshInterval": { - "description": "Time after which the container is refreshed.", + "description": "The time after which the service discovery data is refreshed.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, + "role": { + "description": "Role of the targets to retrieve. Must be `Services`, `Tasks`, or `Nodes`.", + "enum": [ + "Services", + "Tasks", + "Nodes" + ], + "type": "string" + }, "tlsConfig": { - "description": "TLS configuration applying to the target HTTP endpoint.", + "description": "TLS configuration to use on every scrape request", "properties": { "ca": { "description": "Certificate authority used when verifying server certificates.", @@ -1797,7 +2730,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1820,7 +2753,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1849,7 +2782,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1872,7 +2805,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1902,7 +2835,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1916,6 +2849,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -1925,122 +2878,63 @@ } }, "required": [ - "host" + "host", + "role" ], "type": "object" }, "type": "array" }, - "dockerSwarmSDConfigs": { - "description": "DockerswarmSDConfigs defines a list of Dockerswarm service discovery configurations.", + "ec2SDConfigs": { + "description": "EC2SDConfigs defines a list of EC2 service discovery configurations.", "items": { - "description": "DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config", + "description": "EC2SDConfig allow retrieving scrape targets from AWS EC2 instances.\nThe private IP address is used by default, but may be changed to the public IP address with relabeling.\nThe IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config\n\nThe EC2 service discovery requires AWS API keys or role ARN for authentication.\nBasicAuth, Authorization and OAuth2 fields are not present on purpose.", "properties": { - "authorization": { - "description": "Authorization header configuration to authenticate against the target HTTP endpoint.", + "accessKey": { + "description": "AccessKey is the AWS API key.", "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "Optional HTTP basic authentication information.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, "enableHTTP2": { - "description": "Whether to enable HTTP2.", + "description": "Whether to enable HTTP2.\nIt requires Prometheus >= v2.41.0", "type": "boolean" }, "filters": { - "description": "Optional filters to limit the discovery process to a subset of available\nresources.\nThe available filters are listed in the upstream documentation:\nServices: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList\nTasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList\nNodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList", + "description": "Filters can be used optionally to filter the instance list by other criteria.\nAvailable filter criteria can be found here:\nhttps://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html\nFilter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html\nIt requires Prometheus >= v2.3.0", "items": { - "description": "Filter is the configuration to limit the discovery process to a subset of available resources.", + "description": "Filter name and value pairs to limit the discovery process to a subset of available resources.", "properties": { "name": { - "description": "Name is the key of the field to check against.", + "description": "Name of the Filter.", "type": "string" }, "values": { - "description": "Values is the value or set of values to check for a match.", + "description": "Value to filter on.", "items": { + "minLength": 1, "type": "string" }, "minItems": 1, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "set" } }, "required": [ @@ -2049,128 +2943,22 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, "followRedirects": { - "description": "Configure whether HTTP requests follow HTTP 3xx redirects.", + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\nIt requires Prometheus >= v2.41.0", "type": "boolean" }, - "host": { - "description": "Address of the Docker daemon", - "pattern": "^[a-zA-Z][a-zA-Z0-9+.-]*://.+$", - "type": "string" - }, "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, - "oauth2": { - "description": "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, "port": { - "description": "The port to scrape metrics from, when `role` is nodes, and for discovered\ntasks and services that don't have published ports.", + "description": "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule.", "format": "int32", "maximum": 65535, "minimum": 0, @@ -2187,7 +2975,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2203,35 +2991,59 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, "refreshInterval": { - "description": "The time after which the service discovery data is refreshed.", + "description": "RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, - "role": { - "description": "Role of the targets to retrieve. Must be `Services`, `Tasks`, or `Nodes`.", - "enum": [ - "Services", - "Tasks", - "Nodes" - ], + "region": { + "description": "The AWS region.", + "minLength": 1, + "type": "string" + }, + "roleARN": { + "description": "AWS Role ARN, an alternative to using AWS API keys.", + "minLength": 1, "type": "string" }, + "secretKey": { + "description": "SecretKey is the AWS API secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "tlsConfig": { - "description": "TLS configuration to use on every scrape request", + "description": "TLS configuration to connect to the AWS EC2 API.\nIt requires Prometheus >= v2.41.0", "properties": { "ca": { "description": "Certificate authority used when verifying server certificates.", @@ -2245,7 +3057,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2268,7 +3080,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2297,7 +3109,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2320,7 +3132,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2350,7 +3162,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2364,112 +3176,32 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "host", - "role" - ], - "type": "object" - }, - "type": "array" - }, - "ec2SDConfigs": { - "description": "EC2SDConfigs defines a list of EC2 service discovery configurations.", - "items": { - "description": "EC2SDConfig allow retrieving scrape targets from AWS EC2 instances.\nThe private IP address is used by default, but may be changed to the public IP address with relabeling.\nThe IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config", - "properties": { - "accessKey": { - "description": "AccessKey is the AWS API key.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "filters": { - "description": "Filters can be used optionally to filter the instance list by other criteria.\nAvailable filter criteria can be found here:\nhttps://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html\nFilter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html", - "items": { - "description": "EC2Filter is the configuration for filtering EC2 instances.", - "properties": { - "name": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "name", - "values" - ], - "type": "object" - }, - "type": "array" - }, - "port": { - "description": "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule.", - "type": "integer" - }, - "refreshInterval": { - "description": "RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "region": { - "description": "The AWS region", - "type": "string" - }, - "roleARN": { - "description": "AWS Role ARN, an alternative to using AWS API keys.", - "type": "string" - }, - "secretKey": { - "description": "SecretKey is the AWS API secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "serverName": { + "description": "Used to verify the hostname for the targets.", "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" } }, "type": "object" @@ -2477,7 +3209,7 @@ "type": "array" }, "enableCompression": { - "description": "When false, Prometheus will request uncompressed response from the scraped target.\n\n\nIt requires Prometheus >= v2.49.0.\n\n\nIf unset, Prometheus uses true by default.", + "description": "When false, Prometheus will request uncompressed response from the scraped target.\n\nIt requires Prometheus >= v2.49.0.\n\nIf unset, Prometheus uses true by default.", "type": "boolean" }, "eurekaSDConfigs": { @@ -2497,7 +3229,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2512,7 +3244,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -2530,7 +3262,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2553,7 +3285,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2579,7 +3311,7 @@ "type": "boolean" }, "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, "oauth2": { @@ -2597,7 +3329,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2620,7 +3352,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2646,7 +3378,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2667,12 +3399,217 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", @@ -2698,7 +3635,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2714,16 +3651,16 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, @@ -2752,7 +3689,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2775,7 +3712,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2804,7 +3741,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2827,7 +3764,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2857,7 +3794,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2871,6 +3808,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -2899,7 +3856,8 @@ "type": "string" }, "minItems": 1, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "set" }, "refreshInterval": { "description": "RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files.", @@ -2917,7 +3875,7 @@ "gceSDConfigs": { "description": "GCESDConfigs defines a list of GCE service discovery configurations.", "items": { - "description": "GCESDConfig configures scrape targets from GCP GCE instances.\nThe private IP address is used by default, but may be changed to\nthe public IP address with relabeling.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config\n\n\nThe GCE service discovery will load the Google Cloud credentials\nfrom the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.\nSee https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform\n\n\nA pre-requisite for using GCESDConfig is that a Secret containing valid\nGoogle Cloud credentials is mounted into the Prometheus or PrometheusAgent\npod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS\nenvironment variable is set to /etc/prometheus/secrets//.", + "description": "GCESDConfig configures scrape targets from GCP GCE instances.\nThe private IP address is used by default, but may be changed to\nthe public IP address with relabeling.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config\n\nThe GCE service discovery will load the Google Cloud credentials\nfrom the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.\nSee https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform\n\nA pre-requisite for using GCESDConfig is that a Secret containing valid\nGoogle Cloud credentials is mounted into the Prometheus or PrometheusAgent\npod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS\nenvironment variable is set to /etc/prometheus/secrets//.", "properties": { "filter": { "description": "Filter can be used optionally to filter the instance list by other criteria\nSyntax of this filter is described in the filter query parameter section:\nhttps://cloud.google.com/compute/docs/reference/latest/instances/list", @@ -2972,7 +3930,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2987,7 +3945,7 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -3005,7 +3963,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3028,7 +3986,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3054,7 +4012,7 @@ "type": "boolean" }, "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, "oauth2": { @@ -3072,7 +4030,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3095,7 +4053,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3121,7 +4079,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3142,6 +4100,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -3149,6 +4151,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -3177,7 +4340,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3193,16 +4356,16 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, @@ -3236,7 +4399,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3259,7 +4422,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3288,7 +4451,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3311,7 +4474,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3341,7 +4504,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3355,6 +4518,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -3384,7 +4567,7 @@ "description": "HTTPSDConfig defines a prometheus HTTP service discovery configuration\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config", "properties": { "authorization": { - "description": "Authorization header configuration to authenticate against the target HTTP endpoint.", + "description": "Authorization header configuration to authenticate against the target HTTP endpoint.\nCannot be set at the same time as `oAuth2`, or `basicAuth`.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -3395,7 +4578,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3410,14 +4593,14 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth information to authenticate against the target HTTP endpoint.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints", + "description": "BasicAuth information to authenticate against the target HTTP endpoint.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints\nCannot be set at the same time as `authorization`, or `oAuth2`.", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -3428,7 +4611,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3451,7 +4634,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3468,60 +4651,23 @@ }, "type": "object" }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "enableHTTP2": { + "description": "Whether to enable HTTP2.", "type": "boolean" }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", - "pattern": "^http(s)?://.+$", - "type": "string" + "followRedirects": { + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.", + "type": "boolean" }, - "refreshInterval": { - "description": "RefreshInterval configures the refresh interval at which Prometheus will re-query the\nendpoint to update the target list.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, - "tlsConfig": { - "description": "TLS configuration applying to the target HTTP endpoint.", + "oauth2": { + "description": "Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint.\nCannot be set at the same time as `authorization`, or `basicAuth`.", "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -3532,7 +4678,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3555,7 +4701,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3572,34 +4718,44 @@ }, "type": "object" }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "secret": { - "description": "Secret containing data to use for the targets.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", @@ -3607,7 +4763,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3620,125 +4776,207 @@ ], "type": "object", "x-kubernetes-map-type": "atomic" - } + }, + "type": "array" }, - "type": "object" + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", + "insecureSkipVerify": { + "description": "Disable target certificate validation.", "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "url": { - "description": "URL from which the targets are fetched.", - "minLength": 1, - "pattern": "^http(s)?://.+$", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "type": "array" - }, - "jobName": { - "description": "The value of the `job` label assigned to the scraped metrics by default.\n\n\nThe `job_name` field in the rendered scrape configuration is always controlled by the\noperator to prevent duplicate job names, which Prometheus does not allow. Instead the\n`job` label is set by means of relabeling configs.", - "minLength": 1, - "type": "string" - }, - "keepDroppedTargets": { - "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0.", - "format": "int64", - "type": "integer" - }, - "kubernetesSDConfigs": { - "description": "KubernetesSDConfigs defines a list of Kubernetes service discovery configurations.", - "items": { - "description": "KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config", - "properties": { - "apiServer": { - "description": "The API server address consisting of a hostname or IP address followed\nby an optional port number.\nIf left empty, Prometheus is assumed to run inside\nof the cluster. It will discover API servers automatically and use the pod's\nCA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.", - "type": "string" - }, - "attachMetadata": { - "description": "Optional metadata to attach to discovered targets.\nIt requires Prometheus >= v2.35.0 for `pod` role and\nPrometheus >= v2.37.0 for `endpoints` and `endpointslice` roles.", - "properties": { - "node": { - "description": "Attaches node metadata to discovered targets.\nWhen set to true, Prometheus must have the `get` permission on the\n`Nodes` objects.\nOnly valid for Pod, Endpoint and Endpointslice roles.", - "type": "boolean" - } - }, - "type": "object" - }, - "authorization": { - "description": "Authorization header to use on every scrape request.\nCannot be set at the same time as `basicAuth`, or `oauth2`.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" } }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, "type": "string" } }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], "type": "object" }, - "basicAuth": { - "description": "BasicAuth information to use on every scrape request.\nCannot be set at the same time as `authorization`, or `oauth2`.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", @@ -3746,7 +4984,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3760,66 +4998,31 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "type": "array" }, - "type": "object" - }, - "enableHTTP2": { - "description": "Whether to enable HTTP2.", - "type": "boolean" + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "followRedirects": { - "description": "Configure whether HTTP requests follow HTTP 3xx redirects.", + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, - "namespaces": { - "description": "Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces.", - "properties": { - "names": { - "description": "List of namespaces where to watch for resources.\nIf empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces.", - "items": { - "type": "string" - }, - "type": "array" - }, - "ownNamespace": { - "description": "Includes the namespace in which the Prometheus pod exists to the list of watched namesapces.", - "type": "boolean" - } - }, - "type": "object" + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "refreshInterval": { + "description": "RefreshInterval configures the refresh interval at which Prometheus will re-query the\nendpoint to update the target list.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, - "oauth2": { - "description": "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`.", + "tlsConfig": { + "description": "TLS configuration applying to the target HTTP endpoint.", "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "ca": { + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -3830,7 +5033,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3853,7 +5056,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3870,56 +5073,188 @@ }, "type": "object" }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "cert": { + "description": "Client certificate to present when doing client-authentication.", "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "url": { + "description": "URL from which the targets are fetched.", + "minLength": 1, + "pattern": "^http(s)?://.+$", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "type": "array" + }, + "ionosSDConfigs": { + "description": "IonosSDConfigs defines a list of IONOS service discovery configurations.", + "items": { + "description": "IonosSDConfig configurations allow retrieving scrape targets from IONOS resources.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config", + "properties": { + "authorization": { + "description": "Authorization` header configuration, required when using IONOS.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": "array" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], "type": "object" }, + "datacenterID": { + "description": "The unique ID of the IONOS data center.", + "minLength": 1, + "type": "string" + }, + "enableHTTP2": { + "description": "Configure whether to enable HTTP2.", + "type": "boolean" + }, + "followRedirects": { + "description": "Configure whether the HTTP requests should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "port": { + "description": "Port to scrape the metrics from.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "proxyConnectHeader": { "additionalProperties": { "items": { @@ -3931,7 +5266,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3947,80 +5282,26 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, - "role": { - "description": "Role of the Kubernetes entities that should be discovered.", - "enum": [ - "Node", - "node", - "Service", - "service", - "Pod", - "pod", - "Endpoints", - "endpoints", - "EndpointSlice", - "endpointslice", - "Ingress", - "ingress" - ], + "refreshInterval": { + "description": "Refresh interval to re-read the list of resources.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, - "selectors": { - "description": "Selector to select objects.", - "items": { - "description": "K8SSelectorConfig is Kubernetes Selector Config", - "properties": { - "field": { - "type": "string" - }, - "label": { - "type": "string" - }, - "role": { - "description": "Role is role of the service in Kubernetes.", - "enum": [ - "Node", - "node", - "Service", - "service", - "Pod", - "pod", - "Endpoints", - "endpoints", - "EndpointSlice", - "endpointslice", - "Ingress", - "ingress" - ], - "type": "string" - } - }, - "required": [ - "role" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "role" - ], - "x-kubernetes-list-type": "map" - }, "tlsConfig": { - "description": "TLS configuration to use on every scrape request.", + "description": "TLS configuration to use when connecting to the IONOS API.", "properties": { "ca": { "description": "Certificate authority used when verifying server certificates.", @@ -4034,7 +5315,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4057,7 +5338,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4086,7 +5367,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4109,7 +5390,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4139,7 +5420,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4153,6 +5434,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -4162,19 +5463,45 @@ } }, "required": [ - "role" + "authorization", + "datacenterID" ], "type": "object" }, "type": "array" }, - "kumaSDConfigs": { - "description": "KumaSDConfigs defines a list of Kuma service discovery configurations.", + "jobName": { + "description": "The value of the `job` label assigned to the scraped metrics by default.\n\nThe `job_name` field in the rendered scrape configuration is always controlled by the\noperator to prevent duplicate job names, which Prometheus does not allow. Instead the\n`job` label is set by means of relabeling configs.", + "minLength": 1, + "type": "string" + }, + "keepDroppedTargets": { + "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.", + "format": "int64", + "type": "integer" + }, + "kubernetesSDConfigs": { + "description": "KubernetesSDConfigs defines a list of Kubernetes service discovery configurations.", "items": { - "description": "KumaSDConfig allow retrieving scrape targets from Kuma's control plane.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config", + "description": "KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config", "properties": { + "apiServer": { + "description": "The API server address consisting of a hostname or IP address followed\nby an optional port number.\nIf left empty, Prometheus is assumed to run inside\nof the cluster. It will discover API servers automatically and use the pod's\nCA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.", + "minLength": 1, + "type": "string" + }, + "attachMetadata": { + "description": "Optional metadata to attach to discovered targets.\nIt requires Prometheus >= v2.35.0 when using the `Pod` role and\nPrometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles.", + "properties": { + "node": { + "description": "Attaches node metadata to discovered targets.\nWhen set to true, Prometheus must have the `get` permission on the\n`Nodes` objects.\nOnly valid for Pod, Endpoint and Endpointslice roles.", + "type": "boolean" + } + }, + "type": "object" + }, "authorization": { - "description": "Authorization header to use on every scrape request.", + "description": "Authorization header to use on every scrape request.\nCannot be set at the same time as `basicAuth`, or `oauth2`.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -4185,7 +5512,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4200,14 +5527,14 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth information to use on every scrape request.", + "description": "BasicAuth information to use on every scrape request.\nCannot be set at the same time as `authorization`, or `oauth2`.", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -4218,7 +5545,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4241,7 +5568,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4258,25 +5585,34 @@ }, "type": "object" }, - "clientID": { - "description": "Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend.", - "type": "string" - }, "enableHTTP2": { "description": "Whether to enable HTTP2.", "type": "boolean" }, - "fetchTimeout": { - "description": "The time after which the monitoring assignments are refreshed.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, "followRedirects": { "description": "Configure whether HTTP requests follow HTTP 3xx redirects.", "type": "boolean" }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "namespaces": { + "description": "Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces.", + "properties": { + "names": { + "description": "List of namespaces where to watch for resources.\nIf empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "ownNamespace": { + "description": "Includes the namespace in which the Prometheus pod runs to the list of watched namespaces.", + "type": "boolean" + } + }, + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, "oauth2": { @@ -4294,7 +5630,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4317,7 +5653,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4343,7 +5679,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4364,6 +5700,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -4371,6 +5751,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -4395,7 +5936,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4411,31 +5952,72 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, - "refreshInterval": { - "description": "The time to wait between polling update requests.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "role": { + "description": "Role of the Kubernetes entities that should be discovered.\nRole `Endpointslice` requires Prometheus >= v2.21.0", + "enum": [ + "Pod", + "Endpoints", + "Ingress", + "Service", + "Node", + "EndpointSlice" + ], "type": "string" }, - "server": { - "description": "Address of the Kuma Control Plane's MADS xDS server.", - "minLength": 1, - "type": "string" + "selectors": { + "description": "Selector to select objects.\nIt requires Prometheus >= v2.17.0", + "items": { + "description": "K8SSelectorConfig is Kubernetes Selector Config", + "properties": { + "field": { + "description": "An optional field selector to limit the service discovery to resources which have fields with specific values.\ne.g: `metadata.name=foobar`", + "minLength": 1, + "type": "string" + }, + "label": { + "description": "An optional label selector to limit the service discovery to resources with specific labels and label values.\ne.g: `node.kubernetes.io/instance-type=master`", + "minLength": 1, + "type": "string" + }, + "role": { + "description": "Role specifies the type of Kubernetes resource to limit the service discovery to.\nAccepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress.", + "enum": [ + "Pod", + "Endpoints", + "Ingress", + "Service", + "Node", + "EndpointSlice" + ], + "type": "string" + } + }, + "required": [ + "role" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "role" + ], + "x-kubernetes-list-type": "map" }, "tlsConfig": { - "description": "TLS configuration to use on every scrape request", + "description": "TLS configuration to connect to the Kubernetes API.", "properties": { "ca": { "description": "Certificate authority used when verifying server certificates.", @@ -4449,7 +6031,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4472,7 +6054,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4501,7 +6083,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4524,7 +6106,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4554,7 +6136,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4568,6 +6150,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -4577,57 +6179,19 @@ } }, "required": [ - "server" + "role" ], "type": "object" }, "type": "array" }, - "labelLimit": { - "description": "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", - "format": "int64", - "type": "integer" - }, - "labelNameLengthLimit": { - "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", - "format": "int64", - "type": "integer" - }, - "labelValueLengthLimit": { - "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", - "format": "int64", - "type": "integer" - }, - "lightSailSDConfigs": { - "description": "LightsailSDConfigs defines a list of Lightsail service discovery configurations.", + "kumaSDConfigs": { + "description": "KumaSDConfigs defines a list of Kuma service discovery configurations.", "items": { - "description": "LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config\nTODO: Need to document that we will not be supporting the `_file` fields.", + "description": "KumaSDConfig allow retrieving scrape targets from Kuma's control plane.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config", "properties": { - "accessKey": { - "description": "AccessKey is the AWS API key.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, "authorization": { - "description": "Optional `authorization` HTTP header configuration.\nCannot be set at the same time as `basicAuth`, or `oauth2`.", + "description": "Authorization header to use on every scrape request.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -4638,7 +6202,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4653,14 +6217,14 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "Optional HTTP basic authentication information.\nCannot be set at the same time as `authorization`, or `oauth2`.", + "description": "BasicAuth information to use on every scrape request.", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -4671,7 +6235,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4694,7 +6258,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4711,25 +6275,29 @@ }, "type": "object" }, + "clientID": { + "description": "Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend.", + "type": "string" + }, "enableHTTP2": { - "description": "Configure whether to enable HTTP2.", + "description": "Whether to enable HTTP2.", "type": "boolean" }, - "endpoint": { - "description": "Custom endpoint to be used.", - "minLength": 1, + "fetchTimeout": { + "description": "The time after which the monitoring assignments are refreshed.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, "followRedirects": { - "description": "Configure whether the HTTP requests should follow HTTP 3xx redirects.", + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.", "type": "boolean" }, "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, "oauth2": { - "description": "Optional OAuth2.0 configuration.\nCannot be set at the same time as `basicAuth`, or `authorization`.", + "description": "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization`, or `basicAuth`.", "properties": { "clientId": { "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", @@ -4743,7 +6311,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4766,7 +6334,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4792,7 +6360,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4813,6 +6381,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -4820,25 +6432,179 @@ }, "type": "array" }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "port": { - "description": "Port to scrape the metrics from.\nIf using the public IP address, this must instead be specified in the relabeling rule.", - "format": "int32", - "maximum": 65535, - "minimum": 0, - "type": "integer" + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" }, "proxyConnectHeader": { "additionalProperties": { @@ -4851,7 +6617,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4867,58 +6633,31 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, "refreshInterval": { - "description": "Refresh interval to re-read the list of instances.", + "description": "The time to wait between polling update requests.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, - "region": { - "description": "The AWS region.", + "server": { + "description": "Address of the Kuma Control Plane's MADS xDS server.", "minLength": 1, "type": "string" }, - "roleARN": { - "description": "AWS Role ARN, an alternative to using AWS API keys.", - "type": "string" - }, - "secretKey": { - "description": "SecretKey is the AWS API secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, "tlsConfig": { - "description": "TLS configuration to connect to the Puppet DB.", + "description": "TLS configuration to use on every scrape request", "properties": { "ca": { "description": "Certificate authority used when verifying server certificates.", @@ -4932,7 +6671,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4955,7 +6694,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4984,7 +6723,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5007,7 +6746,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5037,7 +6776,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5051,6 +6790,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -5059,17 +6818,58 @@ "type": "object" } }, + "required": [ + "server" + ], "type": "object" }, "type": "array" }, - "linodeSDConfigs": { - "description": "LinodeSDConfigs defines a list of Linode service discovery configurations.", + "labelLimit": { + "description": "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "labelNameLengthLimit": { + "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "labelValueLengthLimit": { + "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "lightSailSDConfigs": { + "description": "LightsailSDConfigs defines a list of Lightsail service discovery configurations.", "items": { - "description": "LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config", + "description": "LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config", "properties": { + "accessKey": { + "description": "AccessKey is the AWS API key.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "authorization": { - "description": "Authorization header configuration.", + "description": "Optional `authorization` HTTP header configuration.\nCannot be set at the same time as `basicAuth`, or `oauth2`.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -5080,7 +6880,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5095,26 +6895,83 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, + "basicAuth": { + "description": "Optional HTTP basic authentication information.\nCannot be set at the same time as `authorization`, or `oauth2`.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, "enableHTTP2": { - "description": "Whether to enable HTTP2.", + "description": "Configure whether to enable HTTP2.", "type": "boolean" }, + "endpoint": { + "description": "Custom endpoint to be used.", + "minLength": 1, + "type": "string" + }, "followRedirects": { - "description": "Configure whether HTTP requests follow HTTP 3xx redirects.", + "description": "Configure whether the HTTP requests should follow HTTP 3xx redirects.", "type": "boolean" }, "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, "oauth2": { - "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as `authorization`.", + "description": "Optional OAuth2.0 configuration.\nCannot be set at the same time as `basicAuth`, or `authorization`.", "properties": { "clientId": { "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", @@ -5128,7 +6985,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5151,7 +7008,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5177,7 +7034,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5198,6 +7055,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -5205,21 +7106,182 @@ }, "type": "array" }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, "port": { - "description": "Default port to scrape metrics from.", + "description": "Port to scrape the metrics from.\nIf using the public IP address, this must instead be specified in the relabeling rule.", "format": "int32", "maximum": 65535, "minimum": 0, @@ -5236,7 +7298,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5252,36 +7314,58 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, "refreshInterval": { - "description": "Time after which the linode instances are refreshed.", + "description": "Refresh interval to re-read the list of instances.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, "region": { - "description": "Optional region to filter on.", + "description": "The AWS region.", "minLength": 1, "type": "string" }, - "tagSeparator": { - "description": "The string by which Linode Instance tags are joined into the tag label.", - "minLength": 1, + "roleARN": { + "description": "AWS Role ARN, an alternative to using AWS API keys.", "type": "string" }, + "secretKey": { + "description": "SecretKey is the AWS API secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "tlsConfig": { - "description": "TLS configuration applying to the target HTTP endpoint.", + "description": "TLS configuration to connect to the Puppet DB.", "properties": { "ca": { "description": "Certificate authority used when verifying server certificates.", @@ -5295,7 +7379,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5318,7 +7402,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5347,7 +7431,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5370,7 +7454,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5400,7 +7484,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5414,6 +7498,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -5426,200 +7530,426 @@ }, "type": "array" }, - "metricRelabelings": { - "description": "MetricRelabelConfigs to apply to samples before ingestion.", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "metricsPath": { - "description": "MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics).", - "type": "string" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", - "type": "string" - }, - "openstackSDConfigs": { - "description": "OpenStackSDConfigs defines a list of OpenStack service discovery configurations.", + "linodeSDConfigs": { + "description": "LinodeSDConfigs defines a list of Linode service discovery configurations.", "items": { - "description": "OpenStackSDConfig allow retrieving scrape targets from OpenStack Nova instances.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#openstack_sd_config", + "description": "LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config", "properties": { - "allTenants": { - "description": "Whether the service discovery should list all instances for all projects.\nIt is only relevant for the 'instance' role and usually requires admin permissions.", - "type": "boolean" - }, - "applicationCredentialId": { - "description": "ApplicationCredentialID", - "type": "string" - }, - "applicationCredentialName": { - "description": "The ApplicationCredentialID or ApplicationCredentialName fields are\nrequired if using an application credential to authenticate. Some providers\nallow you to create an application credential to authenticate rather than a\npassword.", - "type": "string" - }, - "applicationCredentialSecret": { - "description": "The applicationCredentialSecret field is required if using an application\ncredential to authenticate.", + "authorization": { + "description": "Authorization header configuration.", "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "availability": { - "description": "Availability of the endpoint to connect to.", - "enum": [ - "Public", - "public", - "Admin", - "admin", - "Internal", - "internal" - ], - "type": "string" + "type": "object" }, - "domainID": { - "description": "DomainID", - "type": "string" + "enableHTTP2": { + "description": "Whether to enable HTTP2.", + "type": "boolean" }, - "domainName": { - "description": "At most one of domainId and domainName must be provided if using username\nwith Identity V3. Otherwise, either are optional.", - "type": "string" + "followRedirects": { + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.", + "type": "boolean" }, - "identityEndpoint": { - "description": "IdentityEndpoint specifies the HTTP endpoint that is required to work with\nthe Identity API of the appropriate version.", + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, - "password": { - "description": "Password for the Identity V2 and V3 APIs. Consult with your provider's\ncontrol panel to discover your account's preferred method of authentication.", + "oauth2": { + "description": "Optional OAuth 2.0 configuration.\nCannot be used at the same time as `authorization`.", "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" } }, "required": [ - "key" + "clientId", + "clientSecret", + "tokenUrl" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, "port": { - "description": "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule.", + "description": "Default port to scrape metrics from.", + "format": "int32", + "maximum": 65535, + "minimum": 0, "type": "integer" }, - "projectID": { - "description": " ProjectID", - "type": "string" + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "projectName": { - "description": "The ProjectId and ProjectName fields are optional for the Identity V2 API.\nSome providers allow you to specify a ProjectName instead of the ProjectId.\nSome require both. Your provider's authentication policies will determine\nhow these fields influence authentication.", + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", "type": "string" }, "refreshInterval": { - "description": "Refresh interval to re-read the instance list.", + "description": "Time after which the linode instances are refreshed.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, "region": { - "description": "The OpenStack Region.", + "description": "Optional region to filter on.", "minLength": 1, "type": "string" }, - "role": { - "description": "The OpenStack role of entities that should be discovered.", - "enum": [ - "Instance", - "instance", - "Hypervisor", - "hypervisor" - ], + "tagSeparator": { + "description": "The string by which Linode Instance tags are joined into the tag label.", + "minLength": 1, "type": "string" }, "tlsConfig": { @@ -5637,7 +7967,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5660,7 +7990,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5689,7 +8019,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5712,7 +8042,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5742,7 +8072,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5756,183 +8086,146 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" } }, "type": "object" - }, - "userid": { - "description": "UserID", - "type": "string" - }, - "username": { - "description": "Username is required if using Identity V2 API. Consult with your provider's\ncontrol panel to discover your account's username.\nIn Identity V3, either userid or a combination of username\nand domainId or domainName are needed", - "type": "string" } }, - "required": [ - "region", - "role" - ], "type": "object" }, "type": "array" }, - "ovhcloudSDConfigs": { - "description": "OVHCloudSDConfigs defines a list of OVHcloud service discovery configurations.", + "metricRelabelings": { + "description": "MetricRelabelConfigs to apply to samples before ingestion.", "items": { - "description": "OVHCloudSDConfig configurations allow retrieving scrape targets from OVHcloud's dedicated servers and VPS using their API.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ovhcloud_sd_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { - "applicationKey": { - "description": "Access key to use. https://api.ovh.com.", - "minLength": 1, + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], "type": "string" }, - "applicationSecret": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" }, - "consumerKey": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" }, - "endpoint": { - "description": "Custom endpoint to be used.", - "minLength": 1, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, - "refreshInterval": { - "description": "Refresh interval to re-read the resources list.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", "type": "string" }, - "service": { - "allOf": [ - { - "enum": [ - "VPS", - "DedicatedServer" - ] - }, - { - "enum": [ - "VPS", - "DedicatedServer" - ] - } - ], - "description": "Service of the targets to retrieve. Must be `VPS` or `DedicatedServer`.", + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, - "required": [ - "applicationKey", - "applicationSecret", - "consumerKey", - "service" - ], "type": "object" }, + "minItems": 1, "type": "array" }, - "params": { - "additionalProperties": { - "items": { - "type": "string" - }, - "type": "array" - }, - "description": "Optional HTTP URL parameters", - "type": "object", - "x-kubernetes-map-type": "atomic" + "metricsPath": { + "description": "MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics).", + "minLength": 1, + "type": "string" }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" + "nativeHistogramBucketLimit": { + "description": "If there are more than this many buckets in a native histogram,\nbuckets will be merged to stay within the limit.\nIt requires Prometheus >= v2.45.0.", + "format": "int64", + "type": "integer" }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", - "type": "boolean" + "nativeHistogramMinBucketFactor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "If the growth factor of one bucket to the next is smaller than this,\nbuckets will be merged to increase the factor sufficiently.\nIt requires Prometheus >= v2.50.0.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", - "pattern": "^http(s)?://.+$", + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, - "puppetDBSDConfigs": { - "description": "PuppetDBSDConfigs defines a list of PuppetDB service discovery configurations.", + "nomadSDConfigs": { + "description": "NomadSDConfigs defines a list of Nomad service discovery configurations.", "items": { - "description": "PuppetDBSDConfig configurations allow retrieving scrape targets from PuppetDB resources.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#puppetdb_sd_config", + "description": "NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config", "properties": { + "allowStale": { + "description": "The information to access the Nomad API. It is to be defined\nas the Nomad documentation requires.", + "type": "boolean" + }, "authorization": { - "description": "Optional `authorization` HTTP header configuration.\nCannot be set at the same time as `basicAuth`, or `oauth2`.", + "description": "Authorization header to use on every scrape request.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -5943,7 +8236,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5958,14 +8251,14 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "Optional HTTP basic authentication information.\nCannot be set at the same time as `authorization`, or `oauth2`.", + "description": "BasicAuth information to use on every scrape request.", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -5976,7 +8269,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5999,7 +8292,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6017,133 +8310,2075 @@ "type": "object" }, "enableHTTP2": { - "description": "Configure whether to enable HTTP2.", + "description": "Whether to enable HTTP2.", + "type": "boolean" + }, + "followRedirects": { + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.", + "type": "boolean" + }, + "namespace": { + "type": "string" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "oauth2": { + "description": "Optional OAuth 2.0 configuration.\nCannot be set at the same time as `authorization` or `basic_auth`.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "refreshInterval": { + "description": "Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function.\nSupported units: y, w, d, h, m, s, ms\nExamples: `30s`, `1m`, `1h20m15s`, `15d`", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "region": { + "type": "string" + }, + "server": { + "minLength": 1, + "type": "string" + }, + "tagSeparator": { + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration applying to the target HTTP endpoint.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "server" + ], + "type": "object" + }, + "type": "array" + }, + "oauth2": { + "description": "OAuth2 configuration to use on every scrape request.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "openstackSDConfigs": { + "description": "OpenStackSDConfigs defines a list of OpenStack service discovery configurations.", + "items": { + "description": "OpenStackSDConfig allow retrieving scrape targets from OpenStack Nova instances.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#openstack_sd_config", + "properties": { + "allTenants": { + "description": "Whether the service discovery should list all instances for all projects.\nIt is only relevant for the 'instance' role and usually requires admin permissions.", + "type": "boolean" + }, + "applicationCredentialId": { + "description": "ApplicationCredentialID", + "type": "string" + }, + "applicationCredentialName": { + "description": "The ApplicationCredentialID or ApplicationCredentialName fields are\nrequired if using an application credential to authenticate. Some providers\nallow you to create an application credential to authenticate rather than a\npassword.", + "type": "string" + }, + "applicationCredentialSecret": { + "description": "The applicationCredentialSecret field is required if using an application\ncredential to authenticate.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "availability": { + "description": "Availability of the endpoint to connect to.", + "enum": [ + "Public", + "public", + "Admin", + "admin", + "Internal", + "internal" + ], + "type": "string" + }, + "domainID": { + "description": "DomainID", + "type": "string" + }, + "domainName": { + "description": "At most one of domainId and domainName must be provided if using username\nwith Identity V3. Otherwise, either are optional.", + "type": "string" + }, + "identityEndpoint": { + "description": "IdentityEndpoint specifies the HTTP endpoint that is required to work with\nthe Identity API of the appropriate version.", + "type": "string" + }, + "password": { + "description": "Password for the Identity V2 and V3 APIs. Consult with your provider's\ncontrol panel to discover your account's preferred method of authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "port": { + "description": "The port to scrape metrics from. If using the public IP address, this must\ninstead be specified in the relabeling rule.", + "type": "integer" + }, + "projectID": { + "description": " ProjectID", + "type": "string" + }, + "projectName": { + "description": "The ProjectId and ProjectName fields are optional for the Identity V2 API.\nSome providers allow you to specify a ProjectName instead of the ProjectId.\nSome require both. Your provider's authentication policies will determine\nhow these fields influence authentication.", + "type": "string" + }, + "refreshInterval": { + "description": "Refresh interval to re-read the instance list.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "region": { + "description": "The OpenStack Region.", + "minLength": 1, + "type": "string" + }, + "role": { + "description": "The OpenStack role of entities that should be discovered.", + "enum": [ + "Instance", + "instance", + "Hypervisor", + "hypervisor" + ], + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration applying to the target HTTP endpoint.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "userid": { + "description": "UserID", + "type": "string" + }, + "username": { + "description": "Username is required if using Identity V2 API. Consult with your provider's\ncontrol panel to discover your account's username.\nIn Identity V3, either userid or a combination of username\nand domainId or domainName are needed", + "type": "string" + } + }, + "required": [ + "region", + "role" + ], + "type": "object" + }, + "type": "array" + }, + "ovhcloudSDConfigs": { + "description": "OVHCloudSDConfigs defines a list of OVHcloud service discovery configurations.", + "items": { + "description": "OVHCloudSDConfig configurations allow retrieving scrape targets from OVHcloud's dedicated servers and VPS using their API.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ovhcloud_sd_config", + "properties": { + "applicationKey": { + "description": "Access key to use. https://api.ovh.com.", + "minLength": 1, + "type": "string" + }, + "applicationSecret": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "consumerKey": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpoint": { + "description": "Custom endpoint to be used.", + "minLength": 1, + "type": "string" + }, + "refreshInterval": { + "description": "Refresh interval to re-read the resources list.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "service": { + "allOf": [ + { + "enum": [ + "VPS", + "DedicatedServer" + ] + }, + { + "enum": [ + "VPS", + "DedicatedServer" + ] + } + ], + "description": "Service of the targets to retrieve. Must be `VPS` or `DedicatedServer`.", + "type": "string" + } + }, + "required": [ + "applicationKey", + "applicationSecret", + "consumerKey", + "service" + ], + "type": "object" + }, + "type": "array" + }, + "params": { + "additionalProperties": { + "items": { + "type": "string" + }, + "type": "array" + }, + "description": "Optional HTTP URL parameters", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "puppetDBSDConfigs": { + "description": "PuppetDBSDConfigs defines a list of PuppetDB service discovery configurations.", + "items": { + "description": "PuppetDBSDConfig configurations allow retrieving scrape targets from PuppetDB resources.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#puppetdb_sd_config", + "properties": { + "authorization": { + "description": "Optional `authorization` HTTP header configuration.\nCannot be set at the same time as `basicAuth`, or `oauth2`.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "Optional HTTP basic authentication information.\nCannot be set at the same time as `authorization`, or `oauth2`.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "enableHTTP2": { + "description": "Configure whether to enable HTTP2.", + "type": "boolean" + }, + "followRedirects": { + "description": "Configure whether the HTTP requests should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "includeParameters": { + "description": "Whether to include the parameters as meta labels.\nNote: Enabling this exposes parameters in the Prometheus UI and API. Make sure\nthat you don't have secrets exposed as parameters if you enable this.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "oauth2": { + "description": "Optional OAuth2.0 configuration.\nCannot be set at the same time as `basicAuth`, or `authorization`.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "port": { + "description": "Port to scrape the metrics from.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "query": { + "description": "Puppet Query Language (PQL) query. Only resources are supported.\nhttps://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html", + "minLength": 1, + "type": "string" + }, + "refreshInterval": { + "description": "Refresh interval to re-read the list of resources.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration to connect to the Puppet DB.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "url": { + "description": "The URL of the PuppetDB root query endpoint.", + "minLength": 1, + "pattern": "^http(s)?://.+$", + "type": "string" + } + }, + "required": [ + "query", + "url" + ], + "type": "object" + }, + "type": "array" + }, + "relabelings": { + "description": "RelabelConfigs defines how to rewrite the target's labels before scraping.\nPrometheus Operator automatically adds relabelings for a few standard Kubernetes fields.\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "sampleLimit": { + "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.", + "format": "int64", + "type": "integer" + }, + "scalewaySDConfigs": { + "description": "ScalewaySDConfigs defines a list of Scaleway instances and baremetal service discovery configurations.", + "items": { + "description": "ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services.\nSee https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config", + "properties": { + "accessKey": { + "description": "Access key to use. https://console.scaleway.com/project/credentials", + "minLength": 1, + "type": "string" + }, + "apiURL": { + "description": "API URL to use when doing the server listing requests.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, + "enableHTTP2": { + "description": "Whether to enable HTTP2.", "type": "boolean" }, "followRedirects": { - "description": "Configure whether the HTTP requests should follow HTTP 3xx redirects.", + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.", "type": "boolean" }, - "includeParameters": { - "description": "Whether to include the parameters as meta labels.\nNote: Enabling this exposes parameters in the Prometheus UI and API. Make sure\nthat you don't have secrets exposed as parameters if you enable this.", - "type": "boolean" + "nameFilter": { + "description": "NameFilter specify a name filter (works as a LIKE) to apply on the server listing request.", + "minLength": 1, + "type": "string" }, "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "string" }, - "oauth2": { - "description": "Optional OAuth2.0 configuration.\nCannot be set at the same time as `basicAuth`, or `authorization`.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, "port": { - "description": "Port to scrape the metrics from.", + "description": "The port to scrape metrics from.", "format": "int32", "maximum": 65535, "minimum": 0, "type": "integer" }, + "projectID": { + "description": "Project ID of the targets.", + "minLength": 1, + "type": "string" + }, "proxyConnectHeader": { "additionalProperties": { "items": { @@ -6155,7 +10390,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6171,31 +10406,67 @@ }, "type": "array" }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", "type": "boolean" }, "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0.", + "description": "`proxyURL` defines the HTTP proxy server to use.", "pattern": "^http(s)?://.+$", "type": "string" }, - "query": { - "description": "Puppet Query Language (PQL) query. Only resources are supported.\nhttps://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html", - "minLength": 1, - "type": "string" - }, "refreshInterval": { - "description": "Refresh interval to re-read the list of resources.", + "description": "Refresh interval to re-read the list of instances.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, + "role": { + "description": "Service of the targets to retrieve. Must be `Instance` or `Baremetal`.", + "enum": [ + "Instance", + "Baremetal" + ], + "type": "string" + }, + "secretKey": { + "description": "Secret key to use when listing targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "tagsFilter": { + "description": "TagsFilter specify a tag filter (a server needs to have all defined tags to be listed) to apply on the server listing request.", + "items": { + "minLength": 1, + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, "tlsConfig": { - "description": "TLS configuration to connect to the Puppet DB.", + "description": "TLS configuration to use on every scrape request", "properties": { "ca": { "description": "Certificate authority used when verifying server certificates.", @@ -6209,7 +10480,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6232,7 +10503,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6261,7 +10532,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6284,7 +10555,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6314,7 +10585,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6328,6 +10599,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -6335,95 +10626,22 @@ }, "type": "object" }, - "url": { - "description": "The URL of the PuppetDB root query endpoint.", + "zone": { + "description": "Zone is the availability zone of your targets (e.g. fr-par-1).", "minLength": 1, - "pattern": "^http(s)?://.+$", "type": "string" } }, "required": [ - "query", - "url" + "accessKey", + "projectID", + "role", + "secretKey" ], "type": "object" }, "type": "array" }, - "relabelings": { - "description": "RelabelConfigs defines how to rewrite the target's labels before scraping.\nPrometheus Operator automatically adds relabelings for a few standard Kubernetes fields.\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "sampleLimit": { - "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.", - "format": "int64", - "type": "integer" - }, "scheme": { "description": "Configures the protocol scheme used for requests.\nIf empty, Prometheus uses HTTP by default.", "enum": [ @@ -6437,13 +10655,17 @@ "minLength": 1, "type": "string" }, + "scrapeClassicHistograms": { + "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.", + "type": "boolean" + }, "scrapeInterval": { "description": "ScrapeInterval is the interval between consecutive scrapes.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, "scrapeProtocols": { - "description": "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0.", + "description": "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", "items": { "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`", "enum": [ @@ -6454,6 +10676,7 @@ ], "type": "string" }, + "minItems": 1, "type": "array", "x-kubernetes-list-type": "set" }, @@ -6478,12 +10701,17 @@ "targets": { "description": "List of targets for this static configuration.", "items": { - "description": "Target represents a target for Prometheus to scrape", + "description": "Target represents a target for Prometheus to scrape\nkubebuilder:validation:MinLength:=1", "type": "string" }, - "type": "array" + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" } }, + "required": [ + "targets" + ], "type": "object" }, "type": "array" @@ -6508,7 +10736,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6531,7 +10759,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6560,7 +10788,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6583,7 +10811,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6613,7 +10841,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6627,6 +10855,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" diff --git a/jsonnet/prometheus-operator/servicemonitors-crd.json b/jsonnet/prometheus-operator/servicemonitors-crd.json index 64e774386b2..4d81a25ddf9 100644 --- a/jsonnet/prometheus-operator/servicemonitors-crd.json +++ b/jsonnet/prometheus-operator/servicemonitors-crd.json @@ -3,8 +3,8 @@ "kind": "CustomResourceDefinition", "metadata": { "annotations": { - "controller-gen.kubebuilder.io/version": "v0.15.0", - "operator.prometheus.io/version": "0.75.2" + "controller-gen.kubebuilder.io/version": "v0.16.4", + "operator.prometheus.io/version": "0.78.2" }, "name": "servicemonitors.monitoring.coreos.com" }, @@ -28,7 +28,7 @@ "name": "v1", "schema": { "openAPIV3Schema": { - "description": "ServiceMonitor defines monitoring for a set of services.", + "description": "The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services.\nAmong other things, it allows to specify:\n* The services to scrape via label selectors.\n* The container ports to scrape.\n* Authentication credentials to use.\n* Target and metric relabeling.\n\n`Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -45,27 +45,27 @@ "description": "Specification of desired Service selection for target discovery by\nPrometheus.", "properties": { "attachMetadata": { - "description": "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\n\nIt requires Prometheus >= v2.37.0.", + "description": "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\nIt requires Prometheus >= v2.37.0.", "properties": { "node": { - "description": "When set to true, Prometheus must have the `get` permission on the\n`Nodes` objects.", + "description": "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects.", "type": "boolean" } }, "type": "object" }, "bodySizeLimit": { - "description": "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\n\nIt requires Prometheus >= v2.28.0.", + "description": "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\nIt requires Prometheus >= v2.28.0.", "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", "type": "string" }, "endpoints": { - "description": "List of endpoints part of this ServiceMonitor.", + "description": "List of endpoints part of this ServiceMonitor.\nDefines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects.\nIn most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels.", "items": { "description": "Endpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus.", "properties": { "authorization": { - "description": "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.", + "description": "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.", "properties": { "credentials": { "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", @@ -76,7 +76,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -91,14 +91,14 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `authorization`, or `oauth2`.", + "description": "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\nCannot be set at the same time as `authorization`, or `oauth2`.", "properties": { "password": { "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", @@ -109,7 +109,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -132,7 +132,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -150,11 +150,11 @@ "type": "object" }, "bearerTokenFile": { - "description": "File to read bearer token for scraping the target.\n\n\nDeprecated: use `authorization` instead.", + "description": "File to read bearer token for scraping the target.\n\nDeprecated: use `authorization` instead.", "type": "string" }, "bearerTokenSecret": { - "description": "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the ServiceMonitor object and readable by the Prometheus Operator.\n\n\nDeprecated: use `authorization` instead.", + "description": "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the ServiceMonitor object and readable by the Prometheus Operator.\n\nDeprecated: use `authorization` instead.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", @@ -162,7 +162,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -181,7 +181,7 @@ "type": "boolean" }, "filterRunning": { - "description": "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\n\nIf unset, the filtering is enabled.\n\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase", + "description": "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\nIf unset, the filtering is enabled.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase", "type": "boolean" }, "followRedirects": { @@ -197,18 +197,18 @@ "type": "boolean" }, "interval": { - "description": "Interval at which Prometheus scrapes the metrics from the target.\n\n\nIf empty, Prometheus uses the global scrape interval.", + "description": "Interval at which Prometheus scrapes the metrics from the target.\n\nIf empty, Prometheus uses the global scrape interval.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, "metricRelabelings": { "description": "`metricRelabelings` configures the relabeling rules to apply to the\nsamples before ingestion.", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -236,7 +236,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -245,7 +245,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -262,7 +262,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -271,7 +271,7 @@ "type": "array" }, "oauth2": { - "description": "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\n\nIt requires Prometheus >= 2.27.0.\n\n\nCannot be set at the same time as `authorization`, or `basicAuth`.", + "description": "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`.", "properties": { "clientId": { "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", @@ -285,7 +285,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -308,7 +308,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -334,7 +334,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -355,6 +355,50 @@ "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^http(s)?://.+$", + "type": "string" + }, "scopes": { "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { @@ -362,6 +406,167 @@ }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, @@ -386,11 +591,11 @@ "type": "object" }, "path": { - "description": "HTTP path from which to scrape for metrics.\n\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`).", + "description": "HTTP path from which to scrape for metrics.\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`).", "type": "string" }, "port": { - "description": "Name of the Service port which this endpoint refers to.\n\n\nIt takes precedence over `targetPort`.", + "description": "Name of the Service port which this endpoint refers to.\n\nIt takes precedence over `targetPort`.", "type": "string" }, "proxyUrl": { @@ -398,13 +603,13 @@ "type": "string" }, "relabelings": { - "description": "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -432,7 +637,7 @@ "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, @@ -441,7 +646,7 @@ "type": "string" }, "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available.", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { @@ -458,7 +663,7 @@ "type": "array" }, "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -467,7 +672,7 @@ "type": "array" }, "scheme": { - "description": "HTTP scheme to use for scraping.\n\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\n\nIf empty, Prometheus uses the default value `http`.", + "description": "HTTP scheme to use for scraping.\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\nIf empty, Prometheus uses the default value `http`.", "enum": [ "http", "https" @@ -475,7 +680,7 @@ "type": "string" }, "scrapeTimeout": { - "description": "Timeout after which Prometheus considers the scrape to be failed.\n\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used.", + "description": "Timeout after which Prometheus considers the scrape to be failed.\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, @@ -506,7 +711,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -529,7 +734,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -562,7 +767,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -585,7 +790,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -623,7 +828,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -637,6 +842,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -645,7 +870,7 @@ "type": "object" }, "trackTimestampsStaleness": { - "description": "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\n\nIt requires Prometheus >= v2.48.0.", + "description": "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\nIt requires Prometheus >= v2.48.0.", "type": "boolean" } }, @@ -654,31 +879,31 @@ "type": "array" }, "jobLabel": { - "description": "`jobLabel` selects the label from the associated Kubernetes `Service`\nobject which will be used as the `job` label for all metrics.\n\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Service`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\n\nIf the value of this field is empty or if the label doesn't exist for\nthe given Service, the `job` label of the metrics defaults to the name\nof the associated Kubernetes `Service`.", + "description": "`jobLabel` selects the label from the associated Kubernetes `Service`\nobject which will be used as the `job` label for all metrics.\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Service`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\nIf the value of this field is empty or if the label doesn't exist for\nthe given Service, the `job` label of the metrics defaults to the name\nof the associated Kubernetes `Service`.", "type": "string" }, "keepDroppedTargets": { - "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0.", + "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.", "format": "int64", "type": "integer" }, "labelLimit": { - "description": "Per-scrape limit on number of labels that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0.", + "description": "Per-scrape limit on number of labels that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", "format": "int64", "type": "integer" }, "labelNameLengthLimit": { - "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0.", + "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", "format": "int64", "type": "integer" }, "labelValueLengthLimit": { - "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0.", + "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", "format": "int64", "type": "integer" }, "namespaceSelector": { - "description": "Selector to select which namespaces the Kubernetes `Endpoints` objects\nare discovered from.", + "description": "`namespaceSelector` defines in which namespace(s) Prometheus should discover the services.\nBy default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces.", "properties": { "any": { "description": "Boolean describing whether all namespaces are selected in contrast to a\nlist restricting them.", @@ -694,6 +919,24 @@ }, "type": "object" }, + "nativeHistogramBucketLimit": { + "description": "If there are more than this many buckets in a native histogram,\nbuckets will be merged to stay within the limit.\nIt requires Prometheus >= v2.45.0.", + "format": "int64", + "type": "integer" + }, + "nativeHistogramMinBucketFactor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "If the growth factor of one bucket to the next is smaller than this,\nbuckets will be merged to increase the factor sufficiently.\nIt requires Prometheus >= v2.50.0.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, "podTargetLabels": { "description": "`podTargetLabels` defines the labels which are transferred from the\nassociated Kubernetes `Pod` object onto the ingested metrics.", "items": { @@ -711,8 +954,12 @@ "minLength": 1, "type": "string" }, + "scrapeClassicHistograms": { + "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.", + "type": "boolean" + }, "scrapeProtocols": { - "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0.", + "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", "items": { "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`", "enum": [ @@ -727,7 +974,7 @@ "x-kubernetes-list-type": "set" }, "selector": { - "description": "Label selector to select the Kubernetes `Endpoints` objects.", + "description": "Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", diff --git a/jsonnet/prometheus-operator/thanosrulers-crd.json b/jsonnet/prometheus-operator/thanosrulers-crd.json index 07e45746e90..ed1b78b429a 100644 --- a/jsonnet/prometheus-operator/thanosrulers-crd.json +++ b/jsonnet/prometheus-operator/thanosrulers-crd.json @@ -3,8 +3,8 @@ "kind": "CustomResourceDefinition", "metadata": { "annotations": { - "controller-gen.kubebuilder.io/version": "v0.15.0", - "operator.prometheus.io/version": "0.75.2" + "controller-gen.kubebuilder.io/version": "v0.16.4", + "operator.prometheus.io/version": "0.78.2" }, "name": "thanosrulers.monitoring.coreos.com" }, @@ -70,7 +70,7 @@ "name": "v1", "schema": { "openAPIV3Schema": { - "description": "ThanosRuler defines a ThanosRuler deployment.", + "description": "The `ThanosRuler` custom resource definition (CRD) defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster.\n\nA `ThanosRuler` instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services).\n\nThe resource defines via label and namespace selectors which `PrometheusRule` objects should be associated to the deployed Thanos Ruler instances.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -347,7 +347,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -355,7 +355,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -491,7 +491,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -499,7 +499,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -632,7 +632,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -640,7 +640,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -776,7 +776,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -784,7 +784,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -887,7 +887,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -910,7 +910,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -977,7 +977,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1049,7 +1049,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1088,7 +1088,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1108,7 +1108,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1400,7 +1400,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -1594,7 +1595,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -1739,13 +1741,17 @@ "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -1851,7 +1857,7 @@ "type": "boolean" }, "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { @@ -1902,7 +1908,7 @@ "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -1967,7 +1973,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -2153,7 +2160,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -2189,6 +2196,66 @@ }, "type": "array" }, + "dnsConfig": { + "description": "Defines the DNS configuration for the pods.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "properties": { + "name": { + "description": "Name is required and must be unique.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value is optional.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "type": "object" + }, + "dnsPolicy": { + "description": "Defines the DNS policy for the pods.", + "enum": [ + "ClusterFirstWithHostNet", + "ClusterFirst", + "Default", + "None" + ], + "type": "string" + }, "enforcedNamespaceLabel": { "description": "EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert\nand metric that is user created. The label value will always be the namespace of the object that is\nbeing created.", "type": "string" @@ -2260,7 +2327,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2283,7 +2350,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2316,7 +2383,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2339,7 +2406,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2377,7 +2444,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2391,6 +2458,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -2448,7 +2535,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -2503,7 +2590,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2575,7 +2662,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2614,7 +2701,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2634,7 +2721,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2926,7 +3013,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3120,7 +3208,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3265,13 +3354,17 @@ "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -3377,7 +3470,7 @@ "type": "boolean" }, "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { @@ -3428,7 +3521,7 @@ "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -3493,7 +3586,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3679,7 +3773,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -3767,7 +3861,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3790,7 +3884,7 @@ "type": "boolean" }, "podMetadata": { - "description": "PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods.\n\n\nThe following items are reserved and cannot be overridden:\n* \"app.kubernetes.io/name\" label, set to \"thanos-ruler\".\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/instance\" label, set to the name of the ThanosRuler instance.\n* \"thanos-ruler\" label, set to the name of the ThanosRuler instance.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"thanos-ruler\".", + "description": "PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods.\n\nThe following items are reserved and cannot be overridden:\n* \"app.kubernetes.io/name\" label, set to \"thanos-ruler\".\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/instance\" label, set to the name of the ThanosRuler instance.\n* \"thanos-ruler\" label, set to the name of the ThanosRuler instance.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"thanos-ruler\".", "properties": { "annotations": { "additionalProperties": { @@ -3853,7 +3947,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3883,13 +3977,17 @@ "description": "Resources defines the resource requirements for single Pods.\nIf not provided, no requests/limits will be set", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -4059,7 +4157,7 @@ "type": "object" }, "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, @@ -4111,7 +4209,7 @@ "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -4121,7 +4219,7 @@ "type": "object" }, "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", "items": { "format": "int64", "type": "integer" @@ -4129,6 +4227,10 @@ "type": "array", "x-kubernetes-list-type": "atomic" }, + "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, "sysctls": { "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", "items": { @@ -4215,7 +4317,7 @@ "description": "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes", "properties": { "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil.", + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { "metadata": { "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", @@ -4369,7 +4471,7 @@ "type": "string" }, "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { @@ -4575,7 +4677,7 @@ "type": "string" }, "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { @@ -4605,7 +4707,7 @@ "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", "type": "string" }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object", "x-kubernetes-map-type": "granular" }, @@ -4622,7 +4724,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object" }, "capacity": { @@ -4668,7 +4770,7 @@ "type": "string" }, "type": { - "description": "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type", + "description": "PersistentVolumeClaimConditionType defines the condition of PV claim.\nValid values are:\n - \"Resizing\", \"FileSystemResizePending\"\n\nIf RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:\n - \"ControllerResizeError\", \"NodeResizeError\"\n\nIf VolumeAttributesClass feature gate is enabled, then following additional values can be expected:\n - \"ModifyVolumeError\", \"ModifyingVolume\"", "type": "string" } }, @@ -4685,11 +4787,11 @@ "x-kubernetes-list-type": "map" }, "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "type": "string" }, "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "properties": { "status": { "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", @@ -4800,7 +4902,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", "items": { "type": "string" }, @@ -4813,16 +4915,16 @@ "type": "integer" }, "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", "format": "int32", "type": "integer" }, "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "topologyKey": { @@ -4844,7 +4946,7 @@ "type": "array" }, "tracingConfig": { - "description": "TracingConfig configures tracing in Thanos.\n\n\n`tracingConfigFile` takes precedence over this field.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "description": "TracingConfig configures tracing in Thanos.\n\n`tracingConfigFile` takes precedence over this field.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", @@ -4852,7 +4954,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4867,7 +4969,7 @@ "x-kubernetes-map-type": "atomic" }, "tracingConfigFile": { - "description": "TracingConfig specifies the path of the tracing configuration file.\n\n\nThis field takes precedence over `tracingConfig`.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "description": "TracingConfig specifies the path of the tracing configuration file.\n\nThis field takes precedence over `tracingConfig`.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", "type": "string" }, "version": { @@ -4896,7 +4998,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -4925,7 +5027,7 @@ "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "properties": { "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" }, "partition": { @@ -4963,6 +5065,7 @@ "type": "string" }, "fsType": { + "default": "ext4", "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, @@ -4971,6 +5074,7 @@ "type": "string" }, "readOnly": { + "default": false, "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" } @@ -5031,7 +5135,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5064,7 +5168,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5119,7 +5223,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5146,7 +5250,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5277,10 +5381,10 @@ "type": "object" }, "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", "properties": { "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil.", + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { "metadata": { "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", @@ -5434,7 +5538,7 @@ "type": "string" }, "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { @@ -5461,7 +5565,7 @@ "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "properties": { "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "lun": { @@ -5519,7 +5623,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5550,7 +5654,7 @@ "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "properties": { "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "partition": { @@ -5616,7 +5720,7 @@ "type": "object" }, "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write.", + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "properties": { "path": { "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", @@ -5632,6 +5736,20 @@ ], "type": "object" }, + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", + "properties": { + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string" + }, + "reference": { + "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + } + }, + "type": "object" + }, "iscsi": { "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", "properties": { @@ -5644,7 +5762,7 @@ "type": "boolean" }, "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", "type": "string" }, "initiatorName": { @@ -5656,6 +5774,7 @@ "type": "string" }, "iscsiInterface": { + "default": "default", "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", "type": "string" }, @@ -5681,7 +5800,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5790,12 +5909,12 @@ "type": "integer" }, "sources": { - "description": "sources is the list of volume projections", + "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", "items": { - "description": "Projection that may be projected along with other supported volume types", + "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", "properties": { "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", "properties": { "labelSelector": { "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", @@ -5897,7 +6016,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6019,7 +6138,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6099,7 +6218,7 @@ "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", "properties": { "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", "type": "string" }, "image": { @@ -6107,6 +6226,7 @@ "type": "string" }, "keyring": { + "default": "/etc/ceph/keyring", "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, @@ -6119,6 +6239,7 @@ "x-kubernetes-list-type": "atomic" }, "pool": { + "default": "rbd", "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, @@ -6131,7 +6252,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -6139,6 +6260,7 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "default": "admin", "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } @@ -6153,6 +6275,7 @@ "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", "properties": { "fsType": { + "default": "xfs", "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", "type": "string" }, @@ -6173,7 +6296,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -6185,6 +6308,7 @@ "type": "boolean" }, "storageMode": { + "default": "ThinProvisioned", "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", "type": "string" }, @@ -6271,7 +6395,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -6385,7 +6509,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6408,7 +6532,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6425,6 +6549,10 @@ }, "type": "object" }, + "certFile": { + "description": "Path to the TLS certificate file in the Prometheus container for the server.\nMutually exclusive with `cert`.", + "type": "string" + }, "cipherSuites": { "description": "List of supported cipher suites for TLS versions up to TLS 1.2. If empty,\nGo default cipher suites are used. Available cipher suites are documented\nin the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants", "items": { @@ -6436,6 +6564,10 @@ "description": "Server policy for client authentication. Maps to ClientAuth Policies.\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", "type": "string" }, + "clientCAFile": { + "description": "Path to the CA certificate file for client certificate authentication to the server.\nMutually exclusive with `client_ca`.", + "type": "string" + }, "client_ca": { "description": "Contains the CA certificate for client certificate authentication to the server.", "properties": { @@ -6448,7 +6580,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6471,7 +6603,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6495,6 +6627,10 @@ }, "type": "array" }, + "keyFile": { + "description": "Path to the TLS key file in the Prometheus container for the server.\nMutually exclusive with `keySecret`.", + "type": "string" + }, "keySecret": { "description": "Secret containing the TLS key for the server.", "properties": { @@ -6504,7 +6640,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -6531,10 +6667,6 @@ "type": "boolean" } }, - "required": [ - "cert", - "keySecret" - ], "type": "object" } }, @@ -6552,7 +6684,7 @@ "type": "integer" }, "conditions": { - "description": "The current state of the Alertmanager object.", + "description": "The current state of the ThanosRuler object.", "items": { "description": "Condition represents the state of the resources associated with the\nPrometheus, Alertmanager or ThanosRuler resource.", "properties": { diff --git a/pkg/admission/admission.go b/pkg/admission/admission.go index 448b46731b5..6313d69c80c 100644 --- a/pkg/admission/admission.go +++ b/pkg/admission/admission.go @@ -18,11 +18,10 @@ import ( "encoding/json" "fmt" "io" + "log/slog" "net/http" "strings" - "github.com/go-kit/log" - "github.com/go-kit/log/level" v1 "k8s.io/api/admission/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -75,11 +74,11 @@ var ( // 1. PrometheusRules (validation, mutation) - ensuring created resources can be loaded by Promethues // 2. monitoringv1alpha1.AlertmanagerConfig (validation) - ensuring. type Admission struct { - logger log.Logger + logger *slog.Logger wh http.Handler } -func New(logger log.Logger) *Admission { +func New(logger *slog.Logger) *Admission { scheme := runtime.NewScheme() utilruntime.Must(monitoringv1alpha1.AddToScheme(scheme)) utilruntime.Must(monitoringv1beta1.AddToScheme(scheme)) @@ -143,25 +142,25 @@ func (a *Admission) serveAdmission(w http.ResponseWriter, r *http.Request, admit } if len(body) == 0 { - level.Warn(a.logger).Log("msg", "request has no body") + a.logger.Warn("request has no body") http.Error(w, "request has no body", http.StatusBadRequest) return } contentType := r.Header.Get("Content-Type") if contentType != "application/json" { - level.Warn(a.logger).Log("msg", fmt.Sprintf("invalid Content-Type %s, want `application/json`", contentType)) + a.logger.Warn(fmt.Sprintf("invalid Content-Type %s, want `application/json`", contentType)) http.Error(w, "invalid Content-Type, want `application/json`", http.StatusUnsupportedMediaType) return } - level.Debug(a.logger).Log("msg", "Received request", "content", string(body)) + a.logger.Debug("Received request", "content", string(body)) requestedAdmissionReview := v1.AdmissionReview{} responseAdmissionReview := v1.AdmissionReview{} if _, _, err := deserializer.Decode(body, nil, &requestedAdmissionReview); err != nil { - level.Warn(a.logger).Log("msg", "Unable to deserialize request", "err", err) + a.logger.Warn("Unable to deserialize request", "err", err) responseAdmissionReview.Response = toAdmissionResponseFailure("Unable to deserialize request", "", []error{err}) } else { responseAdmissionReview.Response = admit(requestedAdmissionReview) @@ -173,36 +172,36 @@ func (a *Admission) serveAdmission(w http.ResponseWriter, r *http.Request, admit respBytes, err := json.Marshal(responseAdmissionReview) - level.Debug(a.logger).Log("msg", "sending response", "content", string(respBytes)) + a.logger.Debug("sending response", "content", string(respBytes)) if err != nil { - level.Error(a.logger).Log("msg", "Cannot serialize response", "err", err) + a.logger.Error("Cannot serialize response", "err", err) http.Error(w, fmt.Sprintf("could not serialize response: %v", err), http.StatusInternalServerError) } if _, err := w.Write(respBytes); err != nil { - level.Error(a.logger).Log("msg", "Cannot write response", "err", err) + a.logger.Error("Cannot write response", "err", err) http.Error(w, fmt.Sprintf("could not write response: %v", err), http.StatusInternalServerError) } } func (a *Admission) mutatePrometheusRules(ar v1.AdmissionReview) *v1.AdmissionResponse { - level.Debug(a.logger).Log("msg", "Mutating prometheusrules") + a.logger.Debug("Mutating prometheusrules") if ar.Request.Resource != prometheusRuleGVR { err := fmt.Errorf("expected resource to be %v, but received %v", prometheusRuleResource, ar.Request.Resource) - level.Warn(a.logger).Log("err", err) + a.logger.Warn("", "err", err) return toAdmissionResponseFailure("Unexpected resource kind", prometheusRuleResource, []error{err}) } rule := &PrometheusRules{} if err := json.Unmarshal(ar.Request.Object.Raw, rule); err != nil { - level.Info(a.logger).Log("msg", errUnmarshalAdmission, "err", err) + a.logger.Info(errUnmarshalAdmission, "err", err) return toAdmissionResponseFailure(errUnmarshalAdmission, prometheusRuleResource, []error{err}) } patches, err := generatePatchesForNonStringLabelsAnnotations(rule.Spec.Raw) if err != nil { - level.Info(a.logger).Log("msg", errUnmarshalRules, "err", err) + a.logger.Info(errUnmarshalRules, "err", err) return toAdmissionResponseFailure(errUnmarshalRules, prometheusRuleResource, []error{err}) } @@ -220,26 +219,26 @@ func (a *Admission) mutatePrometheusRules(ar v1.AdmissionReview) *v1.AdmissionRe } func (a *Admission) validatePrometheusRules(ar v1.AdmissionReview) *v1.AdmissionResponse { - level.Debug(a.logger).Log("msg", "Validating prometheusrules") + a.logger.Debug("Validating prometheusrules") if ar.Request.Resource != prometheusRuleGVR { err := fmt.Errorf("expected resource to be %v, but received %v", prometheusRuleResource, ar.Request.Resource) - level.Warn(a.logger).Log("err", err) + a.logger.Warn("", "err", err) return toAdmissionResponseFailure("Unexpected resource kind", prometheusRuleResource, []error{err}) } promRule := &monitoringv1.PrometheusRule{} if err := json.Unmarshal(ar.Request.Object.Raw, promRule); err != nil { - level.Info(a.logger).Log("msg", errUnmarshalRules, "err", err) + a.logger.Info(errUnmarshalRules, "err", err) return toAdmissionResponseFailure(errUnmarshalRules, prometheusRuleResource, []error{err}) } errors := promoperator.ValidateRule(promRule.Spec) if len(errors) != 0 { const m = "Invalid rule" - level.Debug(a.logger).Log("msg", m, "content", promRule.Spec) + a.logger.Debug(m, "content", promRule.Spec) for _, err := range errors { - level.Info(a.logger).Log("msg", m, "err", err) + a.logger.Info(m, "err", err) } return toAdmissionResponseFailure("Rules are not valid", prometheusRuleResource, errors) @@ -249,12 +248,12 @@ func (a *Admission) validatePrometheusRules(ar v1.AdmissionReview) *v1.Admission } func (a *Admission) validateAlertmanagerConfig(ar v1.AdmissionReview) *v1.AdmissionResponse { - level.Debug(a.logger).Log("msg", "Validating alertmanagerconfigs") + a.logger.Debug("Validating alertmanagerconfigs") gr := metav1.GroupResource{Group: ar.Request.Resource.Group, Resource: ar.Request.Resource.Resource} if gr != alertManagerConfigGR { err := fmt.Errorf("expected resource to be %v, but received %v", alertManagerConfigResource, ar.Request.Resource) - level.Warn(a.logger).Log("err", err) + a.logger.Warn("", "err", err) return toAdmissionResponseFailure("Unexpected resource kind", alertManagerConfigResource, []error{err}) } @@ -270,7 +269,7 @@ func (a *Admission) validateAlertmanagerConfig(ar v1.AdmissionReview) *v1.Admiss } if err := json.Unmarshal(ar.Request.Object.Raw, amConf); err != nil { - level.Info(a.logger).Log("msg", errUnmarshalConfig, "err", err) + a.logger.Info(errUnmarshalConfig, "err", err) return toAdmissionResponseFailure(errUnmarshalConfig, alertManagerConfigResource, []error{err}) } @@ -286,8 +285,8 @@ func (a *Admission) validateAlertmanagerConfig(ar v1.AdmissionReview) *v1.Admiss if err != nil { msg := "invalid config" - level.Debug(a.logger).Log("msg", msg, "content", string(ar.Request.Object.Raw)) - level.Info(a.logger).Log("msg", msg, "err", err) + a.logger.Debug(msg, "content", string(ar.Request.Object.Raw)) + a.logger.Info(msg, "err", err) return toAdmissionResponseFailure("AlertmanagerConfig is invalid", alertManagerConfigResource, []error{err}) } return &v1.AdmissionResponse{Allowed: true} diff --git a/pkg/admission/admission_test.go b/pkg/admission/admission_test.go index 31424da5b37..3546ef97447 100644 --- a/pkg/admission/admission_test.go +++ b/pkg/admission/admission_test.go @@ -19,6 +19,8 @@ import ( "encoding/json" "fmt" "io" + "log/slog" + "math" "net/http" "net/http/httptest" "os" @@ -26,8 +28,6 @@ import ( "testing" jsonpatch "github.com/evanphx/json-patch/v5" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/stretchr/testify/require" "gotest.tools/v3/golden" v1 "k8s.io/api/admission/v1" @@ -313,7 +313,14 @@ func TestAlertmanagerConfigConversion(t *testing.T) { } func api() *Admission { - a := New(level.NewFilter(log.NewLogfmtLogger(log.NewSyncWriter(os.Stdout)), level.AllowNone())) + a := New( + slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + // slog level math.MaxInt means no logging + // We would like to use the slog buil-in No-op level once it is available + // More: https://github.com/golang/go/issues/62005 + Level: slog.Level(math.MaxInt), + })), + ) return a } diff --git a/pkg/alertmanager/amcfg.go b/pkg/alertmanager/amcfg.go index 9eebd725475..92684904a43 100644 --- a/pkg/alertmanager/amcfg.go +++ b/pkg/alertmanager/amcfg.go @@ -19,23 +19,23 @@ import ( "crypto/tls" "errors" "fmt" + "log/slog" "net" "net/url" "path" - "sort" "strings" "time" "github.com/blang/semver/v4" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/prometheus/alertmanager/config" "github.com/prometheus/alertmanager/timeinterval" "github.com/prometheus/common/model" "gopkg.in/yaml.v2" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" + "github.com/prometheus-operator/prometheus-operator/internal/util" "github.com/prometheus-operator/prometheus-operator/pkg/alertmanager/validation" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" @@ -110,25 +110,47 @@ type enforcer interface { processInhibitRule(types.NamespacedName, *inhibitRule) *inhibitRule } -// No enforcement. +// continueToNextRoute is an enforcer that always sets `continue: true` for the +// top-level route. +type continueToNextRoute struct { + e enforcer +} + +var _ enforcer = &continueToNextRoute{} + +func (cte *continueToNextRoute) processRoute(crKey types.NamespacedName, r *route) *route { + r = cte.e.processRoute(crKey, r) + r.Continue = true + + return r +} + +func (cte *continueToNextRoute) processInhibitRule(crKey types.NamespacedName, ir *inhibitRule) *inhibitRule { + return cte.e.processInhibitRule(crKey, ir) +} + +// noopEnforcer is a passthrough enforcer. type noopEnforcer struct{} +var _ enforcer = &noopEnforcer{} + func (ne *noopEnforcer) processInhibitRule(_ types.NamespacedName, ir *inhibitRule) *inhibitRule { return ir } func (ne *noopEnforcer) processRoute(_ types.NamespacedName, r *route) *route { - r.Continue = true return r } -// Enforcing the namespace label. +// namespaceEnforcer enforces a namespace label matcher. type namespaceEnforcer struct { matchersV2Allowed bool } -// processInhibitRule for namespaceEnforcer modifies the inhibition rule to match alerts -// originating only from the given namespace. +var _ enforcer = &namespaceEnforcer{} + +// processInhibitRule for namespaceEnforcer modifies the inhibition rule to +// match alerts originating only from the given namespace. func (ne *namespaceEnforcer) processInhibitRule(crKey types.NamespacedName, ir *inhibitRule) *inhibitRule { // Inhibition rule created from AlertmanagerConfig resources should only match // alerts that come from the same namespace. @@ -175,8 +197,6 @@ func (ne *namespaceEnforcer) processRoute(crKey types.NamespacedName, r *route) } else { r.Match["namespace"] = crKey.Namespace } - // Alerts should still be evaluated by the following routes. - r.Continue = true return r } @@ -185,13 +205,13 @@ func (ne *namespaceEnforcer) processRoute(crKey types.NamespacedName, r *route) // configuration and/or AlertmanagerConfig objects. type configBuilder struct { cfg *alertmanagerConfig - logger log.Logger + logger *slog.Logger amVersion semver.Version store *assets.StoreBuilder enforcer enforcer } -func newConfigBuilder(logger log.Logger, amVersion semver.Version, store *assets.StoreBuilder, matcherStrategy monitoringv1.AlertmanagerConfigMatcherStrategy) *configBuilder { +func newConfigBuilder(logger *slog.Logger, amVersion semver.Version, store *assets.StoreBuilder, matcherStrategy monitoringv1.AlertmanagerConfigMatcherStrategy) *configBuilder { cg := &configBuilder{ logger: logger, amVersion: amVersion, @@ -202,12 +222,17 @@ func newConfigBuilder(logger log.Logger, amVersion semver.Version, store *assets } func getEnforcer(matcherStrategy monitoringv1.AlertmanagerConfigMatcherStrategy, amVersion semver.Version) enforcer { - if matcherStrategy.Type == "None" { - return &noopEnforcer{} - } - return &namespaceEnforcer{ - matchersV2Allowed: amVersion.GTE(semver.MustParse("0.22.0")), + var e enforcer + switch matcherStrategy.Type { + case monitoringv1.NoneConfigMatcherStrategyType: + e = &noopEnforcer{} + default: + e = &namespaceEnforcer{ + matchersV2Allowed: amVersion.GTE(semver.MustParse("0.22.0")), + } } + + return &continueToNextRoute{e: e} } func (cb *configBuilder) marshalJSON() ([]byte, error) { @@ -223,6 +248,10 @@ func (cb *configBuilder) initializeFromAlertmanagerConfig(ctx context.Context, g Name: amConfig.Name, } + if err := checkAlertmanagerConfigResource(ctx, amConfig, cb.amVersion, cb.store); err != nil { + return err + } + global, err := cb.convertGlobalConfig(ctx, globalConfig, crKey) if err != nil { return err @@ -278,19 +307,8 @@ func (cb *configBuilder) initializeFromRawConfiguration(b []byte) error { // addAlertmanagerConfigs adds AlertmanagerConfig objects to the current configuration. func (cb *configBuilder) addAlertmanagerConfigs(ctx context.Context, amConfigs map[string]*monitoringv1alpha1.AlertmanagerConfig) error { - // amConfigIdentifiers is a sorted slice of keys from - // amConfigs map, used to always generate the config in the - // same order. - amConfigIdentifiers := make([]string, len(amConfigs)) - i := 0 - for k := range amConfigs { - amConfigIdentifiers[i] = k - i++ - } - sort.Strings(amConfigIdentifiers) - subRoutes := make([]*route, 0, len(amConfigs)) - for _, amConfigIdentifier := range amConfigIdentifiers { + for _, amConfigIdentifier := range util.SortedKeys(amConfigs) { crKey := types.NamespacedName{ Name: amConfigs[amConfigIdentifier].Name, Namespace: amConfigs[amConfigIdentifier].Namespace, @@ -382,7 +400,7 @@ func (cb *configBuilder) convertGlobalConfig(ctx context.Context, in *monitoring OAuth2: in.HTTPConfig.OAuth2, BearerTokenSecret: in.HTTPConfig.BearerTokenSecret, TLSConfig: in.HTTPConfig.TLSConfig, - ProxyURL: in.HTTPConfig.ProxyURL, + ProxyConfig: in.HTTPConfig.ProxyConfig, FollowRedirects: in.HTTPConfig.FollowRedirects, } httpConfig, err := cb.convertHTTPConfig(ctx, &v1alpha1Config, crKey) @@ -1479,8 +1497,22 @@ func (cb *configBuilder) convertHTTPConfig(ctx context.Context, in *monitoringv1 return nil, nil } + proxyConfig, err := cb.convertProxyConfig(ctx, in.ProxyConfig, crKey) + if err != nil { + return nil, err + } + + // in.ProxyURL comes from the common v1.ProxyConfig struct and is + // serialized as `proxyUrl` while in.ProxyURLOriginal is serialized as + // `proxyURL`. ProxyURLOriginal existed first in the CRD spec hence it + // can't be removed till the next API bump and should take precedence over + // in.ProxyURL. + if ptr.Deref(in.ProxyURLOriginal, "") != "" { + proxyConfig.ProxyURL = *in.ProxyURLOriginal + } + out := &httpClientConfig{ - ProxyURL: in.ProxyURL, + proxyConfig: proxyConfig, FollowRedirects: in.FollowRedirects, } @@ -1537,12 +1569,17 @@ func (cb *configBuilder) convertHTTPConfig(ctx context.Context, in *monitoringv1 if err != nil { return nil, fmt.Errorf("failed to get client secret: %w", err) } + proxyConfig, err := cb.convertProxyConfig(ctx, in.OAuth2.ProxyConfig, crKey) + if err != nil { + return nil, err + } out.OAuth2 = &oauth2{ ClientID: clientID, ClientSecret: clientSecret, Scopes: in.OAuth2.Scopes, TokenURL: in.OAuth2.TokenURL, EndpointParams: in.OAuth2.EndpointParams, + proxyConfig: proxyConfig, } } @@ -1560,26 +1597,61 @@ func (cb *configBuilder) convertTLSConfig(in *monitoringv1.SafeTLSConfig, crKey out.InsecureSkipVerify = *in.InsecureSkipVerify } + s := cb.store.ForNamespace(crKey.Namespace) + if in.CA != (monitoringv1.SecretOrConfigMap{}) { - out.CAFile = path.Join(tlsAssetsDir, assets.TLSAsset(crKey.Namespace, in.CA)) + out.CAFile = path.Join(tlsAssetsDir, s.TLSAsset(in.CA)) } if in.Cert != (monitoringv1.SecretOrConfigMap{}) { - out.CertFile = path.Join(tlsAssetsDir, assets.TLSAsset(crKey.Namespace, in.Cert)) + out.CertFile = path.Join(tlsAssetsDir, s.TLSAsset(in.Cert)) } if in.KeySecret != nil { - out.KeyFile = path.Join(tlsAssetsDir, assets.TLSAsset(crKey.Namespace, in.KeySecret)) + out.KeyFile = path.Join(tlsAssetsDir, s.TLSAsset(in.KeySecret)) } return &out } +func (cb *configBuilder) convertProxyConfig(ctx context.Context, in monitoringv1.ProxyConfig, crKey types.NamespacedName) (proxyConfig, error) { + out := proxyConfig{} + + if in.ProxyURL != nil { + out.ProxyURL = *in.ProxyURL + } + + if in.NoProxy != nil { + out.NoProxy = *in.NoProxy + } + + if in.ProxyFromEnvironment != nil { + out.ProxyFromEnvironment = *in.ProxyFromEnvironment + } + + if len(in.ProxyConnectHeader) > 0 { + proxyConnectHeader := make(map[string][]string, len(in.ProxyConnectHeader)) + for k, v := range in.ProxyConnectHeader { + proxyConnectHeader[k] = []string{} + for _, vv := range v { + value, err := cb.store.GetSecretKey(ctx, crKey.Namespace, vv) + if err != nil { + return out, fmt.Errorf("failed to get proxyConnectHeader secretKey: %w", err) + } + proxyConnectHeader[k] = append(proxyConnectHeader[k], value) + } + } + out.ProxyConnectHeader = proxyConnectHeader + } + + return out, nil +} + // sanitize the config against a specific Alertmanager version // types may be sanitized in one of two ways: // 1. stripping the unsupported config and log a warning // 2. error which ensures that config will not be reconciled - this will be logged by a calling function. -func (c *alertmanagerConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (c *alertmanagerConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { if c == nil { return nil } @@ -1628,7 +1700,7 @@ func (c *alertmanagerConfig) sanitize(amVersion semver.Version, logger log.Logge } // sanitize globalConfig. -func (gc *globalConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (gc *globalConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { if gc == nil { return nil } @@ -1644,51 +1716,51 @@ func (gc *globalConfig) sanitize(amVersion semver.Version, logger log.Logger) er if gc.SlackAPIURLFile != "" { if gc.SlackAPIURL != nil { msg := "'slack_api_url' and 'slack_api_url_file' are mutually exclusive - 'slack_api_url' has taken precedence" - level.Warn(logger).Log("msg", msg) + logger.Warn(msg) gc.SlackAPIURLFile = "" } if amVersion.LT(semver.MustParse("0.22.0")) { msg := "'slack_api_url_file' supported in Alertmanager >= 0.22.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) gc.SlackAPIURLFile = "" } } if gc.OpsGenieAPIKeyFile != "" && amVersion.LT(semver.MustParse("0.24.0")) { msg := "'opsgenie_api_key_file' supported in Alertmanager >= 0.24.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) gc.OpsGenieAPIKeyFile = "" } if gc.SMTPAuthPasswordFile != "" && amVersion.LT(semver.MustParse("0.25.0")) { msg := "'smtp_auth_password_file' supported in Alertmanager >= 0.25.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) gc.SMTPAuthPasswordFile = "" } if gc.SMTPAuthPassword != "" && gc.SMTPAuthPasswordFile != "" { msg := "'smtp_auth_password' and 'smtp_auth_password_file' are mutually exclusive - 'smtp_auth_password' has taken precedence" - level.Warn(logger).Log("msg", msg) + logger.Warn(msg) gc.SMTPAuthPasswordFile = "" } if gc.VictorOpsAPIKeyFile != "" && amVersion.LT(semver.MustParse("0.25.0")) { msg := "'victorops_api_key_file' supported in Alertmanager >= 0.25.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) gc.VictorOpsAPIKeyFile = "" } if gc.VictorOpsAPIKey != "" && gc.VictorOpsAPIKeyFile != "" { msg := "'victorops_api_key' and 'victorops_api_key_file' are mutually exclusive - 'victorops_api_key' has taken precedence" - level.Warn(logger).Log("msg", msg) + logger.Warn(msg) gc.VictorOpsAPIKeyFile = "" } return nil } -func (hc *httpClientConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (hc *httpClientConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { if hc == nil { return nil } @@ -1703,13 +1775,13 @@ func (hc *httpClientConfig) sanitize(amVersion semver.Version, logger log.Logger if hc.FollowRedirects != nil && !amVersion.GTE(semver.MustParse("0.22.0")) { msg := "'follow_redirects' set in 'http_config' but supported in Alertmanager >= 0.22.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) hc.FollowRedirects = nil } if hc.EnableHTTP2 != nil && !amVersion.GTE(semver.MustParse("0.25.0")) { msg := "'enable_http2' set in 'http_config' but supported in Alertmanager >= 0.25.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) hc.EnableHTTP2 = nil } @@ -1717,6 +1789,10 @@ func (hc *httpClientConfig) sanitize(amVersion semver.Version, logger log.Logger return err } + if err := hc.proxyConfig.sanitize(amVersion, logger); err != nil { + return err + } + return hc.OAuth2.sanitize(amVersion, logger) } @@ -1728,20 +1804,20 @@ var tlsVersions = map[string]int{ "TLS10": tls.VersionTLS10, } -func (tc *tlsConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (tc *tlsConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { if tc == nil { return nil } if tc.MinVersion != "" && !amVersion.GTE(semver.MustParse("0.25.0")) { msg := "'min_version' set in 'tls_config' but supported in Alertmanager >= 0.25.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) tc.MinVersion = "" } if tc.MaxVersion != "" && !amVersion.GTE(semver.MustParse("0.25.0")) { msg := "'max_version' set in 'tls_config' but supported in Alertmanager >= 0.25.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) tc.MaxVersion = "" } @@ -1762,26 +1838,84 @@ func (tc *tlsConfig) sanitize(amVersion semver.Version, logger log.Logger) error return nil } -func (o *oauth2) sanitize(amVersion semver.Version, logger log.Logger) error { +func (pc *proxyConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { + if pc == nil { + return nil + } + + // All proxy options are supported starting from v0.26.0. Below this + // version, only 'proxy_url' is supported. + if amVersion.GTE(semver.MustParse("0.26.0")) { + if len(pc.ProxyConnectHeader) > 0 && (!pc.ProxyFromEnvironment && pc.ProxyURL == "") { + return fmt.Errorf("if 'proxy_connect_header' is configured, 'proxy_url' or 'proxy_from_environment' must also be configured") + } + + if pc.ProxyFromEnvironment && pc.ProxyURL != "" { + return fmt.Errorf("if 'proxy_from_environment' is configured, 'proxy_url' must not be configured") + } + + if pc.ProxyFromEnvironment && pc.NoProxy != "" { + return fmt.Errorf("if 'proxy_from_environment' is configured, 'no_proxy' must not be configured") + } + + if pc.ProxyURL == "" && pc.NoProxy != "" { + return fmt.Errorf("if 'no_proxy' is configured, 'proxy_url' must also be configured") + } + + return nil + } + + if pc.ProxyFromEnvironment { + msg := "'proxy_from_environment' set to true but supported in Alertmanager >= 0.26.0 only - dropping field from provided config" + logger.Warn(msg, "current_version", amVersion.String()) + pc.ProxyFromEnvironment = false + } + + if pc.NoProxy != "" { + msg := "'no_proxy' configured but supported in Alertmanager >= 0.26.0 only - dropping field from provided config" + logger.Warn(msg, "current_version", amVersion.String()) + pc.NoProxy = "" + } + + if len(pc.ProxyConnectHeader) > 0 { + msg := "'proxy_connect_header' configured but supported in Alertmanager >= 0.26.0 only - dropping field from provided config" + logger.Warn(msg, "current_version", amVersion.String()) + pc.ProxyConnectHeader = nil + } + + return nil +} + +func (o *oauth2) sanitize(amVersion semver.Version, logger *slog.Logger) error { if o == nil { return nil } - if o.ProxyURL != "" && !amVersion.GTE(semver.MustParse("0.25.0")) { - msg := "'proxy_url' set in 'oauth2' but supported in Alertmanager >= 0.25.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + if (o.ProxyURL != "" || o.NoProxy != "" || len(o.ProxyConnectHeader) > 0) && + !amVersion.GTE(semver.MustParse("0.25.0")) { + msg := "'proxyConfig' set in 'oauth2' but supported in Alertmanager >= 0.25.0 only - dropping field from provided config" + logger.Warn(msg, "current_version", amVersion.String()) o.ProxyURL = "" + o.NoProxy = "" + o.ProxyFromEnvironment = false + o.ProxyConnectHeader = nil } return nil } // sanitize the receiver. -func (r *receiver) sanitize(amVersion semver.Version, logger log.Logger) error { +func (r *receiver) sanitize(amVersion semver.Version, logger *slog.Logger) error { if r == nil { return nil } - withLogger := log.With(logger, "receiver", r.Name) + withLogger := logger.With("receiver", r.Name) + + for _, conf := range r.EmailConfigs { + if err := conf.sanitize(amVersion, withLogger); err != nil { + return err + } + } for _, conf := range r.EmailConfigs { if err := conf.sanitize(amVersion, withLogger); err != nil { @@ -1864,22 +1998,22 @@ func (r *receiver) sanitize(amVersion semver.Version, logger log.Logger) error { return nil } -func (ec *emailConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (ec *emailConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { if ec.AuthPasswordFile != "" && amVersion.LT(semver.MustParse("0.25.0")) { msg := "'auth_password_file' supported in Alertmanager >= 0.25.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) ec.AuthPasswordFile = "" } if ec.AuthPassword != "" && ec.AuthPasswordFile != "" { - level.Warn(logger).Log("msg", "'auth_password' and 'auth_password_file' are mutually exclusive for email receiver config - 'auth_password' has taken precedence") + logger.Warn("'auth_password' and 'auth_password_file' are mutually exclusive for email receiver config - 'auth_password' has taken precedence") ec.AuthPasswordFile = "" } return nil } -func (ogc *opsgenieConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (ogc *opsgenieConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { if err := ogc.HTTPConfig.sanitize(amVersion, logger); err != nil { return err } @@ -1888,18 +2022,18 @@ func (ogc *opsgenieConfig) sanitize(amVersion semver.Version, logger log.Logger) if ogc.Actions != "" && lessThanV0_24 { msg := "opsgenie_config 'actions' supported in Alertmanager >= 0.24.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) ogc.Actions = "" } if ogc.Entity != "" && lessThanV0_24 { msg := "opsgenie_config 'entity' supported in Alertmanager >= 0.24.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) ogc.Entity = "" } if ogc.UpdateAlerts != nil && lessThanV0_24 { msg := "update_alerts 'entity' supported in Alertmanager >= 0.24.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) ogc.UpdateAlerts = nil } for _, responder := range ogc.Responders { @@ -1909,7 +2043,7 @@ func (ogc *opsgenieConfig) sanitize(amVersion semver.Version, logger log.Logger) } if ogc.APIKey != "" && ogc.APIKeyFile != "" { - level.Warn(logger).Log("msg", "'api_key' and 'api_key_file' are mutually exclusive for OpsGenie receiver config - 'api_key' has taken precedence") + logger.Warn("'api_key' and 'api_key_file' are mutually exclusive for OpsGenie receiver config - 'api_key' has taken precedence") ogc.APIKeyFile = "" } @@ -1919,7 +2053,7 @@ func (ogc *opsgenieConfig) sanitize(amVersion semver.Version, logger log.Logger) if lessThanV0_24 { msg := "'api_key_file' supported in Alertmanager >= 0.24.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) ogc.APIKeyFile = "" } @@ -1933,49 +2067,49 @@ func (ops *opsgenieResponder) sanitize(amVersion semver.Version) error { return nil } -func (pdc *pagerdutyConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (pdc *pagerdutyConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { lessThanV0_25 := amVersion.LT(semver.MustParse("0.25.0")) if pdc.Source != "" && lessThanV0_25 { msg := "'source' supported in Alertmanager >= 0.25.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) pdc.Source = "" } if pdc.RoutingKeyFile != "" && lessThanV0_25 { msg := "'routing_key_file' supported in Alertmanager >= 0.25.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) pdc.RoutingKeyFile = "" } if pdc.ServiceKeyFile != "" && lessThanV0_25 { msg := "'service_key_file' supported in Alertmanager >= 0.25.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) pdc.ServiceKeyFile = "" } if pdc.ServiceKey != "" && pdc.ServiceKeyFile != "" { msg := "'service_key' and 'service_key_file' are mutually exclusive for pagerdury receiver config - 'service_key' has taken precedence" - level.Warn(logger).Log("msg", msg) + logger.Warn(msg) pdc.ServiceKeyFile = "" } if pdc.RoutingKey != "" && pdc.RoutingKeyFile != "" { msg := "'routing_key' and 'routing_key_file' are mutually exclusive for pagerdury receiver config - 'routing_key' has taken precedence" - level.Warn(logger).Log("msg", msg) + logger.Warn(msg) pdc.RoutingKeyFile = "" } return pdc.HTTPConfig.sanitize(amVersion, logger) } -func (poc *pushoverConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (poc *pushoverConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { lessThanV0_26 := amVersion.LT(semver.MustParse("0.26.0")) lessThanV0_27 := amVersion.LT(semver.MustParse("0.27.0")) if poc.UserKeyFile != "" && lessThanV0_26 { msg := "'user_key_file' supported in Alertmanager >= 0.26.0 only - dropping field from pushover receiver config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) poc.UserKeyFile = "" } @@ -1985,13 +2119,13 @@ func (poc *pushoverConfig) sanitize(amVersion semver.Version, logger log.Logger) if poc.UserKey != "" && poc.UserKeyFile != "" { msg := "'user_key' and 'user_key_file' are mutually exclusive for pushover receiver config - 'user_key' has taken precedence" - level.Warn(logger).Log("msg", msg) + logger.Warn(msg) poc.UserKeyFile = "" } if poc.TokenFile != "" && lessThanV0_26 { msg := "'token_file' supported in Alertmanager >= 0.26.0 only - dropping field from pushover receiver config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) poc.TokenFile = "" } @@ -2001,26 +2135,26 @@ func (poc *pushoverConfig) sanitize(amVersion semver.Version, logger log.Logger) if poc.Token != "" && poc.TokenFile != "" { msg := "'token' and 'token_file' are mutually exclusive for pushover receiver config - 'token' has taken precedence" - level.Warn(logger).Log("msg", msg) + logger.Warn(msg) poc.TokenFile = "" } if poc.TTL != "" && lessThanV0_27 { msg := "'ttl' supported in Alertmanager >= 0.27.0 only - dropping field from pushover receiver config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) poc.TTL = "" } if poc.Device != "" && lessThanV0_26 { msg := "'device' supported in Alertmanager >= 0.26.0 only - dropping field from pushover receiver config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) poc.Device = "" } return poc.HTTPConfig.sanitize(amVersion, logger) } -func (sc *slackConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (sc *slackConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { if err := sc.HTTPConfig.sanitize(amVersion, logger); err != nil { return err } @@ -2033,60 +2167,60 @@ func (sc *slackConfig) sanitize(amVersion semver.Version, logger log.Logger) err // As of v0.22.0 Alertmanager config supports passing URL via file name if sc.APIURLFile != "" && amVersion.LT(semver.MustParse("0.22.0")) { msg := "'api_url_file' supported in Alertmanager >= 0.22.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) sc.APIURLFile = "" } if sc.APIURL != "" && sc.APIURLFile != "" { msg := "'api_url' and 'api_url_file' are mutually exclusive for slack receiver config - 'api_url' has taken precedence" - level.Warn(logger).Log("msg", msg) + logger.Warn(msg) sc.APIURLFile = "" } return nil } -func (voc *victorOpsConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (voc *victorOpsConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { if err := voc.HTTPConfig.sanitize(amVersion, logger); err != nil { return err } if voc.APIKeyFile != "" && amVersion.LT(semver.MustParse("0.25.0")) { msg := "'api_key_file' supported in Alertmanager >= 0.25.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) voc.APIKeyFile = "" } if voc.APIKey != "" && voc.APIKeyFile != "" { msg := "'api_key' and 'api_key_file' are mutually exclusive for victorops receiver config - 'api_url' has taken precedence" - level.Warn(logger).Log("msg", msg) + logger.Warn(msg) voc.APIKeyFile = "" } return nil } -func (whc *webhookConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (whc *webhookConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { if err := whc.HTTPConfig.sanitize(amVersion, logger); err != nil { return err } if whc.URLFile != "" && amVersion.LT(semver.MustParse("0.26.0")) { msg := "'url_file' supported in Alertmanager >= 0.26.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) whc.URLFile = "" } if whc.URL != "" && whc.URLFile != "" { msg := "'url' and 'url_file' are mutually exclusive for webhook receiver config - 'url' has taken precedence" - level.Warn(logger).Log("msg", msg) + logger.Warn(msg) whc.URLFile = "" } return nil } -func (tc *msTeamsConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (tc *msTeamsConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { if amVersion.LT(semver.MustParse("0.26.0")) { return fmt.Errorf(`invalid syntax in receivers config; msteams integration is only available in Alertmanager >= 0.26.0`) } @@ -2097,22 +2231,22 @@ func (tc *msTeamsConfig) sanitize(amVersion semver.Version, logger log.Logger) e if tc.Summary != "" && amVersion.LT(semver.MustParse("0.27.0")) { msg := "'summary' supported in Alertmanager >= 0.27.0 only - dropping field `summary` from msteams config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) tc.Summary = "" } return tc.HTTPConfig.sanitize(amVersion, logger) } -func (wcc *weChatConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (wcc *weChatConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { return wcc.HTTPConfig.sanitize(amVersion, logger) } -func (sc *snsConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (sc *snsConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { return sc.HTTPConfig.sanitize(amVersion, logger) } -func (tc *telegramConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (tc *telegramConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { lessThanV0_26 := amVersion.LT(semver.MustParse("0.26.0")) telegramAllowed := amVersion.GTE(semver.MustParse("0.24.0")) @@ -2126,7 +2260,7 @@ func (tc *telegramConfig) sanitize(amVersion semver.Version, logger log.Logger) if tc.BotTokenFile != "" && lessThanV0_26 { msg := "'bot_token_file' supported in Alertmanager >= 0.26.0 only - dropping field from provided config" - level.Warn(logger).Log("msg", msg, "current_version", amVersion.String()) + logger.Warn(msg, "current_version", amVersion.String()) tc.BotTokenFile = "" } @@ -2136,14 +2270,14 @@ func (tc *telegramConfig) sanitize(amVersion semver.Version, logger log.Logger) if tc.BotToken != "" && tc.BotTokenFile != "" { msg := "'bot_token' and 'bot_token_file' are mutually exclusive for telegram receiver config - 'bot_token' has taken precedence" - level.Warn(logger).Log("msg", msg) + logger.Warn(msg) tc.BotTokenFile = "" } return tc.HTTPConfig.sanitize(amVersion, logger) } -func (tc *discordConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (tc *discordConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { discordAllowed := amVersion.GTE(semver.MustParse("0.25.0")) if !discordAllowed { return fmt.Errorf(`invalid syntax in receivers config; discord integration is available in Alertmanager >= 0.25.0`) @@ -2152,7 +2286,7 @@ func (tc *discordConfig) sanitize(amVersion semver.Version, logger log.Logger) e return tc.HTTPConfig.sanitize(amVersion, logger) } -func (tc *webexConfig) sanitize(amVersion semver.Version, logger log.Logger) error { +func (tc *webexConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error { webexAllowed := amVersion.GTE(semver.MustParse("0.25.0")) if !webexAllowed { return fmt.Errorf(`invalid syntax in receivers config; webex integration is available in Alertmanager >= 0.25.0`) @@ -2165,7 +2299,7 @@ func (tc *webexConfig) sanitize(amVersion semver.Version, logger log.Logger) err return tc.HTTPConfig.sanitize(amVersion, logger) } -func (ir *inhibitRule) sanitize(amVersion semver.Version, logger log.Logger) error { +func (ir *inhibitRule) sanitize(amVersion semver.Version, logger *slog.Logger) error { matchersV2Allowed := amVersion.GTE(semver.MustParse("0.22.0")) if !matchersV2Allowed { @@ -2181,7 +2315,7 @@ func (ir *inhibitRule) sanitize(amVersion semver.Version, logger log.Logger) err // to the namespace label we have injected - but we won't convert these if checkNotEmptyMap(ir.SourceMatch, ir.TargetMatch, ir.SourceMatchRE, ir.TargetMatchRE) { msg := "inhibit rule is using a deprecated match syntax which will be removed in future versions" - level.Warn(logger).Log("msg", msg, "source_match", ir.SourceMatch, "target_match", ir.TargetMatch, "source_match_re", ir.SourceMatchRE, "target_match_re", ir.TargetMatchRE) + logger.Warn(msg, "source_match", ir.SourceMatch, "target_match", ir.TargetMatch, "source_match_re", ir.SourceMatchRE, "target_match_re", ir.TargetMatchRE) } // ensure empty data structures are assigned nil so their yaml output is sanitized @@ -2196,14 +2330,14 @@ func (ir *inhibitRule) sanitize(amVersion semver.Version, logger log.Logger) err return nil } -func (ti *timeInterval) sanitize(amVersion semver.Version, logger log.Logger) error { +func (ti *timeInterval) sanitize(amVersion semver.Version, logger *slog.Logger) error { if amVersion.GTE(semver.MustParse("0.25.0")) { return nil } for i, tis := range ti.TimeIntervals { if tis.Location != nil { - level.Warn(logger).Log("msg", "time_interval location is supported in Alertmanager >= 0.25.0 only - dropping config") + logger.Warn("time_interval location is supported in Alertmanager >= 0.25.0 only - dropping config") ti.TimeIntervals[i].Location = nil } } @@ -2214,7 +2348,7 @@ func (ti *timeInterval) sanitize(amVersion semver.Version, logger log.Logger) er // sanitize a route and all its child routes. // Warns if the config is using deprecated syntax against a later version. // Returns an error if the config could potentially break routing logic. -func (r *route) sanitize(amVersion semver.Version, logger log.Logger) error { +func (r *route) sanitize(amVersion semver.Version, logger *slog.Logger) error { if r == nil { return nil } @@ -2222,7 +2356,7 @@ func (r *route) sanitize(amVersion semver.Version, logger log.Logger) error { matchersV2Allowed := amVersion.GTE(semver.MustParse("0.22.0")) muteTimeIntervalsAllowed := matchersV2Allowed activeTimeIntervalsAllowed := amVersion.GTE(semver.MustParse("0.24.0")) - withLogger := log.With(logger, "receiver", r.Receiver) + withLogger := logger.With("receiver", r.Receiver) if !matchersV2Allowed && checkNotEmptyStrSlice(r.Matchers) { return fmt.Errorf(`invalid syntax in route config for 'matchers' comparison based matching is supported in Alertmanager >= 0.22.0 only (matchers=%v)`, r.Matchers) @@ -2230,18 +2364,18 @@ func (r *route) sanitize(amVersion semver.Version, logger log.Logger) error { if matchersV2Allowed && checkNotEmptyMap(r.Match, r.MatchRE) { msg := "'matchers' field is using a deprecated syntax which will be removed in future versions" - level.Warn(withLogger).Log("msg", msg, "match", fmt.Sprint(r.Match), "match_re", fmt.Sprint(r.MatchRE)) + withLogger.Warn(msg, "match", fmt.Sprint(r.Match), "match_re", fmt.Sprint(r.MatchRE)) } if !muteTimeIntervalsAllowed { msg := "named mute time intervals in route is supported in Alertmanager >= 0.22.0 only - dropping config" - level.Warn(withLogger).Log("msg", msg, "mute_time_intervals", fmt.Sprint(r.MuteTimeIntervals)) + withLogger.Warn(msg, "mute_time_intervals", fmt.Sprint(r.MuteTimeIntervals)) r.MuteTimeIntervals = nil } if !activeTimeIntervalsAllowed { msg := "active time intervals in route is supported in Alertmanager >= 0.24.0 only - dropping config" - level.Warn(withLogger).Log("msg", msg, "active_time_intervals", fmt.Sprint(r.ActiveTimeIntervals)) + withLogger.Warn(msg, "active_time_intervals", fmt.Sprint(r.ActiveTimeIntervals)) r.ActiveTimeIntervals = nil } diff --git a/pkg/alertmanager/amcfg_test.go b/pkg/alertmanager/amcfg_test.go index b6dcaf7a9ad..75152a1aa6a 100644 --- a/pkg/alertmanager/amcfg_test.go +++ b/pkg/alertmanager/amcfg_test.go @@ -18,12 +18,14 @@ import ( "context" "encoding/json" "fmt" + "log/slog" + "math" "net/url" + "os" "testing" "time" "github.com/blang/semver/v4" - "github.com/go-kit/log" "github.com/prometheus/alertmanager/config" "github.com/prometheus/alertmanager/timeinterval" "github.com/prometheus/common/model" @@ -33,13 +35,15 @@ import ( apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes/fake" "k8s.io/utils/ptr" - monitoringingv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" "github.com/prometheus-operator/prometheus-operator/pkg/assets" + "github.com/prometheus-operator/prometheus-operator/pkg/operator" ) func mustMarshalRoute(r monitoringv1alpha1.Route) []byte { @@ -63,23 +67,30 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }) + version24, err := semver.ParseTolerant("v0.24.0") + require.NoError(t, err) + + version26, err := semver.ParseTolerant("v0.26.0") + require.NoError(t, err) + pagerdutyURL := "example.pagerduty.com" invalidPagerdutyURL := "://example.pagerduty.com" tests := []struct { name string - globalConfig *monitoringingv1.AlertmanagerGlobalConfig - matcherStrategy monitoringingv1.AlertmanagerConfigMatcherStrategy + amVersion *semver.Version + globalConfig *monitoringv1.AlertmanagerGlobalConfig + matcherStrategy monitoringv1.AlertmanagerConfigMatcherStrategy amConfig *monitoringv1alpha1.AlertmanagerConfig want *alertmanagerConfig wantErr bool }{ { name: "valid global config", - globalConfig: &monitoringingv1.AlertmanagerGlobalConfig{ - SMTPConfig: &monitoringingv1.GlobalSMTPConfig{ + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ + SMTPConfig: &monitoringv1.GlobalSMTPConfig{ From: ptr.To("from"), - SmartHost: &monitoringingv1.HostPort{ + SmartHost: &monitoringv1.HostPort{ Host: "smtp.example.org", Port: "587", }, @@ -101,9 +112,9 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { RequireTLS: ptr.To(true), }, ResolveTimeout: "30s", - HTTPConfig: &monitoringingv1.HTTPConfig{ - OAuth2: &monitoringingv1.OAuth2{ - ClientID: monitoringingv1.SecretOrConfigMap{ + HTTPConfig: &monitoringv1.HTTPConfig{ + OAuth2: &monitoringv1.OAuth2{ + ClientID: monitoringv1.SecretOrConfigMap{ ConfigMap: &corev1.ConfigMapKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ Name: "webhook-client-id", @@ -136,6 +147,9 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { { Name: "null", }, + { + Name: "myreceiver", + }, }, Route: &monitoringv1alpha1.Route{ Receiver: "null", @@ -147,7 +161,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - matcherStrategy: monitoringingv1.AlertmanagerConfigMatcherStrategy{ + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ Type: "OnNamespace", }, want: &alertmanagerConfig{ @@ -181,6 +195,9 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { { Name: "mynamespace/global-config/null", }, + { + Name: "mynamespace/global-config/myreceiver", + }, }, Route: &route{ Receiver: "mynamespace/global-config/null", @@ -198,7 +215,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, { name: "valid global config with Slack API URL", - globalConfig: &monitoringingv1.AlertmanagerGlobalConfig{ + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ SlackAPIURL: &corev1.SecretKeySelector{ Key: "url", LocalObjectReference: corev1.LocalObjectReference{ @@ -216,6 +233,9 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { { Name: "null", }, + { + Name: "myreceiver", + }, }, Route: &monitoringv1alpha1.Route{ Receiver: "null", @@ -227,7 +247,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - matcherStrategy: monitoringingv1.AlertmanagerConfigMatcherStrategy{ + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ Type: "OnNamespace", }, want: &alertmanagerConfig{ @@ -238,6 +258,9 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { { Name: "mynamespace/global-config/null", }, + { + Name: "mynamespace/global-config/myreceiver", + }, }, Route: &route{ Receiver: "mynamespace/global-config/null", @@ -255,7 +278,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, { name: "global config with invalid Slack API URL", - globalConfig: &monitoringingv1.AlertmanagerGlobalConfig{ + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ SlackAPIURL: &corev1.SecretKeySelector{ Key: "invalid_url", LocalObjectReference: corev1.LocalObjectReference{ @@ -284,14 +307,14 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - matcherStrategy: monitoringingv1.AlertmanagerConfigMatcherStrategy{ + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ Type: "OnNamespace", }, wantErr: true, }, { name: "global config with missing Slack API URL", - globalConfig: &monitoringingv1.AlertmanagerGlobalConfig{ + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ SlackAPIURL: &corev1.SecretKeySelector{ Key: "url", LocalObjectReference: corev1.LocalObjectReference{ @@ -320,14 +343,14 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - matcherStrategy: monitoringingv1.AlertmanagerConfigMatcherStrategy{ + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ Type: "OnNamespace", }, wantErr: true, }, { name: "valid global config with OpsGenie API URL", - globalConfig: &monitoringingv1.AlertmanagerGlobalConfig{ + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ OpsGenieAPIURL: &corev1.SecretKeySelector{ Key: "url", LocalObjectReference: corev1.LocalObjectReference{ @@ -345,6 +368,9 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { { Name: "null", }, + { + Name: "myreceiver", + }, }, Route: &monitoringv1alpha1.Route{ Receiver: "null", @@ -356,7 +382,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - matcherStrategy: monitoringingv1.AlertmanagerConfigMatcherStrategy{ + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ Type: "OnNamespace", }, want: &alertmanagerConfig{ @@ -367,6 +393,9 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { { Name: "mynamespace/global-config/null", }, + { + Name: "mynamespace/global-config/myreceiver", + }, }, Route: &route{ Receiver: "mynamespace/global-config/null", @@ -384,7 +413,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, { name: "global config with invalid OpsGenie API URL", - globalConfig: &monitoringingv1.AlertmanagerGlobalConfig{ + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ OpsGenieAPIURL: &corev1.SecretKeySelector{ Key: "invalid_url", LocalObjectReference: corev1.LocalObjectReference{ @@ -413,14 +442,14 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - matcherStrategy: monitoringingv1.AlertmanagerConfigMatcherStrategy{ + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ Type: "OnNamespace", }, wantErr: true, }, { name: "global config with missing OpsGenie API URL", - globalConfig: &monitoringingv1.AlertmanagerGlobalConfig{ + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ OpsGenieAPIURL: &corev1.SecretKeySelector{ Key: "url", LocalObjectReference: corev1.LocalObjectReference{ @@ -449,14 +478,14 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - matcherStrategy: monitoringingv1.AlertmanagerConfigMatcherStrategy{ + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ Type: "OnNamespace", }, wantErr: true, }, { name: "valid global config with OpsGenie API KEY", - globalConfig: &monitoringingv1.AlertmanagerGlobalConfig{ + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ OpsGenieAPIKey: &corev1.SecretKeySelector{ Key: "api_key", LocalObjectReference: corev1.LocalObjectReference{ @@ -474,6 +503,9 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { { Name: "null", }, + { + Name: "myreceiver", + }, }, Route: &monitoringv1alpha1.Route{ Receiver: "null", @@ -485,7 +517,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - matcherStrategy: monitoringingv1.AlertmanagerConfigMatcherStrategy{ + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ Type: "OnNamespace", }, want: &alertmanagerConfig{ @@ -496,6 +528,9 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { { Name: "mynamespace/global-config/null", }, + { + Name: "mynamespace/global-config/myreceiver", + }, }, Route: &route{ Receiver: "mynamespace/global-config/null", @@ -513,7 +548,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, { name: "global config with missing OpsGenie API KEY", - globalConfig: &monitoringingv1.AlertmanagerGlobalConfig{ + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ OpsGenieAPIKey: &corev1.SecretKeySelector{ Key: "api_key", LocalObjectReference: corev1.LocalObjectReference{ @@ -542,14 +577,14 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - matcherStrategy: monitoringingv1.AlertmanagerConfigMatcherStrategy{ + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ Type: "OnNamespace", }, wantErr: true, }, { name: "valid global config with Pagerduty URL", - globalConfig: &monitoringingv1.AlertmanagerGlobalConfig{ + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ PagerdutyURL: &pagerdutyURL, }, amConfig: &monitoringv1alpha1.AlertmanagerConfig{ @@ -562,6 +597,9 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { { Name: "null", }, + { + Name: "myreceiver", + }, }, Route: &monitoringv1alpha1.Route{ Receiver: "null", @@ -573,7 +611,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - matcherStrategy: monitoringingv1.AlertmanagerConfigMatcherStrategy{ + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ Type: "OnNamespace", }, want: &alertmanagerConfig{ @@ -584,6 +622,9 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { { Name: "mynamespace/global-config/null", }, + { + Name: "mynamespace/global-config/myreceiver", + }, }, Route: &route{ Receiver: "mynamespace/global-config/null", @@ -601,7 +642,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, { name: "global config with invalid Pagerduty URL", - globalConfig: &monitoringingv1.AlertmanagerGlobalConfig{ + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ PagerdutyURL: &invalidPagerdutyURL, }, amConfig: &monitoringv1alpha1.AlertmanagerConfig{ @@ -625,7 +666,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - matcherStrategy: monitoringingv1.AlertmanagerConfigMatcherStrategy{ + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ Type: "OnNamespace", }, wantErr: true, @@ -642,8 +683,172 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, { name: "globalConfig has null resolve timeout", - globalConfig: &monitoringingv1.AlertmanagerGlobalConfig{ - HTTPConfig: &monitoringingv1.HTTPConfig{ + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ + HTTPConfig: &monitoringv1.HTTPConfig{ + FollowRedirects: ptr.To(true), + }, + }, + amConfig: &monitoringv1alpha1.AlertmanagerConfig{ + ObjectMeta: metav1.ObjectMeta{ + Name: "global-config", + Namespace: "mynamespace", + }, + Spec: monitoringv1alpha1.AlertmanagerConfigSpec{ + Receivers: []monitoringv1alpha1.Receiver{ + { + Name: "null", + }, + }, + Route: &monitoringv1alpha1.Route{ + Receiver: "null", + }, + }, + }, + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ + Type: "OnNamespace", + }, + want: &alertmanagerConfig{ + Global: &globalConfig{ + HTTPConfig: &httpClientConfig{ + FollowRedirects: ptr.To(true), + }, + }, + Receivers: []*receiver{ + { + Name: "mynamespace/global-config/null", + }, + }, + Route: &route{ + Receiver: "mynamespace/global-config/null", + }, + }, + wantErr: false, + }, + { + name: "globalConfig httpconfig/proxyconfig has null secretKey for proxyConnectHeader", + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ + HTTPConfig: &monitoringv1.HTTPConfig{ + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://example.com"), + NoProxy: ptr.To("svc.cluster.local"), + ProxyConnectHeader: map[string][]corev1.SecretKeySelector{ + "header": { + { + LocalObjectReference: corev1.LocalObjectReference{ + Name: "no-secret", + }, + Key: "proxy-header", + }, + }, + }, + }, + FollowRedirects: ptr.To(true), + }, + }, + amConfig: &monitoringv1alpha1.AlertmanagerConfig{ + ObjectMeta: metav1.ObjectMeta{ + Name: "global-config", + Namespace: "mynamespace", + }, + Spec: monitoringv1alpha1.AlertmanagerConfigSpec{ + Receivers: []monitoringv1alpha1.Receiver{ + { + Name: "null", + }, + }, + Route: &monitoringv1alpha1.Route{ + Receiver: "null", + }, + }, + }, + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ + Type: "OnNamespace", + }, + wantErr: true, + }, + { + name: "valid globalConfig httpconfig/proxyconfig/proxyConnectHeader with amVersion24", + amVersion: &version24, + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ + HTTPConfig: &monitoringv1.HTTPConfig{ + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://example.com"), + NoProxy: ptr.To("svc.cluster.local"), + ProxyConnectHeader: map[string][]corev1.SecretKeySelector{ + "header": { + { + LocalObjectReference: corev1.LocalObjectReference{ + Name: "secret", + }, + Key: "proxy-header", + }, + }, + }, + }, + FollowRedirects: ptr.To(true), + }, + }, + amConfig: &monitoringv1alpha1.AlertmanagerConfig{ + ObjectMeta: metav1.ObjectMeta{ + Name: "global-config", + Namespace: "mynamespace", + }, + Spec: monitoringv1alpha1.AlertmanagerConfigSpec{ + Receivers: []monitoringv1alpha1.Receiver{ + { + Name: "null", + }, + }, + Route: &monitoringv1alpha1.Route{ + Receiver: "null", + }, + }, + }, + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ + Type: "OnNamespace", + }, + want: &alertmanagerConfig{ + Global: &globalConfig{ + HTTPConfig: &httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com", + NoProxy: "", + ProxyFromEnvironment: false, + ProxyConnectHeader: nil, + }, + FollowRedirects: ptr.To(true), + }, + }, + Receivers: []*receiver{ + { + Name: "mynamespace/global-config/null", + }, + }, + Route: &route{ + Receiver: "mynamespace/global-config/null", + }, + }, + wantErr: false, + }, + { + name: "valid globalConfig httpconfig/proxyconfig/proxyConnectHeader with amVersion26", + amVersion: &version26, + globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ + HTTPConfig: &monitoringv1.HTTPConfig{ + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://example.com"), + NoProxy: ptr.To("svc.cluster.local"), + ProxyConnectHeader: map[string][]corev1.SecretKeySelector{ + "header": { + { + LocalObjectReference: corev1.LocalObjectReference{ + Name: "secret", + }, + Key: "proxy-header", + }, + }, + }, + }, FollowRedirects: ptr.To(true), }, }, @@ -663,12 +868,20 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - matcherStrategy: monitoringingv1.AlertmanagerConfigMatcherStrategy{ + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ Type: "OnNamespace", }, want: &alertmanagerConfig{ Global: &globalConfig{ HTTPConfig: &httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com", + NoProxy: "svc.cluster.local", + ProxyFromEnvironment: false, + ProxyConnectHeader: map[string][]string{ + "header": {"value"}, + }, + }, FollowRedirects: ptr.To(true), }, }, @@ -683,10 +896,41 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, wantErr: false, }, + { + name: "invalid alertmanagerConfig with invalid child routes", + amConfig: &monitoringv1alpha1.AlertmanagerConfig{ + ObjectMeta: metav1.ObjectMeta{ + Name: "global-config", + Namespace: "mynamespace", + }, + Spec: monitoringv1alpha1.AlertmanagerConfigSpec{ + Receivers: []monitoringv1alpha1.Receiver{ + { + Name: "null", + }, + }, + Route: &monitoringv1alpha1.Route{ + Receiver: "null", + Routes: []apiextensionsv1.JSON{ + { + Raw: []byte(`{"receiver": "recv2", "matchers": [{"severity":"!=critical$"}]}`), + }, + }, + }, + }, + }, + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ + Type: "OnNamespace", + }, + wantErr: true, + }, } for _, tt := range tests { - version, err := semver.ParseTolerant("v0.22.2") - require.NoError(t, err) + if tt.amVersion == nil { + version, err := semver.ParseTolerant("v0.22.2") + require.NoError(t, err) + tt.amVersion = &version + } kclient := fake.NewSimpleClientset( &corev1.ConfigMap{ @@ -738,10 +982,19 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { "api_key": []byte("mykey"), }, }, + &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "secret", + Namespace: "mynamespace", + }, + Data: map[string][]byte{ + "proxy-header": []byte("value"), + }, + }, ) cb := newConfigBuilder( - log.NewNopLogger(), - version, + newNopLogger(t), + *tt.amVersion, assets.NewStoreBuilder(kclient.CoreV1(), kclient.CoreV1()), tt.matcherStrategy, ) @@ -763,7 +1016,7 @@ func TestGenerateConfig(t *testing.T) { kclient kubernetes.Interface baseConfig alertmanagerConfig amVersion *semver.Version - matcherStrategy monitoringingv1.AlertmanagerConfigMatcherStrategy + matcherStrategy monitoringv1.AlertmanagerConfigMatcherStrategy amConfigs map[string]*monitoringv1alpha1.AlertmanagerConfig golden string } @@ -1108,7 +1361,7 @@ func TestGenerateConfig(t *testing.T) { Route: &route{Receiver: "null"}, Receivers: []*receiver{{Name: "null"}}, }, - matcherStrategy: monitoringingv1.AlertmanagerConfigMatcherStrategy{ + matcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{ Type: "None", }, amConfigs: map[string]*monitoringv1alpha1.AlertmanagerConfig{ @@ -1370,8 +1623,8 @@ func TestGenerateConfig(t *testing.T) { WebhookConfigs: []monitoringv1alpha1.WebhookConfig{{ URL: ptr.To("http://test.url"), HTTPConfig: &monitoringv1alpha1.HTTPConfig{ - OAuth2: &monitoringingv1.OAuth2{ - ClientID: monitoringingv1.SecretOrConfigMap{ + OAuth2: &monitoringv1.OAuth2{ + ClientID: monitoringv1.SecretOrConfigMap{ ConfigMap: &corev1.ConfigMapKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ Name: "webhook-client-id", @@ -1722,7 +1975,7 @@ func TestGenerateConfig(t *testing.T) { SNSConfigs: []monitoringv1alpha1.SNSConfig{ { ApiURL: "https://sns.us-east-2.amazonaws.com", - Sigv4: &monitoringingv1.Sigv4{ + Sigv4: &monitoringv1.Sigv4{ Region: "us-east-2", AccessKey: &corev1.SecretKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ @@ -1781,7 +2034,7 @@ func TestGenerateConfig(t *testing.T) { SNSConfigs: []monitoringv1alpha1.SNSConfig{ { ApiURL: "https://sns.us-east-2.amazonaws.com", - Sigv4: &monitoringingv1.Sigv4{ + Sigv4: &monitoringv1.Sigv4{ Region: "us-east-2", RoleArn: "test-roleARN", }, @@ -2113,7 +2366,7 @@ func TestGenerateConfig(t *testing.T) { }, } - logger := log.NewNopLogger() + logger := newNopLogger(t) for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { store := assets.NewStoreBuilder(tc.kclient.CoreV1(), tc.kclient.CoreV1()) @@ -2143,7 +2396,7 @@ func TestGenerateConfig(t *testing.T) { } func TestSanitizeConfig(t *testing.T) { - logger := log.NewNopLogger() + logger := newNopLogger(t) versionFileURLAllowed := semver.Version{Major: 0, Minor: 22} versionFileURLNotAllowed := semver.Version{Major: 0, Minor: 21} @@ -2771,7 +3024,7 @@ func TestSanitizeConfig(t *testing.T) { } func TestHTTPClientConfig(t *testing.T) { - logger := log.NewNopLogger() + logger := newNopLogger(t) httpConfigV25Allowed := semver.Version{Major: 0, Minor: 25} httpConfigV25NotAllowed := semver.Version{Major: 0, Minor: 24} @@ -2779,6 +3032,9 @@ func TestHTTPClientConfig(t *testing.T) { versionAuthzAllowed := semver.Version{Major: 0, Minor: 22} versionAuthzNotAllowed := semver.Version{Major: 0, Minor: 21} + httpConfigV26Allowed := semver.Version{Major: 0, Minor: 26} + httpConfigV26NotAllowed := semver.Version{Major: 0, Minor: 25} + // test the http config independently since all receivers rely on same behaviour for _, tc := range []struct { name string @@ -2813,7 +3069,9 @@ func TestHTTPClientConfig(t *testing.T) { ClientSecret: "b", ClientSecretFile: "c", TokenURL: "d", - ProxyURL: "http://example.com/", + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com/", + }, }, EnableHTTP2: ptr.To(false), TLSConfig: &tlsConfig{ @@ -2828,7 +3086,9 @@ func TestHTTPClientConfig(t *testing.T) { ClientSecret: "b", ClientSecretFile: "c", TokenURL: "d", - ProxyURL: "http://example.com/", + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com/", + }, }, EnableHTTP2: ptr.To(false), TLSConfig: &tlsConfig{ @@ -2898,7 +3158,9 @@ func TestHTTPClientConfig(t *testing.T) { ClientSecret: "b", ClientSecretFile: "c", TokenURL: "d", - ProxyURL: "http://example.com/", + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com/", + }, }, EnableHTTP2: ptr.To(false), TLSConfig: &tlsConfig{ @@ -2917,7 +3179,9 @@ func TestHTTPClientConfig(t *testing.T) { ClientSecret: "b", ClientSecretFile: "c", TokenURL: "d", - ProxyURL: "http://example.com/", + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com/", + }, }, EnableHTTP2: ptr.To(false), TLSConfig: &tlsConfig{ @@ -2935,7 +3199,9 @@ func TestHTTPClientConfig(t *testing.T) { ClientSecret: "b", ClientSecretFile: "c", TokenURL: "d", - ProxyURL: "http://example.com/", + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com/", + }, }, EnableHTTP2: ptr.To(false), TLSConfig: &tlsConfig{ @@ -2953,7 +3219,9 @@ func TestHTTPClientConfig(t *testing.T) { ClientSecret: "b", ClientSecretFile: "c", TokenURL: "d", - ProxyURL: "http://example.com/", + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com/", + }, }, EnableHTTP2: ptr.To(false), TLSConfig: &tlsConfig{ @@ -2972,6 +3240,169 @@ func TestHTTPClientConfig(t *testing.T) { TLSConfig: &tlsConfig{}, }, }, + { + name: "Test HTTP client config oauth2 proxyConfig fields dropped before v0.25.0", + in: &httpClientConfig{ + OAuth2: &oauth2{ + ClientID: "a", + ClientSecret: "b", + ClientSecretFile: "c", + TokenURL: "d", + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com/", + NoProxy: "http://proxy.io/", + ProxyFromEnvironment: true, + }, + }, + EnableHTTP2: ptr.To(false), + }, + againstVersion: httpConfigV25NotAllowed, + expect: httpClientConfig{ + OAuth2: &oauth2{ + ClientID: "a", + ClientSecret: "b", + ClientSecretFile: "c", + TokenURL: "d", + }, + }, + }, + { + name: "Test HTTP client config oauth2 proxyConfig fields", + in: &httpClientConfig{ + OAuth2: &oauth2{ + ClientID: "a", + ClientSecret: "b", + ClientSecretFile: "c", + TokenURL: "d", + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com/", + NoProxy: "http://proxy.io/", + ProxyFromEnvironment: true, + }, + }, + }, + againstVersion: httpConfigV25Allowed, + expect: httpClientConfig{ + OAuth2: &oauth2{ + ClientID: "a", + ClientSecret: "b", + ClientSecretFile: "c", + TokenURL: "d", + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com/", + NoProxy: "http://proxy.io/", + ProxyFromEnvironment: true, + }, + }, + }, + }, + { + name: "no_proxy and proxy_connect_header fields dropped before v0.26.0", + in: &httpClientConfig{ + proxyConfig: proxyConfig{ + NoProxy: "example.com", + ProxyConnectHeader: map[string][]string{ + "X-Foo": {"Bar"}, + }, + }, + }, + againstVersion: httpConfigV26NotAllowed, + expect: httpClientConfig{ + proxyConfig: proxyConfig{}, + }, + }, + { + name: "no_proxy/proxy_connect_header fields preserved after v0.26.0", + in: &httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com", + NoProxy: "svc.cluster.local", + ProxyConnectHeader: map[string][]string{ + "X-Foo": {"Bar"}, + }, + }, + }, + againstVersion: httpConfigV26Allowed, + expect: httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com", + NoProxy: "svc.cluster.local", + ProxyConnectHeader: map[string][]string{ + "X-Foo": {"Bar"}, + }, + }, + }, + }, + { + name: "proxy_from_environment field dropped before v0.26.0", + in: &httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyFromEnvironment: true, + }, + }, + againstVersion: httpConfigV26NotAllowed, + expect: httpClientConfig{ + proxyConfig: proxyConfig{}, + }, + }, + { + name: "proxy_from_environment field preserved after v0.26.0", + in: &httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyFromEnvironment: true, + }, + }, + againstVersion: httpConfigV26Allowed, + expect: httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyFromEnvironment: true, + }, + }, + }, + { + name: "proxy_from_environment and proxy_url configured return an error", + in: &httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyFromEnvironment: true, + ProxyURL: "http://example.com", + }, + }, + againstVersion: httpConfigV26Allowed, + expectErr: true, + }, + { + name: "proxy_from_environment and no_proxy configured return an error", + in: &httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyFromEnvironment: true, + NoProxy: "svc.cluster.local", + }, + }, + againstVersion: httpConfigV26Allowed, + expectErr: true, + }, + { + name: "no_proxy configured alone returns an error", + in: &httpClientConfig{ + proxyConfig: proxyConfig{ + NoProxy: "svc.cluster.local", + }, + }, + againstVersion: httpConfigV26Allowed, + expectErr: true, + }, + { + name: "proxy_connect_header configured alone returns an error", + in: &httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyConnectHeader: map[string][]string{ + "X-Foo": {"Bar"}, + }, + }, + }, + againstVersion: httpConfigV26Allowed, + expectErr: true, + }, } { t.Run(tc.name, func(t *testing.T) { err := tc.in.sanitize(tc.againstVersion, logger) @@ -2986,7 +3417,7 @@ func TestHTTPClientConfig(t *testing.T) { } func TestTimeInterval(t *testing.T) { - logger := log.NewNopLogger() + logger := newNopLogger(t) for _, tc := range []struct { name string @@ -3143,7 +3574,7 @@ func TestTimeInterval(t *testing.T) { } } func TestSanitizePushoverReceiverConfig(t *testing.T) { - logger := log.NewNopLogger() + logger := newNopLogger(t) for _, tc := range []struct { name string @@ -3263,7 +3694,7 @@ func TestSanitizePushoverReceiverConfig(t *testing.T) { } } func TestSanitizeEmailConfig(t *testing.T) { - logger := log.NewNopLogger() + logger := newNopLogger(t) for _, tc := range []struct { name string @@ -3370,7 +3801,7 @@ func TestSanitizeEmailConfig(t *testing.T) { } func TestSanitizeVictorOpsConfig(t *testing.T) { - logger := log.NewNopLogger() + logger := newNopLogger(t) for _, tc := range []struct { name string @@ -3477,7 +3908,7 @@ func TestSanitizeVictorOpsConfig(t *testing.T) { } func TestSanitizeWebhookConfig(t *testing.T) { - logger := log.NewNopLogger() + logger := newNopLogger(t) for _, tc := range []struct { name string @@ -3555,7 +3986,7 @@ func TestSanitizeWebhookConfig(t *testing.T) { } func TestSanitizePushoverConfig(t *testing.T) { - logger := log.NewNopLogger() + logger := newNopLogger(t) for _, tc := range []struct { name string @@ -3698,7 +4129,7 @@ func TestSanitizePushoverConfig(t *testing.T) { } func TestSanitizePagerDutyConfig(t *testing.T) { - logger := log.NewNopLogger() + logger := newNopLogger(t) for _, tc := range []struct { name string @@ -3881,7 +4312,7 @@ func TestSanitizePagerDutyConfig(t *testing.T) { } func TestSanitizeRoute(t *testing.T) { - logger := log.NewNopLogger() + logger := newNopLogger(t) matcherV2SyntaxAllowed := semver.Version{Major: 0, Minor: 22} matcherV2SyntaxNotAllowed := semver.Version{Major: 0, Minor: 21} @@ -4126,9 +4557,105 @@ func TestLoadConfig(t *testing.T) { } } +func TestConvertHTTPConfig(t *testing.T) { + for _, tc := range []struct { + name string + cfg monitoringv1alpha1.HTTPConfig + + exp *httpClientConfig + }{ + { + name: "no proxy", + cfg: monitoringv1alpha1.HTTPConfig{}, + exp: &httpClientConfig{}, + }, + { + name: "proxyURL only", + cfg: monitoringv1alpha1.HTTPConfig{ + ProxyURLOriginal: ptr.To("http://example.com"), + }, + exp: &httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com", + }, + }, + }, + { + name: "proxyUrl only", + cfg: monitoringv1alpha1.HTTPConfig{ + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://example.com"), + }, + }, + exp: &httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com", + }, + }, + }, + { + name: "proxyUrl and proxyURL", + cfg: monitoringv1alpha1.HTTPConfig{ + ProxyURLOriginal: ptr.To("http://example.com"), + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://bad.example.com"), + }, + }, + exp: &httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com", + }, + }, + }, + { + name: "proxyUrl and empty proxyURL", + cfg: monitoringv1alpha1.HTTPConfig{ + ProxyURLOriginal: ptr.To(""), + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://example.com"), + }, + }, + exp: &httpClientConfig{ + proxyConfig: proxyConfig{ + ProxyURL: "http://example.com", + }, + }, + }, + } { + t.Run(tc.name, func(t *testing.T) { + v, err := semver.ParseTolerant(operator.DefaultAlertmanagerVersion) + require.NoError(t, err) + + cb := newConfigBuilder( + newNopLogger(t), + v, + nil, + monitoringv1.AlertmanagerConfigMatcherStrategy{ + Type: monitoringv1.OnNamespaceConfigMatcherStrategyType, + }, + ) + + cfg, err := cb.convertHTTPConfig(context.Background(), &tc.cfg, types.NamespacedName{}) + require.NoError(t, err) + + require.Equal(t, tc.exp, cfg) + }) + } +} + func parseURL(t *testing.T, u string) *config.URL { t.Helper() url, err := url.Parse(u) require.NoError(t, err) return &config.URL{URL: url} } + +func newNopLogger(t *testing.T) *slog.Logger { + t.Helper() + return slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + // slog level math.MaxInt means no logging + // We would like to use the slog buil-in No-op level once it is available + // More: https://github.com/golang/go/issues/62005 + Level: slog.Level(math.MaxInt), + })) +} diff --git a/pkg/alertmanager/operator.go b/pkg/alertmanager/operator.go index dad7791e05a..927687524e8 100644 --- a/pkg/alertmanager/operator.go +++ b/pkg/alertmanager/operator.go @@ -19,14 +19,12 @@ import ( "context" "errors" "fmt" + "log/slog" "path" - "regexp" "strings" "time" "github.com/blang/semver/v4" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/mitchellh/hashstructure" "github.com/prometheus/client_golang/prometheus" appsv1 "k8s.io/api/apps/v1" @@ -83,7 +81,7 @@ type Operator struct { controllerID string - logger log.Logger + logger *slog.Logger accessor *operator.Accessor nsAlrtInf cache.SharedIndexInformer @@ -106,9 +104,19 @@ type Operator struct { config Config } +type ControllerOption func(*Operator) + +// WithStorageClassValidation tells that the controller should verify that the +// Prometheus spec references a valid StorageClass name. +func WithStorageClassValidation() ControllerOption { + return func(o *Operator) { + o.canReadStorageClass = true + } +} + // New creates a new controller. -func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger log.Logger, r prometheus.Registerer, canReadStorageClass bool, erf operator.EventRecorderFactory) (*Operator, error) { - logger = log.With(logger, "component", controllerName) +func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger *slog.Logger, r prometheus.Registerer, options ...ControllerOption) (*Operator, error) { + logger = logger.With("component", controllerName) client, err := kubernetes.NewForConfig(restConfig) if err != nil { @@ -137,10 +145,9 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger logger: logger, accessor: operator.NewAccessor(logger), - metrics: operator.NewMetrics(r), - reconciliations: &operator.ReconciliationTracker{}, - eventRecorder: erf(client, controllerName), - canReadStorageClass: canReadStorageClass, + metrics: operator.NewMetrics(r), + reconciliations: &operator.ReconciliationTracker{}, + eventRecorder: c.EventRecorderFactory(client, controllerName), controllerID: c.ControllerID, @@ -153,20 +160,24 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger Labels: c.Labels, }, } + for _, opt := range options { + opt(o) + } + + if err := o.bootstrap(ctx, c); err != nil { + return nil, err + } o.rr = operator.NewResourceReconciler( o.logger, o, + o.alrtInfs, o.metrics, monitoringv1.AlertmanagersKind, r, o.controllerID, ) - if err := o.bootstrap(ctx, c); err != nil { - return nil, err - } - return o, nil } @@ -217,7 +228,8 @@ func (c *Operator) bootstrap(ctx context.Context, config operator.Config) error c.mdClient, resyncPeriod, func(options *metav1.ListOptions) { - options.FieldSelector = config.SecretListWatchSelector.String() + options.FieldSelector = config.SecretListWatchFieldSelector.String() + options.LabelSelector = config.SecretListWatchLabelSelector.String() }, ), v1.SchemeGroupVersion.WithResource("secrets"), @@ -255,7 +267,7 @@ func (c *Operator) bootstrap(ctx context.Context, config operator.Config) error return nil, fmt.Errorf("failed to create namespace lister/watcher: %w", err) } - level.Debug(c.logger).Log("msg", "creating namespace informer", "privileged", privileged) + c.logger.Debug("creating namespace informer", "privileged", privileged) return cache.NewSharedIndexInformer( o.metrics.NewInstrumentedListerWatcher(lw), &v1.Namespace{}, @@ -292,7 +304,7 @@ func (c *Operator) waitForCacheSync(ctx context.Context) error { {"StatefulSet", c.ssetInfs}, } { for _, inf := range infs.informersForResource.GetInformers() { - if !operator.WaitForNamedCacheSync(ctx, "alertmanager", log.With(c.logger, "informer", infs.name), inf.Informer()) { + if !operator.WaitForNamedCacheSync(ctx, "alertmanager", c.logger.With("informer", infs.name), inf.Informer()) { return fmt.Errorf("failed to sync cache for %s informer", infs.name) } } @@ -305,12 +317,12 @@ func (c *Operator) waitForCacheSync(ctx context.Context) error { {"AlertmanagerNamespace", c.nsAlrtInf}, {"AlertmanagerConfigNamespace", c.nsAlrtCfgInf}, } { - if !operator.WaitForNamedCacheSync(ctx, "alertmanager", log.With(c.logger, "informer", inf.name), inf.informer) { + if !operator.WaitForNamedCacheSync(ctx, "alertmanager", c.logger.With("informer", inf.name), inf.informer) { return fmt.Errorf("failed to sync cache for %s informer", inf.name) } } - level.Info(c.logger).Log("msg", "successfully synced all caches") + c.logger.Info("successfully synced all caches") return nil } @@ -351,16 +363,14 @@ func (c *Operator) addHandlers() { func (c *Operator) enqueueForNamespace(nsName string) { nsObject, exists, err := c.nsAlrtCfgInf.GetStore().GetByKey(nsName) if err != nil { - level.Error(c.logger).Log( - "msg", "get namespace to enqueue Alertmanager instances failed", + c.logger.Error( + "get namespace to enqueue Alertmanager instances failed", "err", err, ) return } if !exists { - level.Error(c.logger).Log( - "msg", fmt.Sprintf("get namespace to enqueue Alertmanager instances failed: namespace %q does not exist", nsName), - ) + c.logger.Error(fmt.Sprintf("get namespace to enqueue Alertmanager instances failed: namespace %q does not exist", nsName)) return } ns := nsObject.(*v1.Namespace) @@ -377,8 +387,8 @@ func (c *Operator) enqueueForNamespace(nsName string) { // the namespace. acNSSelector, err := metav1.LabelSelectorAsSelector(am.Spec.AlertmanagerConfigNamespaceSelector) if err != nil { - level.Error(c.logger).Log( - "msg", fmt.Sprintf("failed to convert AlertmanagerConfigNamespaceSelector of %q to selector", am.Name), + c.logger.Error( + fmt.Sprintf("failed to convert AlertmanagerConfigNamespaceSelector of %q to selector", am.Name), "err", err, ) return @@ -390,8 +400,8 @@ func (c *Operator) enqueueForNamespace(nsName string) { } }) if err != nil { - level.Error(c.logger).Log( - "msg", "listing all Alertmanager instances from cache failed", + c.logger.Error( + "listing all Alertmanager instances from cache failed", "err", err, ) } @@ -436,7 +446,7 @@ func (c *Operator) Iterate(processFn func(metav1.Object, []monitoringv1.Conditio a := o.(*monitoringv1.Alertmanager) processFn(a, a.Status.Conditions) }); err != nil { - level.Error(c.logger).Log("msg", "failed to list Alertmanager objects", "err", err) + c.logger.Error("failed to list Alertmanager objects", "err", err) } } @@ -445,45 +455,6 @@ func (c *Operator) RefreshStatusFor(o metav1.Object) { c.rr.EnqueueForStatus(o) } -// Resolve implements the operator.Syncer interface. -func (c *Operator) Resolve(ss *appsv1.StatefulSet) metav1.Object { - key, ok := c.accessor.MetaNamespaceKey(ss) - if !ok { - return nil - } - - match, aKey := statefulSetKeyToAlertmanagerKey(key) - if !match { - level.Debug(c.logger).Log("msg", "StatefulSet key did not match an Alertmanager key format", "key", key) - return nil - } - - a, err := c.alrtInfs.Get(aKey) - if apierrors.IsNotFound(err) { - return nil - } - - if err != nil { - level.Error(c.logger).Log("msg", "Alertmanager lookup failed", "err", err) - return nil - } - - return a.(*monitoringv1.Alertmanager) -} - -func statefulSetKeyToAlertmanagerKey(key string) (bool, string) { - r := regexp.MustCompile("^(.+)/alertmanager-(.+)$") - - matches := r.FindAllStringSubmatch(key, 2) - if len(matches) != 1 { - return false, "" - } - if len(matches[0]) != 3 { - return false, "" - } - return true, matches[0][1] + "/" + matches[0][2] -} - func alertmanagerKeyToStatefulSetKey(key string) string { keyParts := strings.Split(key, "/") return keyParts[0] + "/alertmanager-" + keyParts[1] @@ -493,7 +464,7 @@ func (c *Operator) handleNamespaceUpdate(oldo, curo interface{}) { old := oldo.(*v1.Namespace) cur := curo.(*v1.Namespace) - level.Debug(c.logger).Log("msg", "update handler", "namespace", cur.GetName(), "old", old.ResourceVersion, "cur", cur.ResourceVersion) + c.logger.Debug("update handler", "namespace", cur.GetName(), "old", old.ResourceVersion, "cur", cur.ResourceVersion) // Periodic resync may resend the Namespace without changes // in-between. @@ -501,7 +472,7 @@ func (c *Operator) handleNamespaceUpdate(oldo, curo interface{}) { return } - level.Debug(c.logger).Log("msg", "Namespace updated", "namespace", cur.GetName()) + c.logger.Debug("Namespace updated", "namespace", cur.GetName()) c.metrics.TriggerByCounter("Namespace", operator.UpdateEvent).Inc() // Check for Alertmanager instances selecting AlertmanagerConfigs in the namespace. @@ -510,7 +481,8 @@ func (c *Operator) handleNamespaceUpdate(oldo, curo interface{}) { sync, err := k8sutil.LabelSelectionHasChanged(old.Labels, cur.Labels, a.Spec.AlertmanagerConfigNamespaceSelector) if err != nil { - level.Error(c.logger).Log( + c.logger.Error( + "failed to detect label selection change", "err", err, "name", a.Name, "namespace", a.Namespace, @@ -523,8 +495,8 @@ func (c *Operator) handleNamespaceUpdate(oldo, curo interface{}) { } }) if err != nil { - level.Error(c.logger).Log( - "msg", "listing all Alertmanager instances from cache failed", + c.logger.Error( + "listing all Alertmanager instances from cache failed", "err", err, ) } @@ -566,10 +538,10 @@ func (c *Operator) sync(ctx context.Context, key string) error { return nil } - logger := log.With(c.logger, "key", key) + logger := c.logger.With("key", key) logDeprecatedFields(logger, am) - level.Info(logger).Log("msg", "sync alertmanager") + logger.Info("sync alertmanager") if err := operator.CheckStorageClass(ctx, c.canReadStorageClass, c.kclient, am.Spec.Storage); err != nil { return err @@ -592,7 +564,7 @@ func (c *Operator) sync(ctx context.Context, key string) error { // Create governing service if it doesn't exist. svcClient := c.kclient.CoreV1().Services(am.Namespace) - if err = k8sutil.CreateOrUpdateService(ctx, svcClient, makeStatefulSetService(am, c.config)); err != nil { + if _, err = k8sutil.CreateOrUpdateService(ctx, svcClient, makeStatefulSetService(am, c.config)); err != nil { return fmt.Errorf("synchronizing governing service failed: %w", err) } @@ -622,15 +594,15 @@ func (c *Operator) sync(ctx context.Context, key string) error { } operator.SanitizeSTS(sset) - if newSSetInputHash == existingStatefulSet.ObjectMeta.Annotations[sSetInputHashName] { - level.Debug(logger).Log("msg", "new statefulset generation inputs match current, skipping any actions") + if newSSetInputHash == existingStatefulSet.ObjectMeta.Annotations[operator.InputHashAnnotationName] { + logger.Debug("new statefulset generation inputs match current, skipping any actions") return nil } ssetClient := c.kclient.AppsV1().StatefulSets(am.Namespace) if shouldCreate { - level.Debug(logger).Log("msg", "no current statefulset found") - level.Debug(logger).Log("msg", "creating statefulset") + logger.Debug("no current statefulset found") + logger.Debug("creating statefulset") if _, err := ssetClient.Create(ctx, sset, metav1.CreateOptions{}); err != nil { return fmt.Errorf("creating statefulset failed: %w", err) } @@ -649,7 +621,7 @@ func (c *Operator) sync(ctx context.Context, key string) error { failMsg[i] = cause.Message } - level.Info(logger).Log("msg", "recreating Alertmanager StatefulSet because the update operation wasn't possible", "reason", strings.Join(failMsg, ", ")) + logger.Info("recreating Alertmanager StatefulSet because the update operation wasn't possible", "reason", strings.Join(failMsg, ", ")) propagationPolicy := metav1.DeletePropagationForeground if err := ssetClient.Delete(ctx, sset.GetName(), metav1.DeleteOptions{PropagationPolicy: &propagationPolicy}); err != nil { return fmt.Errorf("failed to delete StatefulSet to avoid forbidden action: %w", err) @@ -670,7 +642,7 @@ func (c *Operator) getAlertmanagerFromKey(key string) (*monitoringv1.Alertmanage obj, err := c.alrtInfs.Get(key) if err != nil { if apierrors.IsNotFound(err) { - level.Info(c.logger).Log("msg", "Alertmanager not found", "key", key) + c.logger.Info("Alertmanager not found", "key", key) return nil, nil } return nil, fmt.Errorf("failed to retrieve Alertmanager from informer: %w", err) @@ -688,7 +660,7 @@ func (c *Operator) getStatefulSetFromAlertmanagerKey(key string) (*appsv1.Statef obj, err := c.ssetInfs.Get(ssetName) if err != nil { if apierrors.IsNotFound(err) { - level.Info(c.logger).Log("msg", "StatefulSet not found", "key", ssetName) + c.logger.Info("StatefulSet not found", "key", ssetName) return nil, nil } return nil, fmt.Errorf("failed to retrieve StatefulSet from informer: %w", err) @@ -724,18 +696,38 @@ func (c *Operator) UpdateStatus(ctx context.Context, key string) error { return fmt.Errorf("failed to retrieve statefulset state: %w", err) } + selectorLabels := makeSelectorLabels(a.Name) + selector, err := metav1.LabelSelectorAsSelector(&metav1.LabelSelector{MatchLabels: selectorLabels}) + if err != nil { + return fmt.Errorf("failed to create selector for alertmanager scale status: %w", err) + } + + a.Status.Selector = selector.String() availableCondition := stsReporter.Update(a) reconciledCondition := c.reconciliations.GetCondition(key, a.Generation) a.Status.Conditions = operator.UpdateConditions(a.Status.Conditions, availableCondition, reconciledCondition) a.Status.Paused = a.Spec.Paused - if _, err = c.mclient.MonitoringV1().Alertmanagers(a.Namespace).ApplyStatus(ctx, ApplyConfigurationFromAlertmanager(a), metav1.ApplyOptions{FieldManager: operator.PrometheusOperatorFieldManager, Force: true}); err != nil { - return fmt.Errorf("failed to apply status subresource: %w", err) + if _, err = c.mclient.MonitoringV1().Alertmanagers(a.Namespace).ApplyStatus(ctx, ApplyConfigurationFromAlertmanager(a, true), metav1.ApplyOptions{FieldManager: operator.PrometheusOperatorFieldManager, Force: true}); err != nil { + c.logger.Info("failed to apply alertmanager status subresource, trying again without scale fields", "err", err) + // Try again, but this time does not update scale subresource. + if _, err = c.mclient.MonitoringV1().Alertmanagers(a.Namespace).ApplyStatus(ctx, ApplyConfigurationFromAlertmanager(a, false), metav1.ApplyOptions{FieldManager: operator.PrometheusOperatorFieldManager, Force: true}); err != nil { + return fmt.Errorf("failed to apply alertmanager status subresource: %w", err) + } } return nil } +func makeSelectorLabels(name string) map[string]string { + return map[string]string{ + "app.kubernetes.io/name": "alertmanager", + "app.kubernetes.io/managed-by": "prometheus-operator", + "app.kubernetes.io/instance": name, + "alertmanager": name, + } +} + func createSSetInputHash(a monitoringv1.Alertmanager, c Config, tlsAssets *operator.ShardedSecret, s appsv1.StatefulSetSpec) (string, error) { var http2 *bool if a.Spec.Web != nil && a.Spec.Web.WebConfigFileFields.HTTPConfig != nil { @@ -784,8 +776,7 @@ receivers: // additional keys from the configured secret. If the secret doesn't exist or // the key isn't found, it will return a working minimal data. func (c *Operator) loadConfigurationFromSecret(ctx context.Context, am *monitoringv1.Alertmanager) ([]byte, map[string][]byte, error) { - namespacedLogger := log.With(c.logger, "alertmanager", am.Name, "namespace", am.Namespace) - + namespacedLogger := c.logger.With("alertmanager", am.Name, "namespace", am.Namespace) name := defaultConfigSecretName(am) // Tentatively retrieve the secret containing the user-provided Alertmanager @@ -793,7 +784,7 @@ func (c *Operator) loadConfigurationFromSecret(ctx context.Context, am *monitori secret, err := c.kclient.CoreV1().Secrets(am.Namespace).Get(ctx, name, metav1.GetOptions{}) if err != nil { if apierrors.IsNotFound(err) { - level.Info(namespacedLogger).Log("msg", "config secret not found, using default Alertmanager configuration", "secret", name) + namespacedLogger.Info("config secret not found, using default Alertmanager configuration", "secret", name) return defaultAlertmanagerConfiguration(), nil, nil } @@ -801,8 +792,7 @@ func (c *Operator) loadConfigurationFromSecret(ctx context.Context, am *monitori } if _, ok := secret.Data[alertmanagerConfigFile]; !ok { - level.Info(namespacedLogger). - Log("msg", "key not found in the config secret, using default Alertmanager configuration", "secret", name, "key", alertmanagerConfigFile) + namespacedLogger.Info("key not found in the config secret, using default Alertmanager configuration", "secret", name, "key", alertmanagerConfigFile) return defaultAlertmanagerConfiguration(), secret.Data, nil } @@ -810,8 +800,7 @@ func (c *Operator) loadConfigurationFromSecret(ctx context.Context, am *monitori delete(secret.Data, alertmanagerConfigFile) if len(rawAlertmanagerConfig) == 0 { - level.Info(namespacedLogger). - Log("msg", "empty configuration in the config secret, using default Alertmanager configuration", "secret", name, "key", alertmanagerConfigFile) + namespacedLogger.Info("empty configuration in the config secret, using default Alertmanager configuration", "secret", name, "key", alertmanagerConfigFile) rawAlertmanagerConfig = defaultAlertmanagerConfiguration() } @@ -819,14 +808,22 @@ func (c *Operator) loadConfigurationFromSecret(ctx context.Context, am *monitori } func (c *Operator) provisionAlertmanagerConfiguration(ctx context.Context, am *monitoringv1.Alertmanager, store *assets.StoreBuilder) error { - namespacedLogger := log.With(c.logger, "alertmanager", am.Name, "namespace", am.Namespace) + amVersion := operator.StringValOrDefault(am.Spec.Version, operator.DefaultAlertmanagerVersion) + version, err := semver.ParseTolerant(amVersion) + if err != nil { + return fmt.Errorf("failed to parse alertmanager version: %w", err) + } + if version.LT(semver.MustParse("0.15.0")) || version.Major > 0 { + return fmt.Errorf("unsupported Alertmanager version %q", amVersion) + } + + namespacedLogger := c.logger.With("alertmanager", am.Name, "namespace", am.Namespace) // If no AlertmanagerConfig selectors and AlertmanagerConfiguration are // configured, the user wants to manage configuration themselves. if am.Spec.AlertmanagerConfigSelector == nil && am.Spec.AlertmanagerConfiguration == nil { - level.Debug(namespacedLogger). - Log("msg", "AlertmanagerConfigSelector and AlertmanagerConfiguration not specified, using the configuration from secret as-is", - "secret", defaultConfigSecretName(am)) + namespacedLogger.Debug("AlertmanagerConfigSelector and AlertmanagerConfiguration not specified, using the configuration from secret as-is", + "secret", defaultConfigSecretName(am)) amRawConfiguration, additionalData, err := c.loadConfigurationFromSecret(ctx, am) if err != nil { @@ -841,12 +838,6 @@ func (c *Operator) provisionAlertmanagerConfiguration(ctx context.Context, am *m return nil } - amVersion := operator.StringValOrDefault(am.Spec.Version, operator.DefaultAlertmanagerVersion) - version, err := semver.ParseTolerant(amVersion) - if err != nil { - return fmt.Errorf("failed to parse alertmanager version: %w", err) - } - amConfigs, err := c.selectAlertmanagerConfigs(ctx, am, version, store) if err != nil { return fmt.Errorf("failed to select AlertmanagerConfig objects: %w", err) @@ -952,7 +943,7 @@ func (c *Operator) selectAlertmanagerConfigs(ctx context.Context, am *monitoring if am.Spec.AlertmanagerConfigNamespaceSelector == nil { namespaces = append(namespaces, am.Namespace) - level.Debug(c.logger).Log("msg", "selecting AlertmanagerConfigs from alertmanager's namespace", "namespace", am.Namespace, "alertmanager", am.Name) + c.logger.Debug("selecting AlertmanagerConfigs from alertmanager's namespace", "namespace", am.Namespace, "alertmanager", am.Name) } else { amConfigNSSelector, err := metav1.LabelSelectorAsSelector(am.Spec.AlertmanagerConfigNamespaceSelector) if err != nil { @@ -966,7 +957,7 @@ func (c *Operator) selectAlertmanagerConfigs(ctx context.Context, am *monitoring return nil, fmt.Errorf("failed to list namespaces: %w", err) } - level.Debug(c.logger).Log("msg", "filtering namespaces to select AlertmanagerConfigs from", "namespaces", strings.Join(namespaces, ","), "namespace", am.Namespace, "alertmanager", am.Name) + c.logger.Debug("filtering namespaces to select AlertmanagerConfigs from", "namespaces", strings.Join(namespaces, ","), "namespace", am.Namespace, "alertmanager", am.Name) } // Selected object might overlap, deduplicate them by `/`. @@ -980,14 +971,17 @@ func (c *Operator) selectAlertmanagerConfigs(ctx context.Context, am *monitoring for _, ns := range namespaces { err := c.alrtCfgInfs.ListAllByNamespace(ns, amConfigSelector, func(obj interface{}) { k, ok := c.accessor.MetaNamespaceKey(obj) - if ok { - amConfig := obj.(*monitoringv1alpha1.AlertmanagerConfig) - // Add when it is not specified as the global AlertmanagerConfig - if am.Spec.AlertmanagerConfiguration == nil || - (amConfig.Namespace != am.Namespace || amConfig.Name != am.Spec.AlertmanagerConfiguration.Name) { - amConfigs[k] = amConfig - } + if !ok { + return + } + + amConfig := obj.(*monitoringv1alpha1.AlertmanagerConfig) + if am.Spec.AlertmanagerConfiguration != nil && amConfig.Namespace == am.Namespace && amConfig.Name == am.Spec.AlertmanagerConfiguration.Name { + // Skip the global AlertmanagerConfig object. + return } + + amConfigs[k] = amConfig }) if err != nil { return nil, fmt.Errorf("failed to list alertmanager configs in namespace %s: %w", ns, err) @@ -1000,8 +994,8 @@ func (c *Operator) selectAlertmanagerConfigs(ctx context.Context, am *monitoring for namespaceAndName, amc := range amConfigs { if err := checkAlertmanagerConfigResource(ctx, amc, amVersion, store); err != nil { rejected++ - level.Warn(c.logger).Log( - "msg", "skipping alertmanagerconfig", + c.logger.Warn( + "skipping alertmanagerconfig", "error", err.Error(), "alertmanagerconfig", namespaceAndName, "namespace", am.Namespace, @@ -1018,7 +1012,7 @@ func (c *Operator) selectAlertmanagerConfigs(ctx context.Context, am *monitoring for k := range res { amcKeys = append(amcKeys, k) } - level.Debug(c.logger).Log("msg", "selected AlertmanagerConfigs", "alertmanagerconfigs", strings.Join(amcKeys, ","), "namespace", am.Namespace, "prometheus", am.Name) + c.logger.Debug("selected AlertmanagerConfigs", "alertmanagerconfigs", strings.Join(amcKeys, ","), "namespace", am.Namespace, "prometheus", am.Name) if amKey, ok := c.accessor.MetaNamespaceKey(am); ok { c.metrics.SetSelectedResources(amKey, monitoringv1alpha1.AlertmanagerConfigKind, len(res)) @@ -1031,10 +1025,14 @@ func (c *Operator) selectAlertmanagerConfigs(ctx context.Context, am *monitoring // checkAlertmanagerConfigResource verifies that an AlertmanagerConfig object is valid // for the given Alertmanager version and has no missing references to other objects. func checkAlertmanagerConfigResource(ctx context.Context, amc *monitoringv1alpha1.AlertmanagerConfig, amVersion semver.Version, store *assets.StoreBuilder) error { + // Perform semantic validation irrespective of the Alertmanager version. if err := validationv1alpha1.ValidateAlertmanagerConfig(amc); err != nil { return err } + // Perform more specific validations which depend on the Alertmanager + // version. It also retrieves data from referenced secrets and configmaps + // (and fails in case of missing/invalid references). if err := checkReceivers(ctx, amc, store, amVersion); err != nil { return err } @@ -1068,6 +1066,7 @@ func checkRoute(ctx context.Context, route *monitoringv1alpha1.Route, amVersion return err } } + return nil } @@ -1090,6 +1089,16 @@ func checkHTTPConfig(hc *monitoringv1alpha1.HTTPConfig, amVersion semver.Version ) } + if (hc.NoProxy != nil || + hc.ProxyFromEnvironment != nil || + hc.ProxyConnectHeader != nil) && + amVersion.LT(semver.MustParse("0.25.0")) { + return fmt.Errorf( + "'ProxyConfig' config set in 'httpConfig' but supported in Alertmanager >= 0.25.0 only - current %s", + amVersion.String(), + ) + } + return nil } @@ -1604,6 +1613,10 @@ func configureHTTPConfigInStore(ctx context.Context, httpConfig *monitoringv1alp return err } + if err = store.AddProxyConfig(ctx, namespace, httpConfig.ProxyConfig); err != nil { + return err + } + return store.AddOAuth2(ctx, namespace, httpConfig.OAuth2) } @@ -1654,19 +1667,19 @@ func (c *Operator) createOrUpdateWebConfigSecret(ctx context.Context, a *monitor return nil } -func logDeprecatedFields(logger log.Logger, a *monitoringv1.Alertmanager) { +func logDeprecatedFields(logger *slog.Logger, a *monitoringv1.Alertmanager) { deprecationWarningf := "field %q is deprecated, field %q should be used instead" if a.Spec.BaseImage != "" { - level.Warn(logger).Log("msg", fmt.Sprintf(deprecationWarningf, "spec.baseImage", "spec.image")) + logger.Warn(fmt.Sprintf(deprecationWarningf, "spec.baseImage", "spec.image")) } if a.Spec.Tag != "" { - level.Warn(logger).Log("msg", fmt.Sprintf(deprecationWarningf, "spec.tag", "spec.image")) + logger.Warn(fmt.Sprintf(deprecationWarningf, "spec.tag", "spec.image")) } if a.Spec.SHA != "" { - level.Warn(logger).Log("msg", fmt.Sprintf(deprecationWarningf, "spec.sha", "spec.image")) + logger.Warn(fmt.Sprintf(deprecationWarningf, "spec.sha", "spec.image")) } } @@ -1679,7 +1692,7 @@ func ListOptions(name string) metav1.ListOptions { } } -func ApplyConfigurationFromAlertmanager(a *monitoringv1.Alertmanager) *monitoringv1ac.AlertmanagerApplyConfiguration { +func ApplyConfigurationFromAlertmanager(a *monitoringv1.Alertmanager, updateScaleSubresource bool) *monitoringv1ac.AlertmanagerApplyConfiguration { asac := monitoringv1ac.AlertmanagerStatus(). WithPaused(a.Status.Paused). WithReplicas(a.Status.Replicas). @@ -1687,6 +1700,10 @@ func ApplyConfigurationFromAlertmanager(a *monitoringv1.Alertmanager) *monitorin WithUpdatedReplicas(a.Status.UpdatedReplicas). WithUnavailableReplicas(a.Status.UnavailableReplicas) + if updateScaleSubresource { + asac = asac.WithSelector(a.Status.Selector) + } + for _, condition := range a.Status.Conditions { asac.WithConditions( monitoringv1ac.Condition(). diff --git a/pkg/alertmanager/operator_test.go b/pkg/alertmanager/operator_test.go index 96e4be81c09..e357d789c75 100644 --- a/pkg/alertmanager/operator_test.go +++ b/pkg/alertmanager/operator_test.go @@ -16,12 +16,11 @@ package alertmanager import ( "context" + "log/slog" "os" "testing" "github.com/blang/semver/v4" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/prometheus/client_golang/prometheus" "github.com/stretchr/testify/require" appsv1 "k8s.io/api/apps/v1" @@ -192,9 +191,9 @@ func TestCreateStatefulSetInputHash(t *testing.T) { // Test to exercise the function checkAlertmanagerConfigResource // and validate that semantic validation is in place for all the fields in the -// AlertmanagerConfig CR. The validation is preformed by the operator -// after selecting AlertmanagerConfig resources but before passing them to -// addAlertmanagerConfigs. +// AlertmanagerConfig CR. The validation is performed by the operator +// after selecting AlertmanagerConfig resources and before generating the +// Alertmanager configuration. func TestCheckAlertmanagerConfig(t *testing.T) { version, err := semver.ParseTolerant(operator.DefaultAlertmanagerVersion) require.NoError(t, err) @@ -959,15 +958,131 @@ func TestCheckAlertmanagerConfig(t *testing.T) { }, ok: true, }, + { + amConfig: &monitoringv1alpha1.AlertmanagerConfig{ + ObjectMeta: metav1.ObjectMeta{ + Name: "subroute-with-unknow-field", + Namespace: "ns1", + }, + Spec: monitoringv1alpha1.AlertmanagerConfigSpec{ + Route: &monitoringv1alpha1.Route{ + Receiver: "recv1", + Routes: []apiextensionsv1.JSON{ + { + Raw: []byte(`{"receiver": "recv2", "matchers": [{"severity":"!=critical$"}]}`), + }, + }, + }, + Receivers: []monitoringv1alpha1.Receiver{{ + Name: "recv1", + }, { + Name: "recv2", + }}, + }, + }, + }, + { + amConfig: &monitoringv1alpha1.AlertmanagerConfig{ + ObjectMeta: metav1.ObjectMeta{ + Name: "subroute-with-invalid-matcher", + Namespace: "ns1", + }, + Spec: monitoringv1alpha1.AlertmanagerConfigSpec{ + Route: &monitoringv1alpha1.Route{ + Receiver: "recv1", + Routes: []apiextensionsv1.JSON{ + { + Raw: []byte(`{"receiver": "recv2", "matchers": [{"name": "severity", "value": "critical", "matchType": "!!"}]}`), + }, + }, + }, + Receivers: []monitoringv1alpha1.Receiver{{ + Name: "recv1", + }, { + Name: "recv2", + }}, + }, + }, + }, + { + amConfig: &monitoringv1alpha1.AlertmanagerConfig{ + ObjectMeta: metav1.ObjectMeta{ + Name: "subroute-with-empty-matcher-name", + Namespace: "ns1", + }, + Spec: monitoringv1alpha1.AlertmanagerConfigSpec{ + Route: &monitoringv1alpha1.Route{ + Receiver: "recv1", + Routes: []apiextensionsv1.JSON{ + { + Raw: []byte(`{"receiver": "recv2", "matchers": [{"name": "", "value": "critical", "matchType": "!="}]}`), + }, + }, + }, + Receivers: []monitoringv1alpha1.Receiver{{ + Name: "recv1", + }, { + Name: "recv2", + }}, + }, + }, + }, + { + amConfig: &monitoringv1alpha1.AlertmanagerConfig{ + ObjectMeta: metav1.ObjectMeta{ + Name: "subroute-with-missing-receiver", + Namespace: "ns1", + }, + Spec: monitoringv1alpha1.AlertmanagerConfigSpec{ + Route: &monitoringv1alpha1.Route{ + Receiver: "recv1", + Routes: []apiextensionsv1.JSON{ + { + Raw: []byte(`{"receiver": "recv2", "matchers": [{"name": "severity", "value": "critical", "matchType": "!="}]}`), + }, + }, + }, + Receivers: []monitoringv1alpha1.Receiver{{ + Name: "recv1", + }}, + }, + }, + }, + { + amConfig: &monitoringv1alpha1.AlertmanagerConfig{ + ObjectMeta: metav1.ObjectMeta{ + Name: "valid-subroute-definition", + Namespace: "ns1", + }, + Spec: monitoringv1alpha1.AlertmanagerConfigSpec{ + Route: &monitoringv1alpha1.Route{ + Receiver: "recv1", + Routes: []apiextensionsv1.JSON{ + { + Raw: []byte(`{"receiver": "recv2", "matchers": [{"name": "severity", "value": "critical", "matchType": "!="}]}`), + }, + }, + }, + Receivers: []monitoringv1alpha1.Receiver{{ + Name: "recv1", + }, { + Name: "recv2", + }}, + }, + }, + ok: true, + }, } { t.Run(tc.amConfig.Name, func(t *testing.T) { store := assets.NewStoreBuilder(c.CoreV1(), c.CoreV1()) + err := checkAlertmanagerConfigResource(context.Background(), tc.amConfig, version, store) if tc.ok { require.NoError(t, err) return } + t.Logf("err: %s", err) require.Error(t, err) }) } @@ -1218,7 +1333,7 @@ func TestProvisionAlertmanagerConfiguration(t *testing.T) { kclient: c, mclient: monitoringfake.NewSimpleClientset(), ssarClient: &alwaysAllowed{}, - logger: level.NewFilter(log.NewLogfmtLogger(os.Stdout), level.AllowInfo()), + logger: slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelInfo})), metrics: operator.NewMetrics(prometheus.NewRegistry()), } diff --git a/pkg/alertmanager/statefulset.go b/pkg/alertmanager/statefulset.go index ab6018efb21..a5aa5a994ec 100644 --- a/pkg/alertmanager/statefulset.go +++ b/pkg/alertmanager/statefulset.go @@ -16,13 +16,12 @@ package alertmanager import ( "fmt" + "log/slog" "net/url" "path" "strings" "github.com/blang/semver/v4" - "github.com/go-kit/log" - "github.com/go-kit/log/level" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -59,8 +58,6 @@ const ( alertmanagerConfigEnvsubstFilename = "alertmanager.env.yaml" alertmanagerStorageDir = "/alertmanager" - - sSetInputHashName = "prometheus-operator-input-hash" ) var ( @@ -68,7 +65,7 @@ var ( probeTimeoutSeconds int32 = 3 ) -func makeStatefulSet(logger log.Logger, am *monitoringv1.Alertmanager, config Config, inputHash string, tlsSecrets *operator.ShardedSecret) (*appsv1.StatefulSet, error) { +func makeStatefulSet(logger *slog.Logger, am *monitoringv1.Alertmanager, config Config, inputHash string, tlsSecrets *operator.ShardedSecret) (*appsv1.StatefulSet, error) { // TODO(fabxc): is this the right point to inject defaults? // Ideally we would do it before storing but that's currently not possible. // Potentially an update handler on first insertion. @@ -99,60 +96,50 @@ func makeStatefulSet(logger log.Logger, am *monitoringv1.Alertmanager, config Co return nil, err } - annotations := map[string]string{ - sSetInputHashName: inputHash, - } - - // do not transfer kubectl annotations to the statefulset so it is not - // pruned by kubectl - for key, value := range am.ObjectMeta.Annotations { - if key != sSetInputHashName && !strings.HasPrefix(key, "kubectl.kubernetes.io/") { - annotations[key] = value - } - } - - statefulset := &appsv1.StatefulSet{ - Spec: *spec, - } + statefulset := &appsv1.StatefulSet{Spec: *spec} operator.UpdateObject( statefulset, operator.WithName(prefixedName(am.Name)), - operator.WithAnnotations(annotations), + operator.WithInputHashAnnotation(inputHash), + operator.WithAnnotations(am.GetAnnotations()), operator.WithAnnotations(config.Annotations), - operator.WithLabels(am.Labels), + operator.WithLabels(am.GetLabels()), operator.WithLabels(config.Labels), operator.WithManagingOwner(am), + operator.WithoutKubectlAnnotations(), ) - if am.Spec.ImagePullSecrets != nil && len(am.Spec.ImagePullSecrets) > 0 { + if len(am.Spec.ImagePullSecrets) > 0 { statefulset.Spec.Template.Spec.ImagePullSecrets = am.Spec.ImagePullSecrets } storageSpec := am.Spec.Storage - if storageSpec == nil { + switch { + case storageSpec == nil: statefulset.Spec.Template.Spec.Volumes = append(statefulset.Spec.Template.Spec.Volumes, v1.Volume{ Name: volumeName(am.Name), VolumeSource: v1.VolumeSource{ EmptyDir: &v1.EmptyDirVolumeSource{}, }, }) - } else if storageSpec.EmptyDir != nil { - emptyDir := storageSpec.EmptyDir + + case storageSpec.EmptyDir != nil: statefulset.Spec.Template.Spec.Volumes = append(statefulset.Spec.Template.Spec.Volumes, v1.Volume{ Name: volumeName(am.Name), VolumeSource: v1.VolumeSource{ - EmptyDir: emptyDir, + EmptyDir: storageSpec.EmptyDir, }, }) - } else if storageSpec.Ephemeral != nil { - ephemeral := storageSpec.Ephemeral + + case storageSpec.Ephemeral != nil: statefulset.Spec.Template.Spec.Volumes = append(statefulset.Spec.Template.Spec.Volumes, v1.Volume{ Name: volumeName(am.Name), VolumeSource: v1.VolumeSource{ - Ephemeral: ephemeral, + Ephemeral: storageSpec.Ephemeral, }, }) - } else { + + default: // storageSpec.VolumeClaimTemplate pvcTemplate := operator.MakeVolumeClaimTemplate(storageSpec.VolumeClaimTemplate) if pvcTemplate.Name == "" { pvcTemplate.Name = volumeName(am.Name) @@ -218,7 +205,7 @@ func makeStatefulSetService(a *monitoringv1.Alertmanager, config Config) *v1.Ser return svc } -func makeStatefulSetSpec(logger log.Logger, a *monitoringv1.Alertmanager, config Config, tlsSecrets *operator.ShardedSecret) (*appsv1.StatefulSetSpec, error) { +func makeStatefulSetSpec(logger *slog.Logger, a *monitoringv1.Alertmanager, config Config, tlsSecrets *operator.ShardedSecret) (*appsv1.StatefulSetSpec, error) { amVersion := operator.StringValOrDefault(a.Spec.Version, operator.DefaultAlertmanagerVersion) amImagePath, err := operator.BuildImagePath( ptr.Deref(a.Spec.Image, ""), @@ -363,12 +350,7 @@ func makeStatefulSetSpec(logger log.Logger, a *monitoringv1.Alertmanager, config // We should try to avoid removing such immutable fields whenever possible since doing // so forces us to enter the 'recreate cycle' and can potentially lead to downtime. // The requirement to make a change here should be carefully evaluated. - podSelectorLabels := map[string]string{ - "app.kubernetes.io/name": "alertmanager", - "app.kubernetes.io/managed-by": "prometheus-operator", - "app.kubernetes.io/instance": a.Name, - "alertmanager": a.Name, - } + podSelectorLabels := makeSelectorLabels(a.GetObjectMeta().GetName()) if a.Spec.PodMetadata != nil { for k, v := range a.Spec.PodMetadata.Labels { podLabels[k] = v @@ -422,44 +404,10 @@ func makeStatefulSetSpec(logger log.Logger, a *monitoringv1.Alertmanager, config }, ports...) } - // Adjust Alertmanager command line args to specified AM version - // - // Alertmanager versions < v0.15.0 are only supported on a best effort basis - // starting with Prometheus Operator v0.30.0. - switch version.Major { - case 0: - if version.Minor < 15 { - for i := range amArgs { - // below Alertmanager v0.15.0 peer address port specification is not necessary - if strings.Contains(amArgs[i], "--cluster.peer") { - amArgs[i] = strings.TrimSuffix(amArgs[i], ":9094") - } - - // below Alertmanager v0.15.0 high availability flags are prefixed with 'mesh' instead of 'cluster' - amArgs[i] = strings.Replace(amArgs[i], "--cluster.", "--mesh.", 1) - } - } else { - // reconnect-timeout was added in 0.15 (https://github.com/prometheus/alertmanager/pull/1384) - // Override default 6h value to allow AlertManager cluster to - // quickly remove a cluster member after its pod restarted or during a - // regular rolling update. - amArgs = append(amArgs, "--cluster.reconnect-timeout=5m") - } - if version.Minor < 13 { - for i := range amArgs { - // below Alertmanager v0.13.0 all flags are with single dash. - amArgs[i] = strings.Replace(amArgs[i], "--", "-", 1) - } - } - if version.Minor < 7 { - // below Alertmanager v0.7.0 the flag 'web.route-prefix' does not exist - amArgs = filter(amArgs, func(s string) bool { - return !strings.Contains(s, "web.route-prefix") - }) - } - default: - return nil, fmt.Errorf("unsupported Alertmanager major version %s", version) - } + // Override default 6h value to allow AlertManager cluster to + // quickly remove a cluster member after its pod restarted or during a + // regular rolling update. + amArgs = append(amArgs, "--cluster.reconnect-timeout=5m") volumes := []v1.Volume{ { @@ -532,7 +480,7 @@ func makeStatefulSetSpec(logger log.Logger, a *monitoringv1.Alertmanager, config for _, v := range amCfg.Templates { if v.ConfigMap != nil { if keys.Has(v.ConfigMap.Key) { - level.Debug(logger).Log("msg", fmt.Sprintf("skipping %q due to duplicate key %q", v.ConfigMap.Key, v.ConfigMap.Name)) + logger.Debug(fmt.Sprintf("skipping %q due to duplicate key %q", v.ConfigMap.Key, v.ConfigMap.Name)) continue } sources = append(sources, v1.VolumeProjection{ @@ -550,7 +498,7 @@ func makeStatefulSetSpec(logger log.Logger, a *monitoringv1.Alertmanager, config } if v.Secret != nil { if keys.Has(v.Secret.Key) { - level.Debug(logger).Log("msg", fmt.Sprintf("skipping %q due to duplicate key %q", v.Secret.Key, v.Secret.Name)) + logger.Debug(fmt.Sprintf("skipping %q due to duplicate key %q", v.Secret.Key, v.Secret.Name)) continue } sources = append(sources, v1.VolumeProjection{ @@ -767,12 +715,12 @@ func makeStatefulSetSpec(logger log.Logger, a *monitoringv1.Alertmanager, config return nil, fmt.Errorf("failed to merge init containers spec: %w", err) } - // PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164 - // This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations - return &appsv1.StatefulSetSpec{ - ServiceName: governingServiceName, - Replicas: a.Spec.Replicas, - MinReadySeconds: minReadySeconds, + spec := appsv1.StatefulSetSpec{ + ServiceName: governingServiceName, + Replicas: a.Spec.Replicas, + MinReadySeconds: minReadySeconds, + // PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164 + // This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations PodManagementPolicy: appsv1.ParallelPodManagement, UpdateStrategy: appsv1.StatefulSetUpdateStrategy{ Type: appsv1.RollingUpdateStatefulSetStrategyType, @@ -801,7 +749,11 @@ func makeStatefulSetSpec(logger log.Logger, a *monitoringv1.Alertmanager, config HostAliases: operator.MakeHostAliases(a.Spec.HostAliases), }, }, - }, nil + } + + k8sutil.UpdateDNSPolicy(&spec.Template.Spec, a.Spec.DNSPolicy) + k8sutil.UpdateDNSConfig(&spec.Template.Spec, a.Spec.DNSConfig) + return &spec, nil } func defaultConfigSecretName(am *monitoringv1.Alertmanager) string { @@ -840,13 +792,3 @@ func subPathForStorage(s *monitoringv1.StorageSpec) string { return "alertmanager-db" } - -func filter(strings []string, f func(string) bool) []string { - filteredStrings := make([]string, 0) - for _, s := range strings { - if f(s) { - filteredStrings = append(filteredStrings, s) - } - } - return filteredStrings -} diff --git a/pkg/alertmanager/statefulset_test.go b/pkg/alertmanager/statefulset_test.go index f7bfd954b61..55200de26f2 100644 --- a/pkg/alertmanager/statefulset_test.go +++ b/pkg/alertmanager/statefulset_test.go @@ -16,6 +16,9 @@ package alertmanager import ( "fmt" + "log/slog" + "math" + "os" "strings" "testing" @@ -27,6 +30,7 @@ import ( v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" "github.com/prometheus-operator/prometheus-operator/pkg/operator" @@ -1200,8 +1204,15 @@ func TestMakeStatefulSetSpecTemplatesUniqueness(t *testing.T) { }, } + logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + // slog level math.MaxInt means no logging + // We would like to use the slog buil-in No-op level once it is available + // More: https://github.com/golang/go/issues/62005 + Level: slog.Level(math.MaxInt), + })) + for _, test := range tt { - statefulSpec, err := makeStatefulSetSpec(log.NewNopLogger(), &test.a, defaultTestConfig, &operator.ShardedSecret{}) + statefulSpec, err := makeStatefulSetSpec(logger, &test.a, defaultTestConfig, &operator.ShardedSecret{}) require.NoError(t, err) volumes := statefulSpec.Template.Spec.Volumes for _, volume := range volumes { @@ -1270,3 +1281,36 @@ func TestEnableFeatures(t *testing.T) { }) } } + +func TestStatefulSetDNSPolicyAndDNSConfig(t *testing.T) { + sset, err := makeStatefulSet(nil, &monitoringv1.Alertmanager{ + ObjectMeta: metav1.ObjectMeta{}, + Spec: monitoringv1.AlertmanagerSpec{ + DNSPolicy: ptr.To(monitoringv1.DNSClusterFirst), + DNSConfig: &monitoringv1.PodDNSConfig{ + Nameservers: []string{"8.8.8.8"}, + Searches: []string{"custom.search"}, + Options: []monitoringv1.PodDNSConfigOption{ + { + Name: "ndots", + Value: ptr.To("5"), + }, + }, + }, + }, + }, defaultTestConfig, "", &operator.ShardedSecret{}) + require.NoError(t, err) + + require.Equal(t, v1.DNSClusterFirst, sset.Spec.Template.Spec.DNSPolicy, "expected dns policy to match") + require.Equal(t, + &v1.PodDNSConfig{ + Nameservers: []string{"8.8.8.8"}, + Searches: []string{"custom.search"}, + Options: []v1.PodDNSConfigOption{ + { + Name: "ndots", + Value: ptr.To("5"), + }, + }, + }, sset.Spec.Template.Spec.DNSConfig, "expected dns configuration to match") +} diff --git a/pkg/alertmanager/types.go b/pkg/alertmanager/types.go index 3515e7ec3d5..d768433374c 100644 --- a/pkg/alertmanager/types.go +++ b/pkg/alertmanager/types.go @@ -207,10 +207,18 @@ type httpClientConfig struct { OAuth2 *oauth2 `yaml:"oauth2,omitempty"` BearerToken string `yaml:"bearer_token,omitempty"` BearerTokenFile string `yaml:"bearer_token_file,omitempty"` - ProxyURL string `yaml:"proxy_url,omitempty"` TLSConfig *tlsConfig `yaml:"tls_config,omitempty"` FollowRedirects *bool `yaml:"follow_redirects,omitempty"` EnableHTTP2 *bool `yaml:"enable_http2,omitempty"` + + proxyConfig `yaml:",inline"` +} + +type proxyConfig struct { + ProxyURL string `yaml:"proxy_url,omitempty"` + NoProxy string `yaml:"no_proxy,omitempty"` + ProxyFromEnvironment bool `yaml:"proxy_from_environment,omitempty"` + ProxyConnectHeader map[string][]string `yaml:"proxy_connect_header,omitempty"` } type tlsConfig struct { @@ -242,7 +250,7 @@ type oauth2 struct { Scopes []string `yaml:"scopes,omitempty"` TokenURL string `yaml:"token_url"` EndpointParams map[string]string `yaml:"endpoint_params,omitempty"` - ProxyURL string `yaml:"proxy_url,omitempty"` + proxyConfig `yaml:",inline"` TLSConfig *tlsConfig `yaml:"tls_config,omitempty"` } diff --git a/pkg/alertmanager/validation/v1alpha1/validation.go b/pkg/alertmanager/validation/v1alpha1/validation.go index 74efafc5369..c50a3db3eee 100644 --- a/pkg/alertmanager/validation/v1alpha1/validation.go +++ b/pkg/alertmanager/validation/v1alpha1/validation.go @@ -42,7 +42,7 @@ func ValidateAlertmanagerConfig(amc *monitoringv1alpha1.AlertmanagerConfig) erro return err } - return validateAlertManagerRoutes(amc.Spec.Route, receivers, muteTimeIntervals, true) + return validateRoute(amc.Spec.Route, receivers, muteTimeIntervals, true) } func validateReceivers(receivers []monitoringv1alpha1.Receiver) (map[string]struct{}, error) { @@ -345,10 +345,11 @@ func validateMSTeamsConfigs(configs []monitoringv1alpha1.MSTeamsConfig) error { return nil } -// validateAlertManagerRoutes verifies that the given route and all its children are semantically valid. -// because of the self-referential issues mentioned in https://github.com/kubernetes/kubernetes/issues/62872 -// it is not currently possible to apply OpenAPI validation to a v1alpha1.Route. -func validateAlertManagerRoutes(r *monitoringv1alpha1.Route, receivers, muteTimeIntervals map[string]struct{}, topLevelRoute bool) error { +// validateRoute verifies that the given route and all its children are +// semantically valid. because of the self-referential issues mentioned in +// https://github.com/kubernetes/kubernetes/issues/62872 it is not currently +// possible to apply OpenAPI validation to a v1alpha1.Route. +func validateRoute(r *monitoringv1alpha1.Route, receivers, muteTimeIntervals map[string]struct{}, topLevelRoute bool) error { if r == nil { return nil } @@ -388,7 +389,6 @@ func validateAlertManagerRoutes(r *monitoringv1alpha1.Route, receivers, muteTime } } - // validate that if defaults are set, they match regex if r.GroupInterval != "" && !durationRe.MatchString(r.GroupInterval) { return fmt.Errorf("groupInterval %s does not match required regex: %s", r.GroupInterval, durationRe.String()) @@ -401,13 +401,20 @@ func validateAlertManagerRoutes(r *monitoringv1alpha1.Route, receivers, muteTime return fmt.Errorf("repeatInterval %s does not match required regex: %s", r.RepeatInterval, durationRe.String()) } + for i, m := range r.Matchers { + if err := m.Validate(); err != nil { + return fmt.Errorf("matcher[%d]: %w", i, err) + } + } + + // Unmarshal the child routes and validate them recursively. children, err := r.ChildRoutes() if err != nil { return err } for i := range children { - if err := validateAlertManagerRoutes(&children[i], receivers, muteTimeIntervals, false); err != nil { + if err := validateRoute(&children[i], receivers, muteTimeIntervals, false); err != nil { return fmt.Errorf("route[%d]: %w", i, err) } } diff --git a/pkg/alertmanager/validation/v1beta1/validation.go b/pkg/alertmanager/validation/v1beta1/validation.go index 4024adada1d..77a23a3a98f 100644 --- a/pkg/alertmanager/validation/v1beta1/validation.go +++ b/pkg/alertmanager/validation/v1beta1/validation.go @@ -42,7 +42,7 @@ func ValidateAlertmanagerConfig(amc *monitoringv1beta1.AlertmanagerConfig) error return err } - return validateAlertManagerRoutes(amc.Spec.Route, receivers, timeIntervals, true) + return validateRoute(amc.Spec.Route, receivers, timeIntervals, true) } func validateReceivers(receivers []monitoringv1beta1.Receiver) (map[string]struct{}, error) { @@ -346,10 +346,11 @@ func validateMSTeamsConfigs(configs []monitoringv1beta1.MSTeamsConfig) error { return nil } -// validateAlertManagerRoutes verifies that the given route and all its children are semantically valid. -// because of the self-referential issues mentioned in https://github.com/kubernetes/kubernetes/issues/62872 -// it is not currently possible to apply OpenAPI validation to a v1beta1.Route. -func validateAlertManagerRoutes(r *monitoringv1beta1.Route, receivers, timeIntervals map[string]struct{}, topLevelRoute bool) error { +// validateRoute verifies that the given route and all its children are +// semantically valid. because of the self-referential issues mentioned in +// https://github.com/kubernetes/kubernetes/issues/62872 it is not currently +// possible to apply OpenAPI validation to a v1beta1.Route. +func validateRoute(r *monitoringv1beta1.Route, receivers, timeIntervals map[string]struct{}, topLevelRoute bool) error { if r == nil { return nil } @@ -389,7 +390,6 @@ func validateAlertManagerRoutes(r *monitoringv1beta1.Route, receivers, timeInter } } - // validate that if defaults are set, they match regex if r.GroupInterval != "" && !durationRe.MatchString(r.GroupInterval) { return fmt.Errorf("groupInterval %s does not match required regex: %s", r.GroupInterval, durationRe.String()) @@ -402,13 +402,20 @@ func validateAlertManagerRoutes(r *monitoringv1beta1.Route, receivers, timeInter return fmt.Errorf("repeatInterval %s does not match required regex: %s", r.RepeatInterval, durationRe.String()) } + for i, v := range r.Matchers { + if err := v.Validate(); err != nil { + return fmt.Errorf("matcher[%d]: %w", i, err) + } + } + + // Unmarshal the child routes and validate them recursively. children, err := r.ChildRoutes() if err != nil { return err } for i := range children { - if err := validateAlertManagerRoutes(&children[i], receivers, timeIntervals, false); err != nil { + if err := validateRoute(&children[i], receivers, timeIntervals, false); err != nil { return fmt.Errorf("route[%d]: %w", i, err) } } diff --git a/pkg/apis/monitoring/go.mod b/pkg/apis/monitoring/go.mod index 95164dc08d2..aefc3743124 100644 --- a/pkg/apis/monitoring/go.mod +++ b/pkg/apis/monitoring/go.mod @@ -1,31 +1,31 @@ module github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring -go 1.22.0 +go 1.23 -toolchain go1.22.2 +toolchain go1.23.1 require ( - k8s.io/api v0.30.2 - k8s.io/apiextensions-apiserver v0.30.2 - k8s.io/apimachinery v0.30.2 - sigs.k8s.io/controller-runtime v0.18.4 + k8s.io/api v0.31.2 + k8s.io/apiextensions-apiserver v0.31.2 + k8s.io/apimachinery v0.31.2 + sigs.k8s.io/controller-runtime v0.19.0 ) require ( - github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - golang.org/x/net v0.26.0 // indirect - golang.org/x/text v0.16.0 // indirect + github.com/x448/float16 v0.8.4 // indirect + golang.org/x/net v0.29.0 // indirect + golang.org/x/text v0.18.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect + k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/pkg/apis/monitoring/go.sum b/pkg/apis/monitoring/go.sum index b43358dccf4..1f1bb06e85e 100644 --- a/pkg/apis/monitoring/go.sum +++ b/pkg/apis/monitoring/go.sum @@ -2,6 +2,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -28,14 +30,16 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -47,8 +51,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -57,8 +61,8 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -77,21 +81,21 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= -k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= -k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE= -k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw= -k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= -k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0= +k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= +k8s.io/apiextensions-apiserver v0.31.2 h1:W8EwUb8+WXBLu56ser5IudT2cOho0gAKeTOnywBLxd0= +k8s.io/apiextensions-apiserver v0.31.2/go.mod h1:i+Geh+nGCJEGiCGR3MlBDkS7koHIIKWVfWeRFiOsUcM= +k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw= +k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= -sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= +k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 h1:b2FmK8YH+QEwq/Sy2uAEhmqL5nPfGYbJOcaqjeYYZoA= +k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= +sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/pkg/apis/monitoring/v1/alertmanager_types.go b/pkg/apis/monitoring/v1/alertmanager_types.go index f99dedf4365..a3e99d5851f 100644 --- a/pkg/apis/monitoring/v1/alertmanager_types.go +++ b/pkg/apis/monitoring/v1/alertmanager_types.go @@ -37,8 +37,15 @@ const ( // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" // +kubebuilder:printcolumn:name="Paused",type="boolean",JSONPath=".status.paused",description="Whether the resource reconciliation is paused or not",priority=1 // +kubebuilder:subresource:status +// +kubebuilder:subresource:scale:specpath=.spec.replicas,statuspath=.status.replicas,selectorpath=.status.selector +// +genclient:method=GetScale,verb=get,subresource=scale,result=k8s.io/api/autoscaling/v1.Scale +// +genclient:method=UpdateScale,verb=update,subresource=scale,input=k8s.io/api/autoscaling/v1.Scale,result=k8s.io/api/autoscaling/v1.Scale -// Alertmanager describes an Alertmanager cluster. +// The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more. +// +// For each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode. +// +// The resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances. type Alertmanager struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -170,6 +177,14 @@ type AlertmanagerSpec struct { // SecurityContext holds pod-level security attributes and common container settings. // This defaults to the default PodSecurityContext. SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` + // Defines the DNS policy for the pods. + // + // +optional + DNSPolicy *DNSPolicy `json:"dnsPolicy,omitempty"` + // Defines the DNS configuration for the pods. + // + // +optional + DNSConfig *PodDNSConfig `json:"dnsConfig,omitempty"` // ServiceAccountName is the name of the ServiceAccount to use to run the // Prometheus Pods. ServiceAccountName string `json:"serviceAccountName,omitempty"` @@ -222,12 +237,14 @@ type AlertmanagerSpec struct { ForceEnableClusterMode bool `json:"forceEnableClusterMode,omitempty"` // AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. AlertmanagerConfigSelector *metav1.LabelSelector `json:"alertmanagerConfigSelector,omitempty"` - // The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. - // In the future more options may be added. - AlertmanagerConfigMatcherStrategy AlertmanagerConfigMatcherStrategy `json:"alertmanagerConfigMatcherStrategy,omitempty"` // Namespaces to be selected for AlertmanagerConfig discovery. If nil, only // check own namespace. AlertmanagerConfigNamespaceSelector *metav1.LabelSelector `json:"alertmanagerConfigNamespaceSelector,omitempty"` + + // AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects + // process incoming alerts. + AlertmanagerConfigMatcherStrategy AlertmanagerConfigMatcherStrategy `json:"alertmanagerConfigMatcherStrategy,omitempty"` + // Minimum number of seconds for which a newly created pod should be ready // without any of its container crashing for it to be considered available. // Defaults to 0 (pod will be considered available as soon as it is ready) @@ -263,16 +280,31 @@ type AlertmanagerSpec struct { EnableFeatures []string `json:"enableFeatures,omitempty"` } -// AlertmanagerConfigMatcherStrategy defines the strategy used by AlertmanagerConfig objects to match alerts. type AlertmanagerConfigMatcherStrategy struct { - // If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules. - // `None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig. - // Default is `OnNamespace`. + // AlertmanagerConfigMatcherStrategyType defines the strategy used by + // AlertmanagerConfig objects to match alerts in the routes and inhibition + // rules. + // + // The default value is `OnNamespace`. + // // +kubebuilder:validation:Enum="OnNamespace";"None" // +kubebuilder:default:="OnNamespace" - Type string `json:"type,omitempty"` + Type AlertmanagerConfigMatcherStrategyType `json:"type,omitempty"` } +type AlertmanagerConfigMatcherStrategyType string + +const ( + // With `OnNamespace`, the route and inhibition rules of an + // AlertmanagerConfig object only process alerts that have a `namespace` + // label equal to the namespace of the object. + OnNamespaceConfigMatcherStrategyType AlertmanagerConfigMatcherStrategyType = "OnNamespace" + + // With `None`, the route and inhbition rules of an AlertmanagerConfig + // object process all incoming alerts. + NoneConfigMatcherStrategyType AlertmanagerConfigMatcherStrategyType = "None" +) + // AlertmanagerConfiguration defines the Alertmanager configuration. // +k8s:openapi-gen=true type AlertmanagerConfiguration struct { @@ -336,6 +368,8 @@ type AlertmanagerStatus struct { AvailableReplicas int32 `json:"availableReplicas"` // Total number of unavailable pods targeted by this Alertmanager object. UnavailableReplicas int32 `json:"unavailableReplicas"` + // The selector used to match the pods targeted by this Alertmanager object. + Selector string `json:"selector,omitempty"` // The current state of the Alertmanager object. // +listType=map // +listMapKey=type @@ -439,9 +473,9 @@ type HTTPConfig struct { // TLS configuration for the client. // +optional TLSConfig *SafeTLSConfig `json:"tlsConfig,omitempty"` - // Optional proxy URL. - // +optional - ProxyURL string `json:"proxyURL,omitempty"` + + ProxyConfig `json:",inline"` + // FollowRedirects specifies whether the client should follow HTTP 3xx redirects. // +optional FollowRedirects *bool `json:"followRedirects,omitempty"` diff --git a/pkg/apis/monitoring/v1/dns_types.go b/pkg/apis/monitoring/v1/dns_types.go new file mode 100644 index 00000000000..a4731458b7a --- /dev/null +++ b/pkg/apis/monitoring/v1/dns_types.go @@ -0,0 +1,82 @@ +// Copyright 2024 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package v1 + +// PodDNSConfig defines the DNS parameters of a pod in addition to +// those generated from DNSPolicy. +type PodDNSConfig struct { + // A list of DNS name server IP addresses. + // This will be appended to the base nameservers generated from DNSPolicy. + // +kubebuilder:validation:Optional + // +listType:=set + // +kubebuilder:validation:items:MinLength:=1 + Nameservers []string `json:"nameservers,omitempty"` + + // A list of DNS search domains for host-name lookup. + // This will be appended to the base search paths generated from DNSPolicy. + // +kubebuilder:validation:Optional + // +listType:=set + // +kubebuilder:validation:items:MinLength:=1 + Searches []string `json:"searches,omitempty"` + + // A list of DNS resolver options. + // This will be merged with the base options generated from DNSPolicy. + // Resolution options given in Options + // will override those that appear in the base DNSPolicy. + // +kubebuilder:validation:Optional + // +listType=map + // +listMapKey=name + Options []PodDNSConfigOption `json:"options,omitempty"` +} + +// PodDNSConfigOption defines DNS resolver options of a pod. +type PodDNSConfigOption struct { + // Name is required and must be unique. + // +kubebuilder:validation:MinLength=1 + Name string `json:"name"` + + // Value is optional. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty"` +} + +// DNSPolicy specifies the DNS policy for the pod. +// +kubebuilder:validation:Enum=ClusterFirstWithHostNet;ClusterFirst;Default;None +type DNSPolicy string + +const ( + // DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS + // first, if it is available, then fall back on the default + // (as determined by kubelet) DNS settings. + DNSClusterFirstWithHostNet DNSPolicy = "ClusterFirstWithHostNet" + + // DNSClusterFirst indicates that the pod should use cluster DNS + // first unless hostNetwork is true, if it is available, then + // fall back on the default (as determined by kubelet) DNS settings. + DNSClusterFirst DNSPolicy = "ClusterFirst" + + // DNSDefault indicates that the pod should use the default (as + // determined by kubelet) DNS settings. + DNSDefault DNSPolicy = "Default" + + // DNSNone indicates that the pod should use empty DNS settings. DNS + // parameters such as nameservers and search paths should be defined via + // DNSConfig. + DNSNone DNSPolicy = "None" +) + +const ( +// DefaultTerminationGracePeriodSeconds indicates the default duration in +// seconds a pod needs to terminate gracefully. +) diff --git a/pkg/apis/monitoring/v1/podmonitor_types.go b/pkg/apis/monitoring/v1/podmonitor_types.go index aa021750111..a6e2c1605df 100644 --- a/pkg/apis/monitoring/v1/podmonitor_types.go +++ b/pkg/apis/monitoring/v1/podmonitor_types.go @@ -31,7 +31,14 @@ const ( // +k8s:openapi-gen=true // +kubebuilder:resource:categories="prometheus-operator",shortName="pmon" -// PodMonitor defines monitoring for a set of pods. +// The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods. +// Among other things, it allows to specify: +// * The pods to scrape via label selectors. +// * The container ports to scrape. +// * Authentication credentials to use. +// * Target and metric relabeling. +// +// `Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors. type PodMonitor struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -64,15 +71,15 @@ type PodMonitorSpec struct { // PodTargetLabels []string `json:"podTargetLabels,omitempty"` - // List of endpoints part of this PodMonitor. + // Defines how to scrape metrics from the selected pods. // // +optional PodMetricsEndpoints []PodMetricsEndpoint `json:"podMetricsEndpoints"` - // Label selector to select the Kubernetes `Pod` objects. + // Label selector to select the Kubernetes `Pod` objects to scrape metrics from. Selector metav1.LabelSelector `json:"selector"` - // Selector to select which namespaces the Kubernetes `Pods` objects - // are discovered from. + // `namespaceSelector` defines in which namespace(s) Prometheus should discover the pods. + // By default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces. NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty"` // `sampleLimit` defines a per-scrape limit on the number of scraped samples @@ -116,6 +123,9 @@ type PodMonitorSpec struct { // // +optional LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` + + NativeHistogramConfig `json:",inline"` + // Per-scrape limit on the number of targets dropped by relabeling // that will be kept in memory. 0 means no limit. // @@ -127,7 +137,7 @@ type PodMonitorSpec struct { // `attachMetadata` defines additional metadata which is added to the // discovered targets. // - // It requires Prometheus >= v2.37.0. + // It requires Prometheus >= v2.35.0. // // +optional AttachMetadata *AttachMetadata `json:"attachMetadata,omitempty"` diff --git a/pkg/apis/monitoring/v1/probe_types.go b/pkg/apis/monitoring/v1/probe_types.go index 4e8427c6c2a..16c927ad60c 100644 --- a/pkg/apis/monitoring/v1/probe_types.go +++ b/pkg/apis/monitoring/v1/probe_types.go @@ -30,7 +30,13 @@ const ( // +k8s:openapi-gen=true // +kubebuilder:resource:categories="prometheus-operator",shortName="prb" -// Probe defines monitoring for a set of static targets or ingresses. +// The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter). +// +// The `Probe` resource needs 2 pieces of information: +// * The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects. +// * The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics. +// +// `Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors. type Probe struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -106,6 +112,8 @@ type ProbeSpec struct { // Only valid in Prometheus versions 2.27.0 and newer. // +optional LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` + + NativeHistogramConfig `json:",inline"` // Per-scrape limit on the number of targets dropped by relabeling // that will be kept in memory. 0 means no limit. // diff --git a/pkg/apis/monitoring/v1/prometheus_types.go b/pkg/apis/monitoring/v1/prometheus_types.go index e22d785fbd6..406613435e2 100644 --- a/pkg/apis/monitoring/v1/prometheus_types.go +++ b/pkg/apis/monitoring/v1/prometheus_types.go @@ -41,6 +41,15 @@ const ( // +kubebuilder:validation:Enum=PrometheusProto;OpenMetricsText0.0.1;OpenMetricsText1.0.0;PrometheusText0.0.4 type ScrapeProtocol string +// RuntimeConfig configures the values for the process behavior. +type RuntimeConfig struct { + // The Go garbage collection target percentage. Lowering this number may increase the CPU usage. + // See: https://tip.golang.org/doc/gc-guide#GOGC + // +optional + // +kubebuilder:validation:Minimum=-1 + GoGC *int32 `json:"goGC,omitempty"` +} + // PrometheusInterface is used by Prometheus and PrometheusAgent to share common methods, e.g. config generation. // +k8s:deepcopy-gen=false type PrometheusInterface interface { @@ -298,6 +307,16 @@ type CommonPrometheusFields struct { // It requires Prometheus >= v2.33.0. EnableRemoteWriteReceiver bool `json:"enableRemoteWriteReceiver,omitempty"` + // List of the protobuf message versions to accept when receiving the + // remote writes. + // + // It requires Prometheus >= v2.54.0. + // + // +kubebuilder:validation:MinItems=1 + // +listType:=set + // +optional + RemoteWriteReceiverMessageVersions []RemoteWriteMessageVersion `json:"remoteWriteReceiverMessageVersions,omitempty"` + // Enable access to Prometheus feature flags. By default, no features are enabled. // // Enabling features which are disabled by default is entirely outside the @@ -368,6 +387,7 @@ type CommonPrometheusFields struct { // object, which shall be mounted into the Prometheus Pods. // Each Secret is added to the StatefulSet definition as a volume named `secret-`. // The Secrets are mounted into /etc/prometheus/secrets/ in the 'prometheus' container. + // +listType:=set Secrets []string `json:"secrets,omitempty"` // ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus // object, which shall be mounted into the Prometheus Pods. @@ -390,11 +410,25 @@ type CommonPrometheusFields struct { // +optional RemoteWrite []RemoteWriteSpec `json:"remoteWrite,omitempty"` + // Settings related to the OTLP receiver feature. + // It requires Prometheus >= v2.55.0. + // + // +optional + OTLP *OTLPConfig `json:"otlp,omitempty"` + // SecurityContext holds pod-level security attributes and common container settings. // This defaults to the default PodSecurityContext. // +optional SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` + // Defines the DNS policy for the pods. + // + // +optional + DNSPolicy *DNSPolicy `json:"dnsPolicy,omitempty"` + // Defines the DNS configuration for the pods. + // + // +optional + DNSConfig *PodDNSConfig `json:"dnsConfig,omitempty"` // When true, the Prometheus server listens on the loopback address // instead of the Pod IP's address. ListenLocal bool `json:"listenLocal,omitempty"` @@ -676,7 +710,8 @@ type CommonPrometheusFields struct { // it (https://kubernetes.io/docs/concepts/configuration/overview/). // // When hostNetwork is enabled, this will set the DNS policy to - // `ClusterFirstWithHostNet` automatically. + // `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set + // to a different value). HostNetwork bool `json:"hostNetwork,omitempty"` // PodTargetLabels are appended to the `spec.podTargetLabels` field of all @@ -771,6 +806,21 @@ type CommonPrometheusFields struct { // +listType=map // +listMapKey=name ScrapeClasses []ScrapeClass `json:"scrapeClasses,omitempty"` + + // Defines the service discovery role used to discover targets from + // `ServiceMonitor` objects and Alertmanager endpoints. + // + // If set, the value should be either "Endpoints" or "EndpointSlice". + // If unset, the operator assumes the "Endpoints" role. + // + // +optional + ServiceDiscoveryRole *ServiceDiscoveryRole `json:"serviceDiscoveryRole,omitempty"` + + // Defines the runtime reloadable configuration of the timeseries database(TSDB). + // It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + // + // +optional + TSDB *TSDBSpec `json:"tsdb,omitempty"` } // +kubebuilder:validation:Enum=HTTP;ProcessSignal @@ -784,6 +834,14 @@ const ( ProcessSignalReloadStrategyType ReloadStrategyType = "ProcessSignal" ) +// +kubebuilder:validation:Enum=Endpoints;EndpointSlice +type ServiceDiscoveryRole string + +const ( + EndpointsRole ServiceDiscoveryRole = "Endpoints" + EndpointSliceRole ServiceDiscoveryRole = "EndpointSlice" +) + func (cpf *CommonPrometheusFields) PrometheusURIScheme() string { if cpf.Web != nil && cpf.Web.TLSConfig != nil { return "https" @@ -815,7 +873,13 @@ func (cpf *CommonPrometheusFields) WebRoutePrefix() string { // +genclient:method=GetScale,verb=get,subresource=scale,result=k8s.io/api/autoscaling/v1.Scale // +genclient:method=UpdateScale,verb=update,subresource=scale,input=k8s.io/api/autoscaling/v1.Scale,result=k8s.io/api/autoscaling/v1.Scale -// Prometheus defines a Prometheus deployment. +// The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more. +// +// For each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default. +// +// The resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances. +// +// The Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed. type Prometheus struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -855,6 +919,10 @@ func (l *PrometheusList) DeepCopyObject() runtime.Object { type PrometheusSpec struct { CommonPrometheusFields `json:",inline"` + // RuntimeConfig configures the values for the Prometheus process behavior + // +optional + Runtime *RuntimeConfig `json:"runtime,omitempty"` + // Deprecated: use 'spec.image' instead. BaseImage string `json:"baseImage,omitempty"` // Deprecated: use 'spec.image' instead. The image's tag can be specified as part of the image name. @@ -969,6 +1037,11 @@ type PrometheusSpec struct { // +kubebuilder:default:="30s" EvaluationInterval Duration `json:"evaluationInterval,omitempty"` + // Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. + // It requires Prometheus >= v2.53.0. + // +optional + RuleQueryOffset *Duration `json:"ruleQueryOffset,omitempty"` + // Enables access to the Prometheus web admin API. // // WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, @@ -979,10 +1052,6 @@ type PrometheusSpec struct { // For more information: // https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis EnableAdminAPI bool `json:"enableAdminAPI,omitempty"` - - // Defines the runtime reloadable configuration of the timeseries database - // (TSDB). - TSDB TSDBSpec `json:"tsdb,omitempty"` } type PrometheusTracingConfig struct { @@ -1060,7 +1129,7 @@ type PrometheusStatus struct { // AlertingSpec defines parameters for alerting configuration of Prometheus servers. // +k8s:openapi-gen=true type AlertingSpec struct { - // AlertmanagerEndpoints Prometheus should fire alerts against. + // Alertmanager endpoints where Prometheus should send alerts to. Alertmanagers []AlertmanagerEndpoints `json:"alertmanagers"` } @@ -1279,6 +1348,8 @@ type ThanosSpec struct { // +k8s:openapi-gen=true type RemoteWriteSpec struct { // The URL of the endpoint to send samples to. + // +kubebuilder:validation:MinLength=1 + // +required URL string `json:"url"` // The name of the remote write queue, it must be unique if specified. The @@ -1286,10 +1357,27 @@ type RemoteWriteSpec struct { // // It requires Prometheus >= v2.15.0. // - Name string `json:"name,omitempty"` + //+optional + Name *string `json:"name,omitempty"` + + // The Remote Write message's version to use when writing to the endpoint. + // + // `Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0. + // `Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0. + // + // When `Version2.0` is selected, Prometheus will automatically be + // configured to append the metadata of scraped metrics to the WAL. + // + // Before setting this field, consult with your remote storage provider + // what message version it supports. + // + // It requires Prometheus >= v2.54.0. + // + // +optional + MessageVersion *RemoteWriteMessageVersion `json:"messageVersion,omitempty"` // Enables sending of exemplars over remote write. Note that - // exemplar-storage itself must be enabled using the `spec.enableFeature` + // exemplar-storage itself must be enabled using the `spec.enableFeatures` // option for exemplars to be scraped in the first place. // // It requires Prometheus >= v2.27.0. @@ -1306,7 +1394,8 @@ type RemoteWriteSpec struct { SendNativeHistograms *bool `json:"sendNativeHistograms,omitempty"` // Timeout for requests to the remote write endpoint. - RemoteTimeout Duration `json:"remoteTimeout,omitempty"` + // +optional + RemoteTimeout *Duration `json:"remoteTimeout,omitempty"` // Custom HTTP headers to be sent along with each remote write request. // Be aware that headers that are set by Prometheus itself can't be overwritten. @@ -1327,16 +1416,19 @@ type RemoteWriteSpec struct { // Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. // +optional OAuth2 *OAuth2 `json:"oauth2,omitempty"` + // BasicAuth configuration for the URL. // // Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. // // +optional BasicAuth *BasicAuth `json:"basicAuth,omitempty"` + // File from which to read bearer token for the URL. // // Deprecated: this will be removed in a future release. Prefer using `authorization`. BearerTokenFile string `json:"bearerTokenFile,omitempty"` + // Authorization section for the URL. // // It requires Prometheus >= v2.26.0. @@ -1345,6 +1437,7 @@ type RemoteWriteSpec struct { // // +optional Authorization *Authorization `json:"authorization,omitempty"` + // Sigv4 allows to configures AWS's Signature Verification 4 for the URL. // // It requires Prometheus >= v2.26.0. @@ -1397,6 +1490,16 @@ type RemoteWriteSpec struct { EnableHttp2 *bool `json:"enableHTTP2,omitempty"` } +// +kubebuilder:validation:Enum=V1.0;V2.0 +type RemoteWriteMessageVersion string + +const ( + // Remote Write message's version 1.0. + RemoteWriteMessageVersion1_0 = RemoteWriteMessageVersion("V1.0") + // Remote Write message's version 2.0. + RemoteWriteMessageVersion2_0 = RemoteWriteMessageVersion("V2.0") +) + // QueueConfig allows the tuning of remote write's queue_config parameters. // This object is referenced in the RemoteWriteSpec object. // +k8s:openapi-gen=true @@ -1534,7 +1637,8 @@ type RemoteReadSpec struct { RequiredMatchers map[string]string `json:"requiredMatchers,omitempty"` // Timeout for requests to the remote read endpoint. - RemoteTimeout Duration `json:"remoteTimeout,omitempty"` + // +optional + RemoteTimeout *Duration `json:"remoteTimeout,omitempty"` // Custom HTTP headers to be sent along with each remote read request. // Be aware that headers that are set by Prometheus itself can't be overwritten. @@ -1705,8 +1809,18 @@ type APIServerConfig struct { // +k8s:openapi-gen=true type AlertmanagerEndpoints struct { // Namespace of the Endpoints object. - Namespace string `json:"namespace"` + // + // If not set, the object will be discovered in the namespace of the + // Prometheus object. + // + // +kubebuilder:validation:MinLength:=1 + // +optional + Namespace *string `json:"namespace,omitempty"` + // Name of the Endpoints object in the namespace. + // + // +kubebuilder:validation:MinLength:=1 + // +required Name string `json:"name"` // Port on which the Alertmanager API is exposed. @@ -1841,8 +1955,9 @@ type TSDBSpec struct { // This is an *experimental feature*, it may change in any upcoming release // in a breaking way. // - // It requires Prometheus >= v2.39.0. - OutOfOrderTimeWindow Duration `json:"outOfOrderTimeWindow,omitempty"` + // It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. + // +optional + OutOfOrderTimeWindow *Duration `json:"outOfOrderTimeWindow,omitempty"` } type Exemplars struct { @@ -1969,4 +2084,24 @@ type ScrapeClass struct { // // +optional MetricRelabelings []RelabelConfig `json:"metricRelabelings,omitempty"` + + // AttachMetadata configures additional metadata to the discovered targets. + // When the scrape object defines its own configuration, it takes + // precedence over the scrape class configuration. + // + // +optional + AttachMetadata *AttachMetadata `json:"attachMetadata,omitempty"` +} + +// OTLPConfig is the configuration for writing to the OTLP endpoint. +// +// +k8s:openapi-gen=true +type OTLPConfig struct { + // List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. + // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:items:MinLength=1 + // +listType=set + // +optional + PromoteResourceAttributes []string `json:"promoteResourceAttributes,omitempty"` } diff --git a/pkg/apis/monitoring/v1/prometheusrule_types.go b/pkg/apis/monitoring/v1/prometheusrule_types.go index 8c9a4afe62c..b321bafc3d4 100644 --- a/pkg/apis/monitoring/v1/prometheusrule_types.go +++ b/pkg/apis/monitoring/v1/prometheusrule_types.go @@ -30,7 +30,9 @@ const ( // +k8s:openapi-gen=true // +kubebuilder:resource:categories="prometheus-operator",shortName="promrule" -// PrometheusRule defines recording and alerting rules for a Prometheus instance +// The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects. +// +// `Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors. type PrometheusRule struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -64,6 +66,12 @@ type RuleGroup struct { // Interval determines how often rules in the group are evaluated. // +optional Interval *Duration `json:"interval,omitempty"` + // Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. + // + // It requires Prometheus >= v2.53.0. + // It is not supported for ThanosRuler. + // +optional + QueryOffset *Duration `json:"query_offset,omitempty"` // List of alerting and recording rules. // +optional Rules []Rule `json:"rules,omitempty"` diff --git a/pkg/apis/monitoring/v1/servicemonitor_types.go b/pkg/apis/monitoring/v1/servicemonitor_types.go index 8002a1328de..0b40e4a9ea8 100644 --- a/pkg/apis/monitoring/v1/servicemonitor_types.go +++ b/pkg/apis/monitoring/v1/servicemonitor_types.go @@ -29,7 +29,14 @@ const ( // +k8s:openapi-gen=true // +kubebuilder:resource:categories="prometheus-operator",shortName="smon" -// ServiceMonitor defines monitoring for a set of services. +// The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services. +// Among other things, it allows to specify: +// * The services to scrape via label selectors. +// * The container ports to scrape. +// * Authentication credentials to use. +// * Target and metric relabeling. +// +// `Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors. type ServiceMonitor struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -70,14 +77,14 @@ type ServiceMonitorSpec struct { PodTargetLabels []string `json:"podTargetLabels,omitempty"` // List of endpoints part of this ServiceMonitor. - // - // +optional + // Defines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects. + // In most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels. Endpoints []Endpoint `json:"endpoints"` - // Label selector to select the Kubernetes `Endpoints` objects. + // Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from. Selector metav1.LabelSelector `json:"selector"` - // Selector to select which namespaces the Kubernetes `Endpoints` objects - // are discovered from. + // `namespaceSelector` defines in which namespace(s) Prometheus should discover the services. + // By default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces. NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty"` // `sampleLimit` defines a per-scrape limit on the number of scraped samples @@ -121,6 +128,9 @@ type ServiceMonitorSpec struct { // // +optional LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` + + NativeHistogramConfig `json:",inline"` + // Per-scrape limit on the number of targets dropped by relabeling // that will be kept in memory. 0 means no limit. // diff --git a/pkg/apis/monitoring/v1/thanos_types.go b/pkg/apis/monitoring/v1/thanos_types.go index 82c569ee14d..e25590d2ebc 100644 --- a/pkg/apis/monitoring/v1/thanos_types.go +++ b/pkg/apis/monitoring/v1/thanos_types.go @@ -38,7 +38,11 @@ const ( // +kubebuilder:printcolumn:name="Paused",type="boolean",JSONPath=".status.paused",description="Whether the resource reconciliation is paused or not",priority=1 // +kubebuilder:subresource:status -// ThanosRuler defines a ThanosRuler deployment. +// The `ThanosRuler` custom resource definition (CRD) defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster. +// +// A `ThanosRuler` instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services). +// +// The resource defines via label and namespace selectors which `PrometheusRule` objects should be associated to the deployed Thanos Ruler instances. type ThanosRuler struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -106,6 +110,15 @@ type ThanosRulerSpec struct { // SecurityContext holds pod-level security attributes and common container settings. // This defaults to the default PodSecurityContext. SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` + // Defines the DNS policy for the pods. + // + // +optional + DNSPolicy *DNSPolicy `json:"dnsPolicy,omitempty"` + // Defines the DNS configuration for the pods. + // + // +optional + DNSConfig *PodDNSConfig `json:"dnsConfig,omitempty"` + // Priority class assigned to the Pods PriorityClassName string `json:"priorityClassName,omitempty"` // ServiceAccountName is the name of the ServiceAccount to use to run the @@ -292,7 +305,7 @@ type ThanosRulerStatus struct { AvailableReplicas int32 `json:"availableReplicas"` // Total number of unavailable pods targeted by this ThanosRuler deployment. UnavailableReplicas int32 `json:"unavailableReplicas"` - // The current state of the Alertmanager object. + // The current state of the ThanosRuler object. // +listType=map // +listMapKey=type // +optional diff --git a/pkg/apis/monitoring/v1/types.go b/pkg/apis/monitoring/v1/types.go index 5676566fa21..6d43b90c79e 100644 --- a/pkg/apis/monitoring/v1/types.go +++ b/pkg/apis/monitoring/v1/types.go @@ -17,8 +17,11 @@ package v1 import ( "errors" "fmt" + "reflect" + "strings" v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/intstr" @@ -79,7 +82,6 @@ type PrometheusRuleExcludeConfig struct { type ProxyConfig struct { // `proxyURL` defines the HTTP proxy server to use. // - // It requires Prometheus >= v2.43.0. // +kubebuilder:validation:Pattern:="^http(s)?://.+$" // +optional ProxyURL *string `json:"proxyUrl,omitempty"` @@ -87,24 +89,67 @@ type ProxyConfig struct { // that should be excluded from proxying. IP and domain names can // contain port numbers. // - // It requires Prometheus >= v2.43.0. + // It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. // +optional NoProxy *string `json:"noProxy,omitempty"` // Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - // If unset, Prometheus uses its default value. // - // It requires Prometheus >= v2.43.0. + // It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. // +optional ProxyFromEnvironment *bool `json:"proxyFromEnvironment,omitempty"` // ProxyConnectHeader optionally specifies headers to send to // proxies during CONNECT requests. // - // It requires Prometheus >= v2.43.0. + // It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. // +optional // +mapType:=atomic ProxyConnectHeader map[string][]v1.SecretKeySelector `json:"proxyConnectHeader,omitempty"` } +// Validate semantically validates the given ProxyConfig. +func (pc *ProxyConfig) Validate() error { + if pc == nil { + return nil + } + + if reflect.ValueOf(pc).IsZero() { + return nil + } + + proxyFromEnvironmentDefined := pc.ProxyFromEnvironment != nil && *pc.ProxyFromEnvironment + proxyURLDefined := pc.ProxyURL != nil && *pc.ProxyURL != "" + noProxyDefined := pc.NoProxy != nil && *pc.NoProxy != "" + + if len(pc.ProxyConnectHeader) > 0 && (!proxyFromEnvironmentDefined && !proxyURLDefined) { + return fmt.Errorf("if proxyConnectHeader is configured, proxyUrl or proxyFromEnvironment must also be configured") + } + + if proxyFromEnvironmentDefined && proxyURLDefined { + return fmt.Errorf("if proxyFromEnvironment is configured, proxyUrl must not be configured") + } + + if proxyFromEnvironmentDefined && noProxyDefined { + return fmt.Errorf("if proxyFromEnvironment is configured, noProxy must not be configured") + } + + if !proxyURLDefined && noProxyDefined { + return fmt.Errorf("if noProxy is configured, proxyUrl must also be configured") + } + + for k, v := range pc.ProxyConnectHeader { + if len(v) == 0 { + return fmt.Errorf("proxyConnetHeader[%s]: selector must not be empty", k) + } + for i, sel := range v { + if sel == (v1.SecretKeySelector{}) { + return fmt.Errorf("proxyConnectHeader[%s][%d]: selector must be defined", k, i) + } + } + } + + return nil +} + // ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object. type ObjectReference struct { // Group of the referent. When not specified, it defaults to `monitoring.coreos.com` @@ -314,16 +359,16 @@ type WebHTTPHeaders struct { // WebTLSConfig defines the TLS parameters for HTTPS. // +k8s:openapi-gen=true type WebTLSConfig struct { - // Secret containing the TLS key for the server. - KeySecret v1.SecretKeySelector `json:"keySecret"` // Contains the TLS certificate for the server. - Cert SecretOrConfigMap `json:"cert"` + Cert SecretOrConfigMap `json:"cert,omitempty"` + // Contains the CA certificate for client certificate authentication to the server. + ClientCA SecretOrConfigMap `json:"client_ca,omitempty"` + // Secret containing the TLS key for the server. + KeySecret v1.SecretKeySelector `json:"keySecret,omitempty"` // Server policy for client authentication. Maps to ClientAuth Policies. // For more detail on clientAuth options: // https://golang.org/pkg/crypto/tls/#ClientAuthType ClientAuthType string `json:"clientAuthType,omitempty"` - // Contains the CA certificate for client certificate authentication to the server. - ClientCA SecretOrConfigMap `json:"client_ca,omitempty"` // Minimum TLS version that is acceptable. Defaults to TLS12. MinVersion string `json:"minVersion,omitempty"` // Maximum TLS version that is acceptable. Defaults to TLS13. @@ -341,10 +386,19 @@ type WebTLSConfig struct { // order. Available curves are documented in the go documentation: // https://golang.org/pkg/crypto/tls/#CurveID CurvePreferences []string `json:"curvePreferences,omitempty"` + // Path to the TLS key file in the Prometheus container for the server. + // Mutually exclusive with `keySecret`. + KeyFile string `json:"keyFile,omitempty"` + // Path to the TLS certificate file in the Prometheus container for the server. + // Mutually exclusive with `cert`. + CertFile string `json:"certFile,omitempty"` + // Path to the CA certificate file for client certificate authentication to the server. + // Mutually exclusive with `client_ca`. + ClientCAFile string `json:"clientCAFile,omitempty"` } // Validate returns an error if one of the WebTLSConfig fields is invalid. -// A valid WebTLSConfig should have Cert and KeySecret fields which are not +// A valid WebTLSConfig should have (Cert or CertFile) and (KeySecret or KeyFile) fields which are not // zero values. func (c *WebTLSConfig) Validate() error { if c == nil { @@ -352,21 +406,39 @@ func (c *WebTLSConfig) Validate() error { } if c.ClientCA != (SecretOrConfigMap{}) { + if c.ClientCAFile != "" { + return errors.New("cannot specify both clientCAFile and clientCA") + } + if err := c.ClientCA.Validate(); err != nil { - return fmt.Errorf("client CA: %w", err) + return fmt.Errorf("invalid web tls config: %s", err.Error()) + } + } + + if c.Cert != (SecretOrConfigMap{}) { + if c.CertFile != "" { + return errors.New("cannot specify both cert and certFile") + } + if err := c.Cert.Validate(); err != nil { + return fmt.Errorf("invalid web tls config: %s", err.Error()) } } - if c.Cert == (SecretOrConfigMap{}) { - return errors.New("TLS cert must be defined") - } else if err := c.Cert.Validate(); err != nil { - return fmt.Errorf("TLS cert: %w", err) + if c.KeyFile != "" && c.KeySecret != (v1.SecretKeySelector{}) { + return errors.New("cannot specify both keyFile and keySecret") } - if c.KeySecret == (v1.SecretKeySelector{}) { + hasCert := c.CertFile != "" || c.Cert != (SecretOrConfigMap{}) + hasKey := c.KeyFile != "" || c.KeySecret != (v1.SecretKeySelector{}) + + if !hasKey { return errors.New("TLS key must be defined") } + if !hasCert { + return errors.New("TLS certificate must be defined") + } + return nil } @@ -531,8 +603,11 @@ type Endpoint struct { } type AttachMetadata struct { - // When set to true, Prometheus must have the `get` permission on the - // `Nodes` objects. + // When set to true, Prometheus attaches node metadata to the discovered + // targets. + // + // The Prometheus service account must have the `list` and `watch` + // permissions on the `Nodes` objects. // // +optional Node *bool `json:"node,omitempty"` @@ -565,6 +640,18 @@ type OAuth2 struct { // // +optional EndpointParams map[string]string `json:"endpointParams,omitempty"` + + // TLS configuration to use when connecting to the OAuth2 server. + // It requires Prometheus >= v2.43.0. + // + // +optional + TLSConfig *SafeTLSConfig `json:"tlsConfig,omitempty"` + + // Proxy configuration to use when connecting to the OAuth2 server. + // It requires Prometheus >= v2.43.0. + // + // +optional + ProxyConfig `json:",inline"` } type OAuth2ValidationError struct { @@ -590,6 +677,12 @@ func (o *OAuth2) Validate() error { } } + if err := o.TLSConfig.Validate(); err != nil { + return &OAuth2ValidationError{ + err: fmt.Sprintf("invalid OAuth2 tlsConfig: %s", err.Error()), + } + } + return nil } @@ -642,6 +735,16 @@ func (c *SecretOrConfigMap) String() string { return "" } +// +kubebuilder:validation:Enum=TLS10;TLS11;TLS12;TLS13 +type TLSVersion string + +const ( + TLSVersion10 TLSVersion = "TLS10" + TLSVersion11 TLSVersion = "TLS11" + TLSVersion12 TLSVersion = "TLS12" + TLSVersion13 TLSVersion = "TLS13" +) + // SafeTLSConfig specifies safe TLS configuration parameters. // +k8s:openapi-gen=true type SafeTLSConfig struct { @@ -655,16 +758,32 @@ type SafeTLSConfig struct { KeySecret *v1.SecretKeySelector `json:"keySecret,omitempty"` // Used to verify the hostname for the targets. - //+optional + // +optional ServerName *string `json:"serverName,omitempty"` // Disable target certificate validation. - //+optional + // +optional InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"` + + // Minimum acceptable TLS version. + // + // It requires Prometheus >= v2.35.0. + // +optional + MinVersion *TLSVersion `json:"minVersion,omitempty"` + + // Maximum acceptable TLS version. + // + // It requires Prometheus >= v2.41.0. + // +optional + MaxVersion *TLSVersion `json:"maxVersion,omitempty"` } // Validate semantically validates the given SafeTLSConfig. func (c *SafeTLSConfig) Validate() error { + if c == nil { + return nil + } + if c.CA != (SecretOrConfigMap{}) { if err := c.CA.Validate(); err != nil { return fmt.Errorf("ca %s: %w", c.CA.String(), err) @@ -685,6 +804,10 @@ func (c *SafeTLSConfig) Validate() error { return fmt.Errorf("client key specified without client cert") } + if c.MaxVersion != nil && c.MinVersion != nil && strings.Compare(string(*c.MaxVersion), string(*c.MinVersion)) == -1 { + return fmt.Errorf("maxVersion must more than or equal to minVersion") + } + return nil } @@ -702,6 +825,10 @@ type TLSConfig struct { // Validate semantically validates the given TLSConfig. func (c *TLSConfig) Validate() error { + if c == nil { + return nil + } + if c.CA != (SecretOrConfigMap{}) { if c.CAFile != "" { return fmt.Errorf("cannot specify both caFile and ca") @@ -735,6 +862,10 @@ func (c *TLSConfig) Validate() error { return fmt.Errorf("cannot specify client key without client cert") } + if c.MaxVersion != nil && c.MinVersion != nil && strings.Compare(string(*c.MaxVersion), string(*c.MinVersion)) == -1 { + return fmt.Errorf("maxVersion must more than or equal to minVersion") + } + return nil } @@ -775,3 +906,27 @@ const ( RoleEndpointSlice = "endpointslice" RoleIngress = "ingress" ) + +// NativeHistogramConfig extends the native histogram configuration settings. +// +k8s:openapi-gen=true +type NativeHistogramConfig struct { + // Whether to scrape a classic histogram that is also exposed as a native histogram. + // It requires Prometheus >= v2.45.0. + // + // +optional + ScrapeClassicHistograms *bool `json:"scrapeClassicHistograms,omitempty"` + + // If there are more than this many buckets in a native histogram, + // buckets will be merged to stay within the limit. + // It requires Prometheus >= v2.45.0. + // + // +optional + NativeHistogramBucketLimit *uint64 `json:"nativeHistogramBucketLimit,omitempty"` + + // If the growth factor of one bucket to the next is smaller than this, + // buckets will be merged to increase the factor sufficiently. + // It requires Prometheus >= v2.50.0. + // + // +optional + NativeHistogramMinBucketFactor *resource.Quantity `json:"nativeHistogramMinBucketFactor,omitempty"` +} diff --git a/pkg/apis/monitoring/v1/types_test.go b/pkg/apis/monitoring/v1/types_test.go index 0bf40d8e531..ba450823cee 100644 --- a/pkg/apis/monitoring/v1/types_test.go +++ b/pkg/apis/monitoring/v1/types_test.go @@ -81,6 +81,35 @@ func TestValidateSafeTLSConfig(t *testing.T) { }, err: true, }, + { + name: "maxVersion more than minVersion", + config: &SafeTLSConfig{ + MinVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion10), + MaxVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion13), + }, + err: false, + }, + { + name: "maxVersion equal to minVersion", + config: &SafeTLSConfig{ + MinVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion13), + MaxVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion13), + }, + err: false, + }, + { + name: "maxVersion is less than minVersion", + config: &SafeTLSConfig{ + MinVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion13), + MaxVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion10), + }, + err: true, + }, + { + name: "SafeTLSConfig nil", + config: nil, + err: false, + }, } { t.Run(tc.name, func(t *testing.T) { err := tc.config.Validate() @@ -201,6 +230,41 @@ func TestValidateTLSConfig(t *testing.T) { }, err: true, }, + { + name: "maxVersion more than minVersion", + config: &TLSConfig{ + SafeTLSConfig: SafeTLSConfig{ + MinVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion10), + MaxVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion13), + }, + }, + err: false, + }, + { + name: "maxVersion equal to minVersion", + config: &TLSConfig{ + SafeTLSConfig: SafeTLSConfig{ + MinVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion13), + MaxVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion13), + }, + }, + err: false, + }, + { + name: "maxVersion is less than minVersion", + config: &TLSConfig{ + SafeTLSConfig: SafeTLSConfig{ + MinVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion13), + MaxVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion10), + }, + }, + err: true, + }, + { + name: "tlsconfig nil", + config: nil, + err: false, + }, } { t.Run(tc.name, func(t *testing.T) { err := tc.config.Validate() @@ -218,6 +282,119 @@ func TestValidateTLSConfig(t *testing.T) { } } +func TestValidateWebTlsConfig(t *testing.T) { + for _, tc := range []struct { + name string + config *WebTLSConfig + err bool + }{ + { + name: "caFile, certFile and keyFile", + config: &WebTLSConfig{ + ClientCAFile: "cafile", + CertFile: "certfile", + KeyFile: "keyfile", + }, + err: false, + }, + { + name: "certFile and keyFile", + config: &WebTLSConfig{ + CertFile: "certfile", + KeyFile: "keyfile", + }, + err: false, + }, + { + name: "caFile and keyFile", + config: &WebTLSConfig{ + ClientCAFile: "cafile", + KeyFile: "keyfile", + }, + err: true, + }, + { + name: "caFile and certFile", + config: &WebTLSConfig{ + ClientCAFile: "cafile", + CertFile: "certfile", + }, + err: true, + }, + { + name: "caFile, cert and keyFile", + config: &WebTLSConfig{ + ClientCAFile: "cafile", + KeyFile: "keyfile", + Cert: SecretOrConfigMap{Secret: &v1.SecretKeySelector{}}, + }, + err: false, + }, + { + name: "caFile, certFile and keySecret", + config: &WebTLSConfig{ + ClientCAFile: "cafile", + CertFile: "certfile", + KeySecret: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "test-secret", + }, + Key: "tls.key", + }, + }, + err: false, + }, + { + name: "ca, cert and keySecret", + config: &WebTLSConfig{ + Cert: SecretOrConfigMap{Secret: &v1.SecretKeySelector{}}, + ClientCA: SecretOrConfigMap{Secret: &v1.SecretKeySelector{}}, + KeySecret: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "test-secret", + }, + Key: "tls.key", + }, + }, + err: false, + }, + { + name: "cert and keySecret", + config: &WebTLSConfig{ + ClientCA: SecretOrConfigMap{Secret: &v1.SecretKeySelector{}}, + KeySecret: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "test-secret", + }, + Key: "tls.key", + }, + }, + err: true, + }, + { + name: "ca and cert", + config: &WebTLSConfig{ + ClientCA: SecretOrConfigMap{Secret: &v1.SecretKeySelector{}}, + Cert: SecretOrConfigMap{Secret: &v1.SecretKeySelector{}}, + }, + err: true, + }, + } { + t.Run(tc.name, func(t *testing.T) { + err := tc.config.Validate() + if tc.err { + if err == nil { + t.Fatal("expected error but got none") + } + return + } + if err != nil { + t.Fatalf("expected no error but got: %s", err) + } + }) + } +} + func TestValidateAuthorization(t *testing.T) { creds := &v1.SecretKeySelector{ LocalObjectReference: v1.LocalObjectReference{ @@ -290,3 +467,49 @@ func TestValidateAuthorization(t *testing.T) { }) } } + +func TestValidateOAuth2(t *testing.T) { + for _, tc := range []struct { + name string + config *OAuth2 + err bool + }{ + { + name: "SafeTLSConfig nil", + config: &OAuth2{ + ClientID: SecretOrConfigMap{Secret: &v1.SecretKeySelector{}}, + ClientSecret: v1.SecretKeySelector{}, + TokenURL: "http://tokenurl.org", + TLSConfig: nil, + }, + err: false, + }, + { + name: "SafeTLSConfig not nil", + config: &OAuth2{ + ClientID: SecretOrConfigMap{Secret: &v1.SecretKeySelector{}}, + ClientSecret: v1.SecretKeySelector{}, + TokenURL: "http://tokenurl.org", + TLSConfig: &SafeTLSConfig{ + MinVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion10), + MaxVersion: func(v TLSVersion) *TLSVersion { return &v }(TLSVersion13), + }, + }, + err: false, + }, + } { + t.Run(tc.name, func(t *testing.T) { + err := tc.config.Validate() + if tc.err { + if err == nil { + t.Fatal("expected error but got none") + } + return + } + + if err != nil { + t.Fatalf("expected no error but got: %s", err) + } + }) + } +} diff --git a/pkg/apis/monitoring/v1/zz_generated.deepcopy.go b/pkg/apis/monitoring/v1/zz_generated.deepcopy.go index 51c19b2b59a..11bf191b737 100644 --- a/pkg/apis/monitoring/v1/zz_generated.deepcopy.go +++ b/pkg/apis/monitoring/v1/zz_generated.deepcopy.go @@ -141,6 +141,11 @@ func (in *AlertmanagerConfiguration) DeepCopy() *AlertmanagerConfiguration { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AlertmanagerEndpoints) DeepCopyInto(out *AlertmanagerEndpoints) { *out = *in + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(string) + **out = **in + } out.Port = in.Port if in.TLSConfig != nil { in, out := &in.TLSConfig, &out.TLSConfig @@ -351,6 +356,16 @@ func (in *AlertmanagerSpec) DeepCopyInto(out *AlertmanagerSpec) { *out = new(corev1.PodSecurityContext) (*in).DeepCopyInto(*out) } + if in.DNSPolicy != nil { + in, out := &in.DNSPolicy, &out.DNSPolicy + *out = new(DNSPolicy) + **out = **in + } + if in.DNSConfig != nil { + in, out := &in.DNSConfig, &out.DNSConfig + *out = new(PodDNSConfig) + (*in).DeepCopyInto(*out) + } if in.Containers != nil { in, out := &in.Containers, &out.Containers *out = make([]corev1.Container, len(*in)) @@ -386,6 +401,7 @@ func (in *AlertmanagerSpec) DeepCopyInto(out *AlertmanagerSpec) { *out = new(metav1.LabelSelector) (*in).DeepCopyInto(*out) } + out.AlertmanagerConfigMatcherStrategy = in.AlertmanagerConfigMatcherStrategy if in.MinReadySeconds != nil { in, out := &in.MinReadySeconds, &out.MinReadySeconds *out = new(uint32) @@ -737,6 +753,11 @@ func (in *CommonPrometheusFields) DeepCopyInto(out *CommonPrometheusFields) { (*out)[key] = val } } + if in.RemoteWriteReceiverMessageVersions != nil { + in, out := &in.RemoteWriteReceiverMessageVersions, &out.RemoteWriteReceiverMessageVersions + *out = make([]RemoteWriteMessageVersion, len(*in)) + copy(*out, *in) + } if in.EnableFeatures != nil { in, out := &in.EnableFeatures, &out.EnableFeatures *out = make([]EnableFeature, len(*in)) @@ -820,11 +841,26 @@ func (in *CommonPrometheusFields) DeepCopyInto(out *CommonPrometheusFields) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.OTLP != nil { + in, out := &in.OTLP, &out.OTLP + *out = new(OTLPConfig) + (*in).DeepCopyInto(*out) + } if in.SecurityContext != nil { in, out := &in.SecurityContext, &out.SecurityContext *out = new(corev1.PodSecurityContext) (*in).DeepCopyInto(*out) } + if in.DNSPolicy != nil { + in, out := &in.DNSPolicy, &out.DNSPolicy + *out = new(DNSPolicy) + **out = **in + } + if in.DNSConfig != nil { + in, out := &in.DNSConfig, &out.DNSConfig + *out = new(PodDNSConfig) + (*in).DeepCopyInto(*out) + } if in.Containers != nil { in, out := &in.Containers, &out.Containers *out = make([]corev1.Container, len(*in)) @@ -969,6 +1005,16 @@ func (in *CommonPrometheusFields) DeepCopyInto(out *CommonPrometheusFields) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ServiceDiscoveryRole != nil { + in, out := &in.ServiceDiscoveryRole, &out.ServiceDiscoveryRole + *out = new(ServiceDiscoveryRole) + **out = **in + } + if in.TSDB != nil { + in, out := &in.TSDB, &out.TSDB + *out = new(TSDBSpec) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonPrometheusFields. @@ -1293,6 +1339,7 @@ func (in *HTTPConfig) DeepCopyInto(out *HTTPConfig) { *out = new(SafeTLSConfig) (*in).DeepCopyInto(*out) } + in.ProxyConfig.DeepCopyInto(&out.ProxyConfig) if in.FollowRedirects != nil { in, out := &in.FollowRedirects, &out.FollowRedirects *out = new(bool) @@ -1395,6 +1442,36 @@ func (in *NamespaceSelector) DeepCopy() *NamespaceSelector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NativeHistogramConfig) DeepCopyInto(out *NativeHistogramConfig) { + *out = *in + if in.ScrapeClassicHistograms != nil { + in, out := &in.ScrapeClassicHistograms, &out.ScrapeClassicHistograms + *out = new(bool) + **out = **in + } + if in.NativeHistogramBucketLimit != nil { + in, out := &in.NativeHistogramBucketLimit, &out.NativeHistogramBucketLimit + *out = new(uint64) + **out = **in + } + if in.NativeHistogramMinBucketFactor != nil { + in, out := &in.NativeHistogramMinBucketFactor, &out.NativeHistogramMinBucketFactor + x := (*in).DeepCopy() + *out = &x + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NativeHistogramConfig. +func (in *NativeHistogramConfig) DeepCopy() *NativeHistogramConfig { + if in == nil { + return nil + } + out := new(NativeHistogramConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OAuth2) DeepCopyInto(out *OAuth2) { *out = *in @@ -1412,6 +1489,12 @@ func (in *OAuth2) DeepCopyInto(out *OAuth2) { (*out)[key] = val } } + if in.TLSConfig != nil { + in, out := &in.TLSConfig, &out.TLSConfig + *out = new(SafeTLSConfig) + (*in).DeepCopyInto(*out) + } + in.ProxyConfig.DeepCopyInto(&out.ProxyConfig) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2. @@ -1439,6 +1522,26 @@ func (in *OAuth2ValidationError) DeepCopy() *OAuth2ValidationError { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OTLPConfig) DeepCopyInto(out *OTLPConfig) { + *out = *in + if in.PromoteResourceAttributes != nil { + in, out := &in.PromoteResourceAttributes, &out.PromoteResourceAttributes + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OTLPConfig. +func (in *OTLPConfig) DeepCopy() *OTLPConfig { + if in == nil { + return nil + } + out := new(OTLPConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { *out = *in @@ -1454,6 +1557,58 @@ func (in *ObjectReference) DeepCopy() *ObjectReference { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PodDNSConfig) DeepCopyInto(out *PodDNSConfig) { + *out = *in + if in.Nameservers != nil { + in, out := &in.Nameservers, &out.Nameservers + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Searches != nil { + in, out := &in.Searches, &out.Searches + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Options != nil { + in, out := &in.Options, &out.Options + *out = make([]PodDNSConfigOption, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDNSConfig. +func (in *PodDNSConfig) DeepCopy() *PodDNSConfig { + if in == nil { + return nil + } + out := new(PodDNSConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PodDNSConfigOption) DeepCopyInto(out *PodDNSConfigOption) { + *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDNSConfigOption. +func (in *PodDNSConfigOption) DeepCopy() *PodDNSConfigOption { + if in == nil { + return nil + } + out := new(PodDNSConfigOption) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PodMetricsEndpoint) DeepCopyInto(out *PodMetricsEndpoint) { *out = *in @@ -1648,6 +1803,7 @@ func (in *PodMonitorSpec) DeepCopyInto(out *PodMonitorSpec) { *out = new(uint64) **out = **in } + in.NativeHistogramConfig.DeepCopyInto(&out.NativeHistogramConfig) if in.KeepDroppedTargets != nil { in, out := &in.KeepDroppedTargets, &out.KeepDroppedTargets *out = new(uint64) @@ -1789,6 +1945,7 @@ func (in *ProbeSpec) DeepCopyInto(out *ProbeSpec) { *out = new(uint64) **out = **in } + in.NativeHistogramConfig.DeepCopyInto(&out.NativeHistogramConfig) if in.KeepDroppedTargets != nil { in, out := &in.KeepDroppedTargets, &out.KeepDroppedTargets *out = new(uint64) @@ -2058,6 +2215,11 @@ func (in *PrometheusRuleSpec) DeepCopy() *PrometheusRuleSpec { func (in *PrometheusSpec) DeepCopyInto(out *PrometheusSpec) { *out = *in in.CommonPrometheusFields.DeepCopyInto(&out.CommonPrometheusFields) + if in.Runtime != nil { + in, out := &in.Runtime, &out.Runtime + *out = new(RuntimeConfig) + (*in).DeepCopyInto(*out) + } out.Rules = in.Rules if in.PrometheusRulesExcludedFromEnforce != nil { in, out := &in.PrometheusRulesExcludedFromEnforce, &out.PrometheusRulesExcludedFromEnforce @@ -2111,6 +2273,11 @@ func (in *PrometheusSpec) DeepCopyInto(out *PrometheusSpec) { *out = new(Exemplars) (*in).DeepCopyInto(*out) } + if in.RuleQueryOffset != nil { + in, out := &in.RuleQueryOffset, &out.RuleQueryOffset + *out = new(Duration) + **out = **in + } out.TSDB = in.TSDB } @@ -2387,6 +2554,11 @@ func (in *RemoteReadSpec) DeepCopyInto(out *RemoteReadSpec) { (*out)[key] = val } } + if in.RemoteTimeout != nil { + in, out := &in.RemoteTimeout, &out.RemoteTimeout + *out = new(Duration) + **out = **in + } if in.Headers != nil { in, out := &in.Headers, &out.Headers *out = make(map[string]string, len(*in)) @@ -2440,6 +2612,16 @@ func (in *RemoteReadSpec) DeepCopy() *RemoteReadSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.MessageVersion != nil { + in, out := &in.MessageVersion, &out.MessageVersion + *out = new(RemoteWriteMessageVersion) + **out = **in + } if in.SendExemplars != nil { in, out := &in.SendExemplars, &out.SendExemplars *out = new(bool) @@ -2450,6 +2632,11 @@ func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { *out = new(bool) **out = **in } + if in.RemoteTimeout != nil { + in, out := &in.RemoteTimeout, &out.RemoteTimeout + *out = new(Duration) + **out = **in + } if in.Headers != nil { in, out := &in.Headers, &out.Headers *out = make(map[string]string, len(*in)) @@ -2575,6 +2762,11 @@ func (in *RuleGroup) DeepCopyInto(out *RuleGroup) { *out = new(Duration) **out = **in } + if in.QueryOffset != nil { + in, out := &in.QueryOffset, &out.QueryOffset + *out = new(Duration) + **out = **in + } if in.Rules != nil { in, out := &in.Rules, &out.Rules *out = make([]Rule, len(*in)) @@ -2630,6 +2822,26 @@ func (in *RulesAlert) DeepCopy() *RulesAlert { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RuntimeConfig) DeepCopyInto(out *RuntimeConfig) { + *out = *in + if in.GoGC != nil { + in, out := &in.GoGC, &out.GoGC + *out = new(int32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuntimeConfig. +func (in *RuntimeConfig) DeepCopy() *RuntimeConfig { + if in == nil { + return nil + } + out := new(RuntimeConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SafeAuthorization) DeepCopyInto(out *SafeAuthorization) { *out = *in @@ -2670,6 +2882,16 @@ func (in *SafeTLSConfig) DeepCopyInto(out *SafeTLSConfig) { *out = new(bool) **out = **in } + if in.MinVersion != nil { + in, out := &in.MinVersion, &out.MinVersion + *out = new(TLSVersion) + **out = **in + } + if in.MaxVersion != nil { + in, out := &in.MaxVersion, &out.MaxVersion + *out = new(TLSVersion) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SafeTLSConfig. @@ -2709,6 +2931,11 @@ func (in *ScrapeClass) DeepCopyInto(out *ScrapeClass) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.AttachMetadata != nil { + in, out := &in.AttachMetadata, &out.AttachMetadata + *out = new(AttachMetadata) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScrapeClass. @@ -2844,6 +3071,7 @@ func (in *ServiceMonitorSpec) DeepCopyInto(out *ServiceMonitorSpec) { *out = new(uint64) **out = **in } + in.NativeHistogramConfig.DeepCopyInto(&out.NativeHistogramConfig) if in.KeepDroppedTargets != nil { in, out := &in.KeepDroppedTargets, &out.KeepDroppedTargets *out = new(uint64) @@ -2961,6 +3189,11 @@ func (in *TLSConfig) DeepCopy() *TLSConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TSDBSpec) DeepCopyInto(out *TSDBSpec) { *out = *in + if in.OutOfOrderTimeWindow != nil { + in, out := &in.OutOfOrderTimeWindow, &out.OutOfOrderTimeWindow + *out = new(Duration) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TSDBSpec. @@ -3070,6 +3303,16 @@ func (in *ThanosRulerSpec) DeepCopyInto(out *ThanosRulerSpec) { *out = new(corev1.PodSecurityContext) (*in).DeepCopyInto(*out) } + if in.DNSPolicy != nil { + in, out := &in.DNSPolicy, &out.DNSPolicy + *out = new(DNSPolicy) + **out = **in + } + if in.DNSConfig != nil { + in, out := &in.DNSConfig, &out.DNSConfig + *out = new(PodDNSConfig) + (*in).DeepCopyInto(*out) + } if in.Storage != nil { in, out := &in.Storage, &out.Storage *out = new(StorageSpec) @@ -3419,9 +3662,9 @@ func (in *WebHTTPHeaders) DeepCopy() *WebHTTPHeaders { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WebTLSConfig) DeepCopyInto(out *WebTLSConfig) { *out = *in - in.KeySecret.DeepCopyInto(&out.KeySecret) in.Cert.DeepCopyInto(&out.Cert) in.ClientCA.DeepCopyInto(&out.ClientCA) + in.KeySecret.DeepCopyInto(&out.KeySecret) if in.CipherSuites != nil { in, out := &in.CipherSuites, &out.CipherSuites *out = make([]string, len(*in)) diff --git a/pkg/apis/monitoring/v1alpha1/alertmanager_config_types.go b/pkg/apis/monitoring/v1alpha1/alertmanager_config_types.go index de1f852ca14..68291372cf9 100644 --- a/pkg/apis/monitoring/v1alpha1/alertmanager_config_types.go +++ b/pkg/apis/monitoring/v1alpha1/alertmanager_config_types.go @@ -15,6 +15,7 @@ package v1alpha1 import ( + "bytes" "encoding/json" "errors" "fmt" @@ -63,9 +64,12 @@ type AlertmanagerConfigList struct { Items []*AlertmanagerConfig `json:"items"` } -// AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. -// By definition, the Alertmanager configuration only applies to alerts for which -// the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. +// AlertmanagerConfigSpec is a specification of the desired behavior of the +// Alertmanager configuration. +// By default, the Alertmanager configuration only applies to alerts for which +// the `namespace` label is equal to the namespace of the AlertmanagerConfig +// resource (see the `.spec.alertmanagerConfigMatcherStrategy` field of the +// Alertmanager CRD). type AlertmanagerConfigSpec struct { // The Alertmanager route definition for alerts matching the resource's // namespace. If present, it will be added to the generated Alertmanager @@ -143,7 +147,9 @@ func (r *Route) ChildRoutes() ([]Route, error) { out := make([]Route, len(r.Routes)) for i, v := range r.Routes { - if err := json.Unmarshal(v.Raw, &out[i]); err != nil { + dec := json.NewDecoder(bytes.NewBuffer(v.Raw)) + dec.DisallowUnknownFields() + if err := dec.Decode(&out[i]); err != nil { return nil, fmt.Errorf("route[%d]: %w", i, err) } } @@ -616,9 +622,16 @@ type HTTPConfig struct { // TLS configuration for the client. // +optional TLSConfig *monitoringv1.SafeTLSConfig `json:"tlsConfig,omitempty"` + // Optional proxy URL. + // + // If defined, this field takes precedence over `proxyUrl`. + // // +optional - ProxyURL string `json:"proxyURL,omitempty"` + ProxyURLOriginal *string `json:"proxyURL,omitempty"` + + monitoringv1.ProxyConfig `json:",inline"` + // FollowRedirects specifies whether the client should follow HTTP 3xx redirects. // +optional FollowRedirects *bool `json:"followRedirects,omitempty"` diff --git a/pkg/apis/monitoring/v1alpha1/prometheusagent_types.go b/pkg/apis/monitoring/v1alpha1/prometheusagent_types.go index 139d016e556..62b6c4a5a02 100644 --- a/pkg/apis/monitoring/v1alpha1/prometheusagent_types.go +++ b/pkg/apis/monitoring/v1alpha1/prometheusagent_types.go @@ -53,7 +53,9 @@ func (l *PrometheusAgent) GetStatus() monitoringv1.PrometheusStatus { // +genclient:method=GetScale,verb=get,subresource=scale,result=k8s.io/api/autoscaling/v1.Scale // +genclient:method=UpdateScale,verb=update,subresource=scale,input=k8s.io/api/autoscaling/v1.Scale,result=k8s.io/api/autoscaling/v1.Scale -// PrometheusAgent defines a Prometheus agent deployment. +// The `PrometheusAgent` custom resource definition (CRD) defines a desired [Prometheus Agent](https://prometheus.io/blog/2021/11/16/agent/) setup to run in a Kubernetes cluster. +// +// The CRD is very similar to the `Prometheus` CRD except for features which aren't available in agent mode like rule evaluation, persistent storage and Thanos sidecar. type PrometheusAgent struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/pkg/apis/monitoring/v1alpha1/scrapeconfig_test.go b/pkg/apis/monitoring/v1alpha1/scrapeconfig_test.go index 593f5a23f0a..625ceb84bcf 100644 --- a/pkg/apis/monitoring/v1alpha1/scrapeconfig_test.go +++ b/pkg/apis/monitoring/v1alpha1/scrapeconfig_test.go @@ -16,7 +16,6 @@ package v1alpha1 import ( "encoding/json" - v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" "testing" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -37,7 +36,7 @@ func TestMarshallScrapeConfig(t *testing.T) { []Target{ "test", }, - map[v1.LabelName]string{}, + map[string]string{}, }, }, }, diff --git a/pkg/apis/monitoring/v1alpha1/scrapeconfig_types.go b/pkg/apis/monitoring/v1alpha1/scrapeconfig_types.go index 7e510c1bf76..845c9a6cdda 100644 --- a/pkg/apis/monitoring/v1alpha1/scrapeconfig_types.go +++ b/pkg/apis/monitoring/v1alpha1/scrapeconfig_types.go @@ -28,6 +28,7 @@ const ( ) // Target represents a target for Prometheus to scrape +// kubebuilder:validation:MinLength:=1 type Target string // SDFile represents a file used for service discovery @@ -37,11 +38,12 @@ type SDFile string // NamespaceDiscovery is the configuration for discovering // Kubernetes namespaces. type NamespaceDiscovery struct { - // Includes the namespace in which the Prometheus pod exists to the list of watched namesapces. + // Includes the namespace in which the Prometheus pod runs to the list of watched namespaces. // +optional IncludeOwnNamespace *bool `json:"ownNamespace,omitempty"` // List of namespaces where to watch for resources. // If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces. + // +listType=set // +optional Names []string `json:"names,omitempty"` } @@ -56,40 +58,53 @@ type AttachMetadata struct { Node *bool `json:"node,omitempty"` } -// EC2Filter is the configuration for filtering EC2 instances. -type EC2Filter struct { - Name string `json:"name"` - Values []string `json:"values"` -} - -// DockerFilter is the configuration to limit the discovery process to a subset of available resources. -type DockerFilter struct { - Name string `json:"name"` - Values []string `json:"values"` -} - -// Filter is the configuration to limit the discovery process to a subset of available resources. -type DockerSwarmFilter struct { - // Name is the key of the field to check against. +// Filter name and value pairs to limit the discovery process to a subset of available resources. +type Filter struct { + // Name of the Filter. // +kubebuilder:vaidation:MinLength=1 // +required Name string `json:"name"` - // Values is the value or set of values to check for a match. + // Value to filter on. + // // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:items:MinLength=1 + // +listType=set // +required Values []string `json:"values"` } -// Role is role of the service in Kubernetes. -// +kubebuilder:validation:Enum=Node;node;Service;service;Pod;pod;Endpoints;endpoints;EndpointSlice;endpointslice;Ingress;ingress -type Role string +// +listType:=map +// +listMapKey:=name +type Filters []Filter + +// +kubebuilder:validation:Enum=Pod;Endpoints;Ingress;Service;Node;EndpointSlice +type KubernetesRole string + +const ( + KubernetesRolePod KubernetesRole = "Pod" + KubernetesRoleEndpoint KubernetesRole = "Endpoints" + KubernetesRoleIngress KubernetesRole = "Ingress" + KubernetesRoleService KubernetesRole = "Service" + KubernetesRoleNode KubernetesRole = "Node" + KubernetesRoleEndpointSlice KubernetesRole = "EndpointSlice" +) // K8SSelectorConfig is Kubernetes Selector Config type K8SSelectorConfig struct { - // +kubebuilder:validation:Required - Role Role `json:"role"` - Label string `json:"label,omitempty"` - Field string `json:"field,omitempty"` + // Role specifies the type of Kubernetes resource to limit the service discovery to. + // Accepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress. + // +required + Role KubernetesRole `json:"role"` + // An optional label selector to limit the service discovery to resources with specific labels and label values. + // e.g: `node.kubernetes.io/instance-type=master` + // +kubebuilder:validation:MinLength=1 + // +optional + Label *string `json:"label,omitempty"` + // An optional field selector to limit the service discovery to resources which have fields with specific values. + // e.g: `metadata.name=foobar` + // +kubebuilder:validation:MinLength=1 + // +optional + Field *string `json:"field,omitempty"` } // +genclient @@ -136,8 +151,8 @@ type ScrapeConfigSpec struct { // operator to prevent duplicate job names, which Prometheus does not allow. Instead the // `job` label is set by means of relabeling configs. // - // +optional // +kubebuilder:validation:MinLength=1 + // +optional JobName *string `json:"jobName,omitempty"` // StaticConfigs defines a list of static targets with a common label set. // +optional @@ -189,7 +204,7 @@ type ScrapeConfigSpec struct { HetznerSDConfigs []HetznerSDConfig `json:"hetznerSDConfigs,omitempty"` // NomadSDConfigs defines a list of Nomad service discovery configurations. // +optional - NomadSDConfigs []NomadSDConfig `json:"NomadSDConfigs,omitempty"` + NomadSDConfigs []NomadSDConfig `json:"nomadSDConfigs,omitempty"` // DockerswarmSDConfigs defines a list of Dockerswarm service discovery configurations. // +optional DockerSwarmSDConfigs []DockerSwarmSDConfig `json:"dockerSwarmSDConfigs,omitempty"` @@ -202,13 +217,21 @@ type ScrapeConfigSpec struct { // OVHCloudSDConfigs defines a list of OVHcloud service discovery configurations. // +optional OVHCloudSDConfigs []OVHCloudSDConfig `json:"ovhcloudSDConfigs,omitempty"` + // ScalewaySDConfigs defines a list of Scaleway instances and baremetal service discovery configurations. + // +optional + ScalewaySDConfigs []ScalewaySDConfig `json:"scalewaySDConfigs,omitempty"` + // IonosSDConfigs defines a list of IONOS service discovery configurations. + // +optional + IonosSDConfigs []IonosSDConfig `json:"ionosSDConfigs,omitempty"` // RelabelConfigs defines how to rewrite the target's labels before scraping. // Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. // The original scrape job's name is available via the `__tmp_prometheus_job_name` label. // More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + // +kubebuilder:validation:MinItems:=1 // +optional RelabelConfigs []v1.RelabelConfig `json:"relabelings,omitempty"` // MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics). + // +kubebuilder:validation:MinLength:=1 // +optional MetricsPath *string `json:"metricsPath,omitempty"` // ScrapeInterval is the interval between consecutive scrapes. @@ -225,6 +248,7 @@ type ScrapeConfigSpec struct { // It requires Prometheus >= v2.49.0. // // +listType=set + // +kubebuilder:validation:MinItems:=1 // +optional ScrapeProtocols []v1.ScrapeProtocol `json:"scrapeProtocols,omitempty"` // HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. @@ -241,8 +265,8 @@ type ScrapeConfigSpec struct { // +optional HonorLabels *bool `json:"honorLabels,omitempty"` // Optional HTTP URL parameters - // +optional // +mapType:=atomic + // +optional Params map[string][]string `json:"params,omitempty"` // Configures the protocol scheme used for requests. // If empty, Prometheus uses HTTP by default. @@ -262,6 +286,9 @@ type ScrapeConfigSpec struct { // Authorization header to use on every scrape request. // +optional Authorization *v1.SafeAuthorization `json:"authorization,omitempty"` + // OAuth2 configuration to use on every scrape request. + // +optional + OAuth2 *v1.OAuth2 `json:"oauth2,omitempty"` // TLS configuration to use on every scrape request // +optional TLSConfig *v1.SafeTLSConfig `json:"tlsConfig,omitempty"` @@ -283,6 +310,8 @@ type ScrapeConfigSpec struct { // Only valid in Prometheus versions 2.27.0 and newer. // +optional LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` + + v1.NativeHistogramConfig `json:",inline"` // Per-scrape limit on the number of targets dropped by relabeling // that will be kept in memory. 0 means no limit. // @@ -291,15 +320,15 @@ type ScrapeConfigSpec struct { // +optional KeepDroppedTargets *uint64 `json:"keepDroppedTargets,omitempty"` // MetricRelabelConfigs to apply to samples before ingestion. + // +kubebuilder:validation:MinItems:=1 // +optional MetricRelabelConfigs []v1.RelabelConfig `json:"metricRelabelings,omitempty"` // ProxyConfig allows customizing the proxy behaviour for this scrape config. // +optional v1.ProxyConfig `json:",inline"` - // The scrape class to apply. - // +optional // +kubebuilder:validation:MinLength=1 + // +optional ScrapeClassName *string `json:"scrapeClass,omitempty"` } @@ -308,12 +337,14 @@ type ScrapeConfigSpec struct { // +k8s:openapi-gen=true type StaticConfig struct { // List of targets for this static configuration. - // +optional - Targets []Target `json:"targets,omitempty"` + // +kubebuilder:validation:MinItems:=1 + // +listType=set + // +required + Targets []Target `json:"targets"` // Labels assigned to all metrics scraped from the targets. // +mapType:=atomic // +optional - Labels map[v1.LabelName]string `json:"labels,omitempty"` + Labels map[string]string `json:"labels,omitempty"` } // FileSDConfig defines a Prometheus file service discovery configuration @@ -325,6 +356,8 @@ type FileSDConfig struct { // stored. // Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. // +kubebuilder:validation:MinItems:=1 + // +listType=set + // +required Files []SDFile `json:"files"` // RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files. // +optional @@ -338,6 +371,7 @@ type HTTPSDConfig struct { // URL from which the targets are fetched. // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:Pattern:="^http(s)?://.+$" + // +required URL string `json:"url"` // RefreshInterval configures the refresh interval at which Prometheus will re-query the // endpoint to update the target list. @@ -345,17 +379,27 @@ type HTTPSDConfig struct { RefreshInterval *v1.Duration `json:"refreshInterval,omitempty"` // BasicAuth information to authenticate against the target HTTP endpoint. // More info: https://prometheus.io/docs/operating/configuration/#endpoints + // Cannot be set at the same time as `authorization`, or `oAuth2`. // +optional BasicAuth *v1.BasicAuth `json:"basicAuth,omitempty"` // Authorization header configuration to authenticate against the target HTTP endpoint. + // Cannot be set at the same time as `oAuth2`, or `basicAuth`. // +optional Authorization *v1.SafeAuthorization `json:"authorization,omitempty"` + // Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + // Cannot be set at the same time as `authorization`, or `basicAuth`. + // +optional + OAuth2 *v1.OAuth2 `json:"oauth2,omitempty"` + v1.ProxyConfig `json:",inline"` // TLS configuration applying to the target HTTP endpoint. // +optional TLSConfig *v1.SafeTLSConfig `json:"tlsConfig,omitempty"` - // ProxyConfig allows customizing the proxy behaviour for this scrape config. + // Configure whether HTTP requests follow HTTP 3xx redirects. // +optional - v1.ProxyConfig `json:",inline"` + FollowRedirects *bool `json:"followRedirects,omitempty"` + // Whether to enable HTTP2. + // +optional + EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` } // KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API. @@ -367,11 +411,27 @@ type KubernetesSDConfig struct { // If left empty, Prometheus is assumed to run inside // of the cluster. It will discover API servers automatically and use the pod's // CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + // +kubebuilder:validation:MinLength=1 // +optional APIServer *string `json:"apiServer,omitempty"` // Role of the Kubernetes entities that should be discovered. + // Role `Endpointslice` requires Prometheus >= v2.21.0 // +required - Role Role `json:"role"` + Role KubernetesRole `json:"role"` + // Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces. + // +optional + Namespaces *NamespaceDiscovery `json:"namespaces,omitempty"` + // Optional metadata to attach to discovered targets. + // It requires Prometheus >= v2.35.0 when using the `Pod` role and + // Prometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles. + // +optional + AttachMetadata *AttachMetadata `json:"attachMetadata,omitempty"` + // Selector to select objects. + // It requires Prometheus >= v2.17.0 + // +optional + // +listType=map + // +listMapKey=role + Selectors []K8SSelectorConfig `json:"selectors,omitempty"` // BasicAuth information to use on every scrape request. // Cannot be set at the same time as `authorization`, or `oauth2`. // +optional @@ -383,9 +443,7 @@ type KubernetesSDConfig struct { // Optional OAuth 2.0 configuration. // Cannot be set at the same time as `authorization`, or `basicAuth`. // +optional - OAuth2 *v1.OAuth2 `json:"oauth2,omitempty"` - // ProxyConfig allows customizing the proxy behaviour for this scrape config. - // +optional + OAuth2 *v1.OAuth2 `json:"oauth2,omitempty"` v1.ProxyConfig `json:",inline"` // Configure whether HTTP requests follow HTTP 3xx redirects. // +optional @@ -393,22 +451,9 @@ type KubernetesSDConfig struct { // Whether to enable HTTP2. // +optional EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` - // TLS configuration to use on every scrape request. + // TLS configuration to connect to the Kubernetes API. // +optional TLSConfig *v1.SafeTLSConfig `json:"tlsConfig,omitempty"` - // Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces. - // +optional - Namespaces *NamespaceDiscovery `json:"namespaces,omitempty"` - // Optional metadata to attach to discovered targets. - // It requires Prometheus >= v2.35.0 for `pod` role and - // Prometheus >= v2.37.0 for `endpoints` and `endpointslice` roles. - // +optional - AttachMetadata *AttachMetadata `json:"attachMetadata,omitempty"` - // Selector to select objects. - // +optional - // +listType=map - // +listMapKey=role - Selectors []K8SSelectorConfig `json:"selectors,omitempty"` } // ConsulSDConfig defines a Consul service discovery configuration @@ -436,7 +481,7 @@ type ConsulSDConfig struct { // +optional Scheme *string `json:"scheme,omitempty"` // A list of services for which targets are retrieved. If omitted, all services are scraped. - // +listType:=atomic + // +listType=atomic // +optional Services []string `json:"services,omitempty"` // An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. @@ -486,6 +531,17 @@ type ConsulSDConfig struct { TLSConfig *v1.SafeTLSConfig `json:"tlsConfig,omitempty"` } +// +kubebuilder:validation:Enum=A;AAAA;MX;NS;SRV +type DNSRecordType string + +const ( + DNSRecordTypeA DNSRecordType = "A" + DNSRecordTypeSRV DNSRecordType = "SRV" + DNSRecordTypeAAAA DNSRecordType = "AAAA" + DNSRecordTypeMX DNSRecordType = "MX" + DNSRecordTypeNS DNSRecordType = "NS" +) + // DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. // The DNS servers to be contacted are read from /etc/resolv.conf. // See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config @@ -493,6 +549,8 @@ type ConsulSDConfig struct { type DNSSDConfig struct { // A list of DNS domain names to be queried. // +kubebuilder:validation:MinItems:=1 + // +kubebuilder:validation:items:MinLength=1 + // +required Names []string `json:"names"` // RefreshInterval configures the time after which the provided names are refreshed. // If not set, Prometheus uses its default value. @@ -501,26 +559,33 @@ type DNSSDConfig struct { // The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. // If not set, Prometheus uses its default value. // - // When set to NS, It requires Prometheus >= 2.49.0. + // When set to NS, it requires Prometheus >= v2.49.0. + // When set to MX, it requires Prometheus >= v2.38.0 // - // +kubebuilder:validation:Enum=SRV;A;AAAA;MX;NS // +optional - Type *string `json:"type"` + Type *DNSRecordType `json:"type,omitempty"` // The port number used if the query type is not SRV // Ignored for SRV records + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=65535 // +optional - Port *int `json:"port"` + Port *int32 `json:"port,omitempty"` } // EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. // The private IP address is used by default, but may be changed to the public IP address with relabeling. // The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets // See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config +// +// The EC2 service discovery requires AWS API keys or role ARN for authentication. +// BasicAuth, Authorization and OAuth2 fields are not present on purpose. +// // +k8s:openapi-gen=true type EC2SDConfig struct { - // The AWS region + // The AWS region. + // +kubebuilder:validation:MinLength=1 // +optional - Region *string `json:"region"` + Region *string `json:"region,omitempty"` // AccessKey is the AWS API key. // +optional AccessKey *corev1.SecretKeySelector `json:"accessKey,omitempty"` @@ -528,21 +593,38 @@ type EC2SDConfig struct { // +optional SecretKey *corev1.SecretKeySelector `json:"secretKey,omitempty"` // AWS Role ARN, an alternative to using AWS API keys. + // +kubebuilder:validation:MinLength=1 // +optional RoleARN *string `json:"roleARN,omitempty"` - // RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. - // +optional - RefreshInterval *v1.Duration `json:"refreshInterval,omitempty"` // The port to scrape metrics from. If using the public IP address, this must // instead be specified in the relabeling rule. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=65535 // +optional - Port *int `json:"port"` + Port *int32 `json:"port,omitempty"` + // RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list. + // +optional + RefreshInterval *v1.Duration `json:"refreshInterval,omitempty"` // Filters can be used optionally to filter the instance list by other criteria. // Available filter criteria can be found here: // https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html // Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + // It requires Prometheus >= v2.3.0 + // +optional + Filters Filters `json:"filters,omitempty"` + v1.ProxyConfig `json:",inline"` + // TLS configuration to connect to the AWS EC2 API. + // It requires Prometheus >= v2.41.0 + // +optional + TLSConfig *v1.SafeTLSConfig `json:"tlsConfig,omitempty"` + // Configure whether HTTP requests follow HTTP 3xx redirects. + // It requires Prometheus >= v2.41.0 + // +optional + FollowRedirects *bool `json:"followRedirects,omitempty"` + // Whether to enable HTTP2. + // It requires Prometheus >= v2.41.0 // +optional - Filters []*EC2Filter `json:"filters"` + EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` } // AzureSDConfig allow retrieving scrape targets from Azure VMs. @@ -834,9 +916,15 @@ type DockerSDConfig struct { // The host to use if the container is in host networking mode. // +optional HostNetworkingHost *string `json:"hostNetworkingHost,omitempty"` + // Configure whether to match the first network if the container has multiple networks defined. + // If unset, Prometheus uses true by default. + // It requires Prometheus >= v2.54.1. + // + // +optional + MatchFirstNetwork *bool `json:"matchFirstNetwork,omitempty"` // Optional filters to limit the discovery process to a subset of the available resources. // +optional - Filters *[]DockerFilter `json:"filters,omitempty"` + Filters Filters `json:"filters,omitempty"` // Time after which the container is refreshed. // +optional RefreshInterval *v1.Duration `json:"refreshInterval,omitempty"` @@ -1002,7 +1090,7 @@ type DockerSwarmSDConfig struct { // Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList // Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList // +optional - Filters []DockerSwarmFilter `json:"filters"` + Filters Filters `json:"filters,omitempty"` // The time after which the service discovery data is refreshed. // +optional RefreshInterval *v1.Duration `json:"refreshInterval,omitempty"` @@ -1168,3 +1256,99 @@ type LightSailSDConfig struct { // +optional EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` } + +// Role of the targets to retrieve. Must be `Instance` or `Baremetal`. +// +kubebuilder:validation:Enum=Instance;Baremetal +type ScalewayRole string + +const ( + ScalewayRoleInstance ScalewayRole = "Instance" + ScalewayRoleBaremetal ScalewayRole = "Baremetal" +) + +// ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services. +// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config +// TODO: Need to document that we will not be supporting the `_file` fields. +type ScalewaySDConfig struct { + // Access key to use. https://console.scaleway.com/project/credentials + // +kubebuilder:validation:MinLength=1 + // +required + AccessKey string `json:"accessKey"` + // Secret key to use when listing targets. + // +required + SecretKey corev1.SecretKeySelector `json:"secretKey"` + // Project ID of the targets. + // +kubebuilder:validation:MinLength=1 + // +required + ProjectID string `json:"projectID"` + // Service of the targets to retrieve. Must be `Instance` or `Baremetal`. + // +required + Role ScalewayRole `json:"role"` + // The port to scrape metrics from. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=65535 + // +optional + Port *int32 `json:"port,omitempty"` + // API URL to use when doing the server listing requests. + // +kubebuilder:validation:Pattern:="^http(s)?://.+$" + // +optional + ApiURL *string `json:"apiURL,omitempty"` + // Zone is the availability zone of your targets (e.g. fr-par-1). + // +kubebuilder:validation:MinLength=1 + // +optional + Zone *string `json:"zone,omitempty"` + // NameFilter specify a name filter (works as a LIKE) to apply on the server listing request. + // +kubebuilder:validation:MinLength=1 + // +optional + NameFilter *string `json:"nameFilter,omitempty"` + // TagsFilter specify a tag filter (a server needs to have all defined tags to be listed) to apply on the server listing request. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:items:MinLength=1 + // +listType=set + // +optional + TagsFilter []string `json:"tagsFilter,omitempty"` + // Refresh interval to re-read the list of instances. + // +optional + RefreshInterval *v1.Duration `json:"refreshInterval,omitempty"` + // +optional + v1.ProxyConfig `json:",inline"` + // Configure whether HTTP requests follow HTTP 3xx redirects. + // +optional + FollowRedirects *bool `json:"followRedirects,omitempty"` + // Whether to enable HTTP2. + // +optional + EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` + // TLS configuration to use on every scrape request + // +optional + TLSConfig *v1.SafeTLSConfig `json:"tlsConfig,omitempty"` +} + +// IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. +// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config +type IonosSDConfig struct { + // The unique ID of the IONOS data center. + // +kubebuilder:validation:MinLength=1 + // +required + DataCenterID string `json:"datacenterID"` + // Port to scrape the metrics from. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=65535 + // +optional + Port *int32 `json:"port,omitempty"` + // Refresh interval to re-read the list of resources. + // +optional + RefreshInterval *v1.Duration `json:"refreshInterval,omitempty"` + // Authorization` header configuration, required when using IONOS. + // +required + Authorization v1.SafeAuthorization `json:"authorization"` + v1.ProxyConfig `json:",inline"` + // TLS configuration to use when connecting to the IONOS API. + // +optional + TLSConfig *v1.SafeTLSConfig `json:"tlsConfig,omitempty"` + // Configure whether the HTTP requests should follow HTTP 3xx redirects. + // +optional + FollowRedirects *bool `json:"followRedirects,omitempty"` + // Configure whether to enable HTTP2. + // +optional + EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` +} diff --git a/pkg/apis/monitoring/v1alpha1/validation.go b/pkg/apis/monitoring/v1alpha1/validation.go index 995f4675ff3..ed1b849b746 100644 --- a/pkg/apis/monitoring/v1alpha1/validation.go +++ b/pkg/apis/monitoring/v1alpha1/validation.go @@ -61,6 +61,10 @@ func (hc *HTTPConfig) Validate() error { } } + if err := hc.ProxyConfig.Validate(); err != nil { + return err + } + return nil } diff --git a/pkg/apis/monitoring/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/monitoring/v1alpha1/zz_generated.deepcopy.go index 586b27abed6..c5ac6c1c571 100644 --- a/pkg/apis/monitoring/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/monitoring/v1alpha1/zz_generated.deepcopy.go @@ -304,12 +304,12 @@ func (in *DNSSDConfig) DeepCopyInto(out *DNSSDConfig) { } if in.Type != nil { in, out := &in.Type, &out.Type - *out = new(string) + *out = new(DNSRecordType) **out = **in } if in.Port != nil { in, out := &in.Port, &out.Port - *out = new(int) + *out = new(int32) **out = **in } } @@ -426,26 +426,6 @@ func (in *DiscordConfig) DeepCopy() *DiscordConfig { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DockerFilter) DeepCopyInto(out *DockerFilter) { - *out = *in - if in.Values != nil { - in, out := &in.Values, &out.Values - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DockerFilter. -func (in *DockerFilter) DeepCopy() *DockerFilter { - if in == nil { - return nil - } - out := new(DockerFilter) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DockerSDConfig) DeepCopyInto(out *DockerSDConfig) { *out = *in @@ -465,15 +445,16 @@ func (in *DockerSDConfig) DeepCopyInto(out *DockerSDConfig) { *out = new(string) **out = **in } + if in.MatchFirstNetwork != nil { + in, out := &in.MatchFirstNetwork, &out.MatchFirstNetwork + *out = new(bool) + **out = **in + } if in.Filters != nil { in, out := &in.Filters, &out.Filters - *out = new([]DockerFilter) - if **in != nil { - in, out := *in, *out - *out = make([]DockerFilter, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = make(Filters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) } } if in.RefreshInterval != nil { @@ -518,26 +499,6 @@ func (in *DockerSDConfig) DeepCopy() *DockerSDConfig { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DockerSwarmFilter) DeepCopyInto(out *DockerSwarmFilter) { - *out = *in - if in.Values != nil { - in, out := &in.Values, &out.Values - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DockerSwarmFilter. -func (in *DockerSwarmFilter) DeepCopy() *DockerSwarmFilter { - if in == nil { - return nil - } - out := new(DockerSwarmFilter) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DockerSwarmSDConfig) DeepCopyInto(out *DockerSwarmSDConfig) { *out = *in @@ -548,7 +509,7 @@ func (in *DockerSwarmSDConfig) DeepCopyInto(out *DockerSwarmSDConfig) { } if in.Filters != nil { in, out := &in.Filters, &out.Filters - *out = make([]DockerSwarmFilter, len(*in)) + *out = make(Filters, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -601,26 +562,6 @@ func (in *DockerSwarmSDConfig) DeepCopy() *DockerSwarmSDConfig { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EC2Filter) DeepCopyInto(out *EC2Filter) { - *out = *in - if in.Values != nil { - in, out := &in.Values, &out.Values - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EC2Filter. -func (in *EC2Filter) DeepCopy() *EC2Filter { - if in == nil { - return nil - } - out := new(EC2Filter) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EC2SDConfig) DeepCopyInto(out *EC2SDConfig) { *out = *in @@ -644,27 +585,39 @@ func (in *EC2SDConfig) DeepCopyInto(out *EC2SDConfig) { *out = new(string) **out = **in } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(int32) + **out = **in + } if in.RefreshInterval != nil { in, out := &in.RefreshInterval, &out.RefreshInterval *out = new(monitoringv1.Duration) **out = **in } - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(int) - **out = **in - } if in.Filters != nil { in, out := &in.Filters, &out.Filters - *out = make([]*EC2Filter, len(*in)) + *out = make(Filters, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(EC2Filter) - (*in).DeepCopyInto(*out) - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } + in.ProxyConfig.DeepCopyInto(&out.ProxyConfig) + if in.TLSConfig != nil { + in, out := &in.TLSConfig, &out.TLSConfig + *out = new(monitoringv1.SafeTLSConfig) + (*in).DeepCopyInto(*out) + } + if in.FollowRedirects != nil { + in, out := &in.FollowRedirects, &out.FollowRedirects + *out = new(bool) + **out = **in + } + if in.EnableHTTP2 != nil { + in, out := &in.EnableHTTP2, &out.EnableHTTP2 + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EC2SDConfig. @@ -808,6 +761,47 @@ func (in *FileSDConfig) DeepCopy() *FileSDConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Filter) DeepCopyInto(out *Filter) { + *out = *in + if in.Values != nil { + in, out := &in.Values, &out.Values + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Filter. +func (in *Filter) DeepCopy() *Filter { + if in == nil { + return nil + } + out := new(Filter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in Filters) DeepCopyInto(out *Filters) { + { + in := &in + *out = make(Filters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Filters. +func (in Filters) DeepCopy() Filters { + if in == nil { + return nil + } + out := new(Filters) + in.DeepCopyInto(out) + return *out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GCESDConfig) DeepCopyInto(out *GCESDConfig) { *out = *in @@ -871,6 +865,12 @@ func (in *HTTPConfig) DeepCopyInto(out *HTTPConfig) { *out = new(monitoringv1.SafeTLSConfig) (*in).DeepCopyInto(*out) } + if in.ProxyURLOriginal != nil { + in, out := &in.ProxyURLOriginal, &out.ProxyURLOriginal + *out = new(string) + **out = **in + } + in.ProxyConfig.DeepCopyInto(&out.ProxyConfig) if in.FollowRedirects != nil { in, out := &in.FollowRedirects, &out.FollowRedirects *out = new(bool) @@ -906,12 +906,27 @@ func (in *HTTPSDConfig) DeepCopyInto(out *HTTPSDConfig) { *out = new(monitoringv1.SafeAuthorization) (*in).DeepCopyInto(*out) } + if in.OAuth2 != nil { + in, out := &in.OAuth2, &out.OAuth2 + *out = new(monitoringv1.OAuth2) + (*in).DeepCopyInto(*out) + } + in.ProxyConfig.DeepCopyInto(&out.ProxyConfig) if in.TLSConfig != nil { in, out := &in.TLSConfig, &out.TLSConfig *out = new(monitoringv1.SafeTLSConfig) (*in).DeepCopyInto(*out) } - in.ProxyConfig.DeepCopyInto(&out.ProxyConfig) + if in.FollowRedirects != nil { + in, out := &in.FollowRedirects, &out.FollowRedirects + *out = new(bool) + **out = **in + } + if in.EnableHTTP2 != nil { + in, out := &in.EnableHTTP2, &out.EnableHTTP2 + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPSDConfig. @@ -1010,9 +1025,61 @@ func (in *InhibitRule) DeepCopy() *InhibitRule { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IonosSDConfig) DeepCopyInto(out *IonosSDConfig) { + *out = *in + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(int32) + **out = **in + } + if in.RefreshInterval != nil { + in, out := &in.RefreshInterval, &out.RefreshInterval + *out = new(monitoringv1.Duration) + **out = **in + } + in.Authorization.DeepCopyInto(&out.Authorization) + in.ProxyConfig.DeepCopyInto(&out.ProxyConfig) + if in.TLSConfig != nil { + in, out := &in.TLSConfig, &out.TLSConfig + *out = new(monitoringv1.SafeTLSConfig) + (*in).DeepCopyInto(*out) + } + if in.FollowRedirects != nil { + in, out := &in.FollowRedirects, &out.FollowRedirects + *out = new(bool) + **out = **in + } + if in.EnableHTTP2 != nil { + in, out := &in.EnableHTTP2, &out.EnableHTTP2 + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IonosSDConfig. +func (in *IonosSDConfig) DeepCopy() *IonosSDConfig { + if in == nil { + return nil + } + out := new(IonosSDConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *K8SSelectorConfig) DeepCopyInto(out *K8SSelectorConfig) { *out = *in + if in.Label != nil { + in, out := &in.Label, &out.Label + *out = new(string) + **out = **in + } + if in.Field != nil { + in, out := &in.Field, &out.Field + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new K8SSelectorConfig. @@ -1048,6 +1115,23 @@ func (in *KubernetesSDConfig) DeepCopyInto(out *KubernetesSDConfig) { *out = new(string) **out = **in } + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = new(NamespaceDiscovery) + (*in).DeepCopyInto(*out) + } + if in.AttachMetadata != nil { + in, out := &in.AttachMetadata, &out.AttachMetadata + *out = new(AttachMetadata) + (*in).DeepCopyInto(*out) + } + if in.Selectors != nil { + in, out := &in.Selectors, &out.Selectors + *out = make([]K8SSelectorConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.BasicAuth != nil { in, out := &in.BasicAuth, &out.BasicAuth *out = new(monitoringv1.BasicAuth) @@ -1079,21 +1163,6 @@ func (in *KubernetesSDConfig) DeepCopyInto(out *KubernetesSDConfig) { *out = new(monitoringv1.SafeTLSConfig) (*in).DeepCopyInto(*out) } - if in.Namespaces != nil { - in, out := &in.Namespaces, &out.Namespaces - *out = new(NamespaceDiscovery) - (*in).DeepCopyInto(*out) - } - if in.AttachMetadata != nil { - in, out := &in.AttachMetadata, &out.AttachMetadata - *out = new(AttachMetadata) - (*in).DeepCopyInto(*out) - } - if in.Selectors != nil { - in, out := &in.Selectors, &out.Selectors - *out = make([]K8SSelectorConfig, len(*in)) - copy(*out, *in) - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSDConfig. @@ -2119,6 +2188,68 @@ func (in *SNSConfig) DeepCopy() *SNSConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScalewaySDConfig) DeepCopyInto(out *ScalewaySDConfig) { + *out = *in + in.SecretKey.DeepCopyInto(&out.SecretKey) + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(int32) + **out = **in + } + if in.ApiURL != nil { + in, out := &in.ApiURL, &out.ApiURL + *out = new(string) + **out = **in + } + if in.Zone != nil { + in, out := &in.Zone, &out.Zone + *out = new(string) + **out = **in + } + if in.NameFilter != nil { + in, out := &in.NameFilter, &out.NameFilter + *out = new(string) + **out = **in + } + if in.TagsFilter != nil { + in, out := &in.TagsFilter, &out.TagsFilter + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.RefreshInterval != nil { + in, out := &in.RefreshInterval, &out.RefreshInterval + *out = new(monitoringv1.Duration) + **out = **in + } + in.ProxyConfig.DeepCopyInto(&out.ProxyConfig) + if in.FollowRedirects != nil { + in, out := &in.FollowRedirects, &out.FollowRedirects + *out = new(bool) + **out = **in + } + if in.EnableHTTP2 != nil { + in, out := &in.EnableHTTP2, &out.EnableHTTP2 + *out = new(bool) + **out = **in + } + if in.TLSConfig != nil { + in, out := &in.TLSConfig, &out.TLSConfig + *out = new(monitoringv1.SafeTLSConfig) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScalewaySDConfig. +func (in *ScalewaySDConfig) DeepCopy() *ScalewaySDConfig { + if in == nil { + return nil + } + out := new(ScalewaySDConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ScrapeConfig) DeepCopyInto(out *ScrapeConfig) { *out = *in @@ -2320,6 +2451,20 @@ func (in *ScrapeConfigSpec) DeepCopyInto(out *ScrapeConfigSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ScalewaySDConfigs != nil { + in, out := &in.ScalewaySDConfigs, &out.ScalewaySDConfigs + *out = make([]ScalewaySDConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.IonosSDConfigs != nil { + in, out := &in.IonosSDConfigs, &out.IonosSDConfigs + *out = make([]IonosSDConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.RelabelConfigs != nil { in, out := &in.RelabelConfigs, &out.RelabelConfigs *out = make([]monitoringv1.RelabelConfig, len(*in)) @@ -2398,6 +2543,11 @@ func (in *ScrapeConfigSpec) DeepCopyInto(out *ScrapeConfigSpec) { *out = new(monitoringv1.SafeAuthorization) (*in).DeepCopyInto(*out) } + if in.OAuth2 != nil { + in, out := &in.OAuth2, &out.OAuth2 + *out = new(monitoringv1.OAuth2) + (*in).DeepCopyInto(*out) + } if in.TLSConfig != nil { in, out := &in.TLSConfig, &out.TLSConfig *out = new(monitoringv1.SafeTLSConfig) @@ -2428,6 +2578,7 @@ func (in *ScrapeConfigSpec) DeepCopyInto(out *ScrapeConfigSpec) { *out = new(uint64) **out = **in } + in.NativeHistogramConfig.DeepCopyInto(&out.NativeHistogramConfig) if in.KeepDroppedTargets != nil { in, out := &in.KeepDroppedTargets, &out.KeepDroppedTargets *out = new(uint64) @@ -2572,7 +2723,7 @@ func (in *StaticConfig) DeepCopyInto(out *StaticConfig) { } if in.Labels != nil { in, out := &in.Labels, &out.Labels - *out = make(map[monitoringv1.LabelName]string, len(*in)) + *out = make(map[string]string, len(*in)) for key, val := range *in { (*out)[key] = val } diff --git a/pkg/apis/monitoring/v1beta1/alertmanager_config_types.go b/pkg/apis/monitoring/v1beta1/alertmanager_config_types.go index 7fd26eac4de..201b99c76e7 100644 --- a/pkg/apis/monitoring/v1beta1/alertmanager_config_types.go +++ b/pkg/apis/monitoring/v1beta1/alertmanager_config_types.go @@ -15,6 +15,7 @@ package v1beta1 import ( + "bytes" "encoding/json" "errors" "fmt" @@ -42,8 +43,9 @@ const ( // +k8s:openapi-gen=true // +kubebuilder:resource:categories="prometheus-operator",shortName="amcfg" -// AlertmanagerConfig configures the Prometheus Alertmanager, -// specifying how alerts should be grouped, inhibited and notified to external systems. +// The `AlertmanagerConfig` custom resource definition (CRD) defines how `Alertmanager` objects process Prometheus alerts. It allows to specify alert grouping and routing, notification receivers and inhibition rules. +// +// `Alertmanager` objects select `AlertmanagerConfig` objects using label and namespace selectors. type AlertmanagerConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -142,7 +144,9 @@ func (r *Route) ChildRoutes() ([]Route, error) { out := make([]Route, len(r.Routes)) for i, v := range r.Routes { - if err := json.Unmarshal(v.Raw, &out[i]); err != nil { + dec := json.NewDecoder(bytes.NewBuffer(v.Raw)) + dec.DisallowUnknownFields() + if err := dec.Decode(&out[i]); err != nil { return nil, fmt.Errorf("route[%d]: %w", i, err) } } @@ -611,9 +615,16 @@ type HTTPConfig struct { // TLS configuration for the client. // +optional TLSConfig *monitoringv1.SafeTLSConfig `json:"tlsConfig,omitempty"` + // Optional proxy URL. + // + // If defined, this field takes precedence over `proxyUrl`. + // // +optional - ProxyURL string `json:"proxyURL,omitempty"` + ProxyURLOriginal *string `json:"proxyURL,omitempty"` + + monitoringv1.ProxyConfig `json:",inline"` + // FollowRedirects specifies whether the client should follow HTTP 3xx redirects. // +optional FollowRedirects *bool `json:"followRedirects,omitempty"` diff --git a/pkg/apis/monitoring/v1beta1/conversion_from.go b/pkg/apis/monitoring/v1beta1/conversion_from.go index 3b78bb66b67..6dfb984a07e 100644 --- a/pkg/apis/monitoring/v1beta1/conversion_from.go +++ b/pkg/apis/monitoring/v1beta1/conversion_from.go @@ -148,7 +148,8 @@ func convertHTTPConfigFrom(in *v1alpha1.HTTPConfig) *HTTPConfig { OAuth2: in.OAuth2, BearerTokenSecret: convertSecretKeySelectorFrom(in.BearerTokenSecret), TLSConfig: in.TLSConfig, - ProxyURL: in.ProxyURL, + ProxyURLOriginal: in.ProxyURLOriginal, + ProxyConfig: in.ProxyConfig, FollowRedirects: in.FollowRedirects, } } diff --git a/pkg/apis/monitoring/v1beta1/conversion_to.go b/pkg/apis/monitoring/v1beta1/conversion_to.go index 7c8e9088c82..de8c8251246 100644 --- a/pkg/apis/monitoring/v1beta1/conversion_to.go +++ b/pkg/apis/monitoring/v1beta1/conversion_to.go @@ -141,7 +141,8 @@ func convertHTTPConfigTo(in *HTTPConfig) *v1alpha1.HTTPConfig { OAuth2: in.OAuth2, BearerTokenSecret: convertSecretKeySelectorTo(in.BearerTokenSecret), TLSConfig: in.TLSConfig, - ProxyURL: in.ProxyURL, + ProxyURLOriginal: in.ProxyURLOriginal, + ProxyConfig: in.ProxyConfig, FollowRedirects: in.FollowRedirects, } } diff --git a/pkg/apis/monitoring/v1beta1/validation.go b/pkg/apis/monitoring/v1beta1/validation.go index 01e0322f277..1f5d1526054 100644 --- a/pkg/apis/monitoring/v1beta1/validation.go +++ b/pkg/apis/monitoring/v1beta1/validation.go @@ -61,6 +61,10 @@ func (hc *HTTPConfig) Validate() error { } } + if err := hc.ProxyConfig.Validate(); err != nil { + return err + } + return nil } diff --git a/pkg/apis/monitoring/v1beta1/zz_generated.deepcopy.go b/pkg/apis/monitoring/v1beta1/zz_generated.deepcopy.go index 7ed5e2bd886..d88bde07e67 100644 --- a/pkg/apis/monitoring/v1beta1/zz_generated.deepcopy.go +++ b/pkg/apis/monitoring/v1beta1/zz_generated.deepcopy.go @@ -244,6 +244,12 @@ func (in *HTTPConfig) DeepCopyInto(out *HTTPConfig) { *out = new(monitoringv1.SafeTLSConfig) (*in).DeepCopyInto(*out) } + if in.ProxyURLOriginal != nil { + in, out := &in.ProxyURLOriginal, &out.ProxyURLOriginal + *out = new(string) + **out = **in + } + in.ProxyConfig.DeepCopyInto(&out.ProxyConfig) if in.FollowRedirects != nil { in, out := &in.FollowRedirects, &out.FollowRedirects *out = new(bool) diff --git a/pkg/assets/interface.go b/pkg/assets/interface.go index 142d2d87fbe..b251ab125e0 100644 --- a/pkg/assets/interface.go +++ b/pkg/assets/interface.go @@ -26,4 +26,5 @@ type StoreGetter interface { GetSecretOrConfigMapKey(key monitoringv1.SecretOrConfigMap) (string, error) GetConfigMapKey(key v1.ConfigMapKeySelector) (string, error) GetSecretKey(key v1.SecretKeySelector) ([]byte, error) + TLSAsset(key interface{}) string } diff --git a/pkg/assets/store.go b/pkg/assets/store.go index 47a26b52065..b62d235fd32 100644 --- a/pkg/assets/store.go +++ b/pkg/assets/store.go @@ -101,16 +101,11 @@ func (s *StoreBuilder) AddBasicAuth(ctx context.Context, ns string, ba *monitori } // AddProxyConfig processes the given *ProxyConfig and adds the referenced credentials to the store. -func (s *StoreBuilder) AddProxyConfig(ctx context.Context, ns string, pc monitoringv1.ProxyConfig) error { - if len(pc.ProxyConnectHeader) <= 0 { - return nil - } - +func (s *StoreBuilder) AddProxyConfig(ctx context.Context, namespace string, pc monitoringv1.ProxyConfig) error { for k, v := range pc.ProxyConnectHeader { - for _, v1 := range v { - _, err := s.GetSecretKey(ctx, ns, v1) - if err != nil { - return fmt.Errorf("failed to get proxy config connect header: %s %w", k, err) + for index, sel := range v { + if _, err := s.GetSecretKey(ctx, namespace, sel); err != nil { + return fmt.Errorf("header[%s][%d]: %w", k, index, err) } } } @@ -138,6 +133,16 @@ func (s *StoreBuilder) AddOAuth2(ctx context.Context, ns string, oauth2 *monitor return fmt.Errorf("failed to get oauth2 client secret: %w", err) } + err = s.AddProxyConfig(ctx, ns, oauth2.ProxyConfig) + if err != nil { + return fmt.Errorf("failed to get oauth2 proxyConfig: %w", err) + } + + err = s.AddSafeTLSConfig(ctx, ns, oauth2.TLSConfig) + if err != nil { + return fmt.Errorf("failed to get oauth2 tlsConfig: %w", err) + } + return nil } @@ -368,3 +373,18 @@ func (cos *cacheOnlyStore) GetSecretOrConfigMapKey(key monitoringv1.SecretOrConf return "", nil } } + +func (cos *cacheOnlyStore) TLSAsset(sel interface{}) string { + var k tlsAssetKey + + switch v := sel.(type) { + case monitoringv1.SecretOrConfigMap: + k = tlsAssetKeyFromSelector(cos.ns, v) + case *v1.SecretKeySelector: + k = tlsAssetKeyFromSecretSelector(cos.ns, v) + default: + return "" + } + + return k.toString() +} diff --git a/pkg/assets/store_test.go b/pkg/assets/store_test.go index 5c6615f2ced..4d9175ef72e 100644 --- a/pkg/assets/store_test.go +++ b/pkg/assets/store_test.go @@ -265,6 +265,7 @@ func TestAddBasicAuth(t *testing.T) { require.Equal(t, tc.expectedUser, string(b), "expecting username value %q, got %q", tc.expectedUser, string(b)) }) } + } func TestProxyCongfig(t *testing.T) { @@ -342,24 +343,15 @@ func TestProxyCongfig(t *testing.T) { err := store.AddProxyConfig(context.Background(), tc.ns, proxyConfig) if tc.err { - if err == nil { - t.Fatal("expecting error, got no error") - } + require.Error(t, err) return } - if err != nil { - t.Fatalf("expecting no error, got %q", err) - } + require.NoError(t, err) b, err := store.ForNamespace(tc.ns).GetSecretKey(proxyConfig.ProxyConnectHeader["header"][0]) - if err != nil { - t.Fatalf("expecting no error, got %s", err) - } - - if string(b) != tc.selectedValue { - t.Fatalf("expecting value %q, got %q", tc.selectedValue, string(b)) - } + require.NoError(t, err) + require.Equal(t, tc.selectedValue, string(b)) }) } diff --git a/pkg/assets/tls.go b/pkg/assets/tls.go index 17dacab2e7e..1f3057039de 100644 --- a/pkg/assets/tls.go +++ b/pkg/assets/tls.go @@ -70,21 +70,6 @@ func tlsAssetKeyFromSelector(ns string, sel monitoringv1.SecretOrConfigMap) tlsA } } -func TLSAsset(ns string, sel interface{}) string { - var k tlsAssetKey - - switch v := sel.(type) { - case monitoringv1.SecretOrConfigMap: - k = tlsAssetKeyFromSelector(ns, v) - case *v1.SecretKeySelector: - k = tlsAssetKeyFromSecretSelector(ns, v) - default: - return "" - } - - return k.toString() -} - func (k tlsAssetKey) toString() string { return fmt.Sprintf("%d_%s_%s_%s", k.from, k.ns, k.name, k.key) } diff --git a/pkg/client/applyconfiguration/monitoring/v1/alertingspec.go b/pkg/client/applyconfiguration/monitoring/v1/alertingspec.go index a35f80e0fe9..b66f6696782 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/alertingspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/alertingspec.go @@ -16,13 +16,13 @@ package v1 -// AlertingSpecApplyConfiguration represents an declarative configuration of the AlertingSpec type for use +// AlertingSpecApplyConfiguration represents a declarative configuration of the AlertingSpec type for use // with apply. type AlertingSpecApplyConfiguration struct { Alertmanagers []AlertmanagerEndpointsApplyConfiguration `json:"alertmanagers,omitempty"` } -// AlertingSpecApplyConfiguration constructs an declarative configuration of the AlertingSpec type for use with +// AlertingSpecApplyConfiguration constructs a declarative configuration of the AlertingSpec type for use with // apply. func AlertingSpec() *AlertingSpecApplyConfiguration { return &AlertingSpecApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/alertmanager.go b/pkg/client/applyconfiguration/monitoring/v1/alertmanager.go index 5df19c3b3a1..90ecebf3114 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/alertmanager.go +++ b/pkg/client/applyconfiguration/monitoring/v1/alertmanager.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// AlertmanagerApplyConfiguration represents an declarative configuration of the Alertmanager type for use +// AlertmanagerApplyConfiguration represents a declarative configuration of the Alertmanager type for use // with apply. type AlertmanagerApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` @@ -31,7 +31,7 @@ type AlertmanagerApplyConfiguration struct { Status *AlertmanagerStatusApplyConfiguration `json:"status,omitempty"` } -// Alertmanager constructs an declarative configuration of the Alertmanager type for use with +// Alertmanager constructs a declarative configuration of the Alertmanager type for use with // apply. func Alertmanager(name, namespace string) *AlertmanagerApplyConfiguration { b := &AlertmanagerApplyConfiguration{} @@ -215,3 +215,9 @@ func (b *AlertmanagerApplyConfiguration) WithStatus(value *AlertmanagerStatusApp b.Status = value return b } + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *AlertmanagerApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.Name +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerconfigmatcherstrategy.go b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerconfigmatcherstrategy.go index 5aa4c55bfaa..cd12d22a770 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerconfigmatcherstrategy.go +++ b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerconfigmatcherstrategy.go @@ -16,13 +16,17 @@ package v1 -// AlertmanagerConfigMatcherStrategyApplyConfiguration represents an declarative configuration of the AlertmanagerConfigMatcherStrategy type for use +import ( + v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" +) + +// AlertmanagerConfigMatcherStrategyApplyConfiguration represents a declarative configuration of the AlertmanagerConfigMatcherStrategy type for use // with apply. type AlertmanagerConfigMatcherStrategyApplyConfiguration struct { - Type *string `json:"type,omitempty"` + Type *v1.AlertmanagerConfigMatcherStrategyType `json:"type,omitempty"` } -// AlertmanagerConfigMatcherStrategyApplyConfiguration constructs an declarative configuration of the AlertmanagerConfigMatcherStrategy type for use with +// AlertmanagerConfigMatcherStrategyApplyConfiguration constructs a declarative configuration of the AlertmanagerConfigMatcherStrategy type for use with // apply. func AlertmanagerConfigMatcherStrategy() *AlertmanagerConfigMatcherStrategyApplyConfiguration { return &AlertmanagerConfigMatcherStrategyApplyConfiguration{} @@ -31,7 +35,7 @@ func AlertmanagerConfigMatcherStrategy() *AlertmanagerConfigMatcherStrategyApply // WithType sets the Type field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Type field is set to the value of the last call. -func (b *AlertmanagerConfigMatcherStrategyApplyConfiguration) WithType(value string) *AlertmanagerConfigMatcherStrategyApplyConfiguration { +func (b *AlertmanagerConfigMatcherStrategyApplyConfiguration) WithType(value v1.AlertmanagerConfigMatcherStrategyType) *AlertmanagerConfigMatcherStrategyApplyConfiguration { b.Type = &value return b } diff --git a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerconfiguration.go b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerconfiguration.go index 42c3e39ad92..c6b866d1e13 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerconfiguration.go +++ b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerconfiguration.go @@ -16,7 +16,7 @@ package v1 -// AlertmanagerConfigurationApplyConfiguration represents an declarative configuration of the AlertmanagerConfiguration type for use +// AlertmanagerConfigurationApplyConfiguration represents a declarative configuration of the AlertmanagerConfiguration type for use // with apply. type AlertmanagerConfigurationApplyConfiguration struct { Name *string `json:"name,omitempty"` @@ -24,7 +24,7 @@ type AlertmanagerConfigurationApplyConfiguration struct { Templates []SecretOrConfigMapApplyConfiguration `json:"templates,omitempty"` } -// AlertmanagerConfigurationApplyConfiguration constructs an declarative configuration of the AlertmanagerConfiguration type for use with +// AlertmanagerConfigurationApplyConfiguration constructs a declarative configuration of the AlertmanagerConfiguration type for use with // apply. func AlertmanagerConfiguration() *AlertmanagerConfigurationApplyConfiguration { return &AlertmanagerConfigurationApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerendpoints.go b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerendpoints.go index 8a351e4de89..63739e2b1e6 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerendpoints.go +++ b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerendpoints.go @@ -21,7 +21,7 @@ import ( intstr "k8s.io/apimachinery/pkg/util/intstr" ) -// AlertmanagerEndpointsApplyConfiguration represents an declarative configuration of the AlertmanagerEndpoints type for use +// AlertmanagerEndpointsApplyConfiguration represents a declarative configuration of the AlertmanagerEndpoints type for use // with apply. type AlertmanagerEndpointsApplyConfiguration struct { Namespace *string `json:"namespace,omitempty"` @@ -41,7 +41,7 @@ type AlertmanagerEndpointsApplyConfiguration struct { AlertRelabelConfigs []RelabelConfigApplyConfiguration `json:"alertRelabelings,omitempty"` } -// AlertmanagerEndpointsApplyConfiguration constructs an declarative configuration of the AlertmanagerEndpoints type for use with +// AlertmanagerEndpointsApplyConfiguration constructs a declarative configuration of the AlertmanagerEndpoints type for use with // apply. func AlertmanagerEndpoints() *AlertmanagerEndpointsApplyConfiguration { return &AlertmanagerEndpointsApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerglobalconfig.go b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerglobalconfig.go index 0a9ca6a8e5d..6bce11b36be 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerglobalconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerglobalconfig.go @@ -21,7 +21,7 @@ import ( corev1 "k8s.io/api/core/v1" ) -// AlertmanagerGlobalConfigApplyConfiguration represents an declarative configuration of the AlertmanagerGlobalConfig type for use +// AlertmanagerGlobalConfigApplyConfiguration represents a declarative configuration of the AlertmanagerGlobalConfig type for use // with apply. type AlertmanagerGlobalConfigApplyConfiguration struct { SMTPConfig *GlobalSMTPConfigApplyConfiguration `json:"smtp,omitempty"` @@ -33,7 +33,7 @@ type AlertmanagerGlobalConfigApplyConfiguration struct { PagerdutyURL *string `json:"pagerdutyUrl,omitempty"` } -// AlertmanagerGlobalConfigApplyConfiguration constructs an declarative configuration of the AlertmanagerGlobalConfig type for use with +// AlertmanagerGlobalConfigApplyConfiguration constructs a declarative configuration of the AlertmanagerGlobalConfig type for use with // apply. func AlertmanagerGlobalConfig() *AlertmanagerGlobalConfigApplyConfiguration { return &AlertmanagerGlobalConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerspec.go b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerspec.go index c400fbd30c8..a3b89ceac03 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerspec.go @@ -22,7 +22,7 @@ import ( metav1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// AlertmanagerSpecApplyConfiguration represents an declarative configuration of the AlertmanagerSpec type for use +// AlertmanagerSpecApplyConfiguration represents a declarative configuration of the AlertmanagerSpec type for use // with apply. type AlertmanagerSpecApplyConfiguration struct { PodMetadata *EmbeddedObjectMetadataApplyConfiguration `json:"podMetadata,omitempty"` @@ -52,6 +52,8 @@ type AlertmanagerSpecApplyConfiguration struct { Tolerations []corev1.Toleration `json:"tolerations,omitempty"` TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"` + DNSPolicy *monitoringv1.DNSPolicy `json:"dnsPolicy,omitempty"` + DNSConfig *PodDNSConfigApplyConfiguration `json:"dnsConfig,omitempty"` ServiceAccountName *string `json:"serviceAccountName,omitempty"` ListenLocal *bool `json:"listenLocal,omitempty"` Containers []corev1.Container `json:"containers,omitempty"` @@ -66,8 +68,8 @@ type AlertmanagerSpecApplyConfiguration struct { PortName *string `json:"portName,omitempty"` ForceEnableClusterMode *bool `json:"forceEnableClusterMode,omitempty"` AlertmanagerConfigSelector *metav1.LabelSelectorApplyConfiguration `json:"alertmanagerConfigSelector,omitempty"` - AlertmanagerConfigMatcherStrategy *AlertmanagerConfigMatcherStrategyApplyConfiguration `json:"alertmanagerConfigMatcherStrategy,omitempty"` AlertmanagerConfigNamespaceSelector *metav1.LabelSelectorApplyConfiguration `json:"alertmanagerConfigNamespaceSelector,omitempty"` + AlertmanagerConfigMatcherStrategy *AlertmanagerConfigMatcherStrategyApplyConfiguration `json:"alertmanagerConfigMatcherStrategy,omitempty"` MinReadySeconds *uint32 `json:"minReadySeconds,omitempty"` HostAliases []HostAliasApplyConfiguration `json:"hostAliases,omitempty"` Web *AlertmanagerWebSpecApplyConfiguration `json:"web,omitempty"` @@ -76,7 +78,7 @@ type AlertmanagerSpecApplyConfiguration struct { EnableFeatures []string `json:"enableFeatures,omitempty"` } -// AlertmanagerSpecApplyConfiguration constructs an declarative configuration of the AlertmanagerSpec type for use with +// AlertmanagerSpecApplyConfiguration constructs a declarative configuration of the AlertmanagerSpec type for use with // apply. func AlertmanagerSpec() *AlertmanagerSpecApplyConfiguration { return &AlertmanagerSpecApplyConfiguration{} @@ -318,6 +320,22 @@ func (b *AlertmanagerSpecApplyConfiguration) WithSecurityContext(value corev1.Po return b } +// WithDNSPolicy sets the DNSPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSPolicy field is set to the value of the last call. +func (b *AlertmanagerSpecApplyConfiguration) WithDNSPolicy(value monitoringv1.DNSPolicy) *AlertmanagerSpecApplyConfiguration { + b.DNSPolicy = &value + return b +} + +// WithDNSConfig sets the DNSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSConfig field is set to the value of the last call. +func (b *AlertmanagerSpecApplyConfiguration) WithDNSConfig(value *PodDNSConfigApplyConfiguration) *AlertmanagerSpecApplyConfiguration { + b.DNSConfig = value + return b +} + // WithServiceAccountName sets the ServiceAccountName field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the ServiceAccountName field is set to the value of the last call. @@ -436,14 +454,6 @@ func (b *AlertmanagerSpecApplyConfiguration) WithAlertmanagerConfigSelector(valu return b } -// WithAlertmanagerConfigMatcherStrategy sets the AlertmanagerConfigMatcherStrategy field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the AlertmanagerConfigMatcherStrategy field is set to the value of the last call. -func (b *AlertmanagerSpecApplyConfiguration) WithAlertmanagerConfigMatcherStrategy(value *AlertmanagerConfigMatcherStrategyApplyConfiguration) *AlertmanagerSpecApplyConfiguration { - b.AlertmanagerConfigMatcherStrategy = value - return b -} - // WithAlertmanagerConfigNamespaceSelector sets the AlertmanagerConfigNamespaceSelector field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the AlertmanagerConfigNamespaceSelector field is set to the value of the last call. @@ -452,6 +462,14 @@ func (b *AlertmanagerSpecApplyConfiguration) WithAlertmanagerConfigNamespaceSele return b } +// WithAlertmanagerConfigMatcherStrategy sets the AlertmanagerConfigMatcherStrategy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AlertmanagerConfigMatcherStrategy field is set to the value of the last call. +func (b *AlertmanagerSpecApplyConfiguration) WithAlertmanagerConfigMatcherStrategy(value *AlertmanagerConfigMatcherStrategyApplyConfiguration) *AlertmanagerSpecApplyConfiguration { + b.AlertmanagerConfigMatcherStrategy = value + return b +} + // WithMinReadySeconds sets the MinReadySeconds field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the MinReadySeconds field is set to the value of the last call. diff --git a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerstatus.go b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerstatus.go index 8d449742a3e..f459945624d 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerstatus.go +++ b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerstatus.go @@ -16,7 +16,7 @@ package v1 -// AlertmanagerStatusApplyConfiguration represents an declarative configuration of the AlertmanagerStatus type for use +// AlertmanagerStatusApplyConfiguration represents a declarative configuration of the AlertmanagerStatus type for use // with apply. type AlertmanagerStatusApplyConfiguration struct { Paused *bool `json:"paused,omitempty"` @@ -24,10 +24,11 @@ type AlertmanagerStatusApplyConfiguration struct { UpdatedReplicas *int32 `json:"updatedReplicas,omitempty"` AvailableReplicas *int32 `json:"availableReplicas,omitempty"` UnavailableReplicas *int32 `json:"unavailableReplicas,omitempty"` + Selector *string `json:"selector,omitempty"` Conditions []ConditionApplyConfiguration `json:"conditions,omitempty"` } -// AlertmanagerStatusApplyConfiguration constructs an declarative configuration of the AlertmanagerStatus type for use with +// AlertmanagerStatusApplyConfiguration constructs a declarative configuration of the AlertmanagerStatus type for use with // apply. func AlertmanagerStatus() *AlertmanagerStatusApplyConfiguration { return &AlertmanagerStatusApplyConfiguration{} @@ -73,6 +74,14 @@ func (b *AlertmanagerStatusApplyConfiguration) WithUnavailableReplicas(value int return b } +// WithSelector sets the Selector field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Selector field is set to the value of the last call. +func (b *AlertmanagerStatusApplyConfiguration) WithSelector(value string) *AlertmanagerStatusApplyConfiguration { + b.Selector = &value + return b +} + // WithConditions adds the given value to the Conditions field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the Conditions field. diff --git a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerwebspec.go b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerwebspec.go index c70a2bee490..ac96fdd2a6f 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerwebspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerwebspec.go @@ -16,7 +16,7 @@ package v1 -// AlertmanagerWebSpecApplyConfiguration represents an declarative configuration of the AlertmanagerWebSpec type for use +// AlertmanagerWebSpecApplyConfiguration represents a declarative configuration of the AlertmanagerWebSpec type for use // with apply. type AlertmanagerWebSpecApplyConfiguration struct { WebConfigFileFieldsApplyConfiguration `json:",inline"` @@ -24,7 +24,7 @@ type AlertmanagerWebSpecApplyConfiguration struct { Timeout *uint32 `json:"timeout,omitempty"` } -// AlertmanagerWebSpecApplyConfiguration constructs an declarative configuration of the AlertmanagerWebSpec type for use with +// AlertmanagerWebSpecApplyConfiguration constructs a declarative configuration of the AlertmanagerWebSpec type for use with // apply. func AlertmanagerWebSpec() *AlertmanagerWebSpecApplyConfiguration { return &AlertmanagerWebSpecApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/apiserverconfig.go b/pkg/client/applyconfiguration/monitoring/v1/apiserverconfig.go index 876ec608b89..fe9bb385830 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/apiserverconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/apiserverconfig.go @@ -16,7 +16,7 @@ package v1 -// APIServerConfigApplyConfiguration represents an declarative configuration of the APIServerConfig type for use +// APIServerConfigApplyConfiguration represents a declarative configuration of the APIServerConfig type for use // with apply. type APIServerConfigApplyConfiguration struct { Host *string `json:"host,omitempty"` @@ -27,7 +27,7 @@ type APIServerConfigApplyConfiguration struct { BearerToken *string `json:"bearerToken,omitempty"` } -// APIServerConfigApplyConfiguration constructs an declarative configuration of the APIServerConfig type for use with +// APIServerConfigApplyConfiguration constructs a declarative configuration of the APIServerConfig type for use with // apply. func APIServerConfig() *APIServerConfigApplyConfiguration { return &APIServerConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/arbitraryfsaccessthroughsmsconfig.go b/pkg/client/applyconfiguration/monitoring/v1/arbitraryfsaccessthroughsmsconfig.go index c1e61bb1ee5..3c63d01a9b5 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/arbitraryfsaccessthroughsmsconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/arbitraryfsaccessthroughsmsconfig.go @@ -16,13 +16,13 @@ package v1 -// ArbitraryFSAccessThroughSMsConfigApplyConfiguration represents an declarative configuration of the ArbitraryFSAccessThroughSMsConfig type for use +// ArbitraryFSAccessThroughSMsConfigApplyConfiguration represents a declarative configuration of the ArbitraryFSAccessThroughSMsConfig type for use // with apply. type ArbitraryFSAccessThroughSMsConfigApplyConfiguration struct { Deny *bool `json:"deny,omitempty"` } -// ArbitraryFSAccessThroughSMsConfigApplyConfiguration constructs an declarative configuration of the ArbitraryFSAccessThroughSMsConfig type for use with +// ArbitraryFSAccessThroughSMsConfigApplyConfiguration constructs a declarative configuration of the ArbitraryFSAccessThroughSMsConfig type for use with // apply. func ArbitraryFSAccessThroughSMsConfig() *ArbitraryFSAccessThroughSMsConfigApplyConfiguration { return &ArbitraryFSAccessThroughSMsConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/argument.go b/pkg/client/applyconfiguration/monitoring/v1/argument.go index 06dd31d42ea..f1d9b914552 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/argument.go +++ b/pkg/client/applyconfiguration/monitoring/v1/argument.go @@ -16,14 +16,14 @@ package v1 -// ArgumentApplyConfiguration represents an declarative configuration of the Argument type for use +// ArgumentApplyConfiguration represents a declarative configuration of the Argument type for use // with apply. type ArgumentApplyConfiguration struct { Name *string `json:"name,omitempty"` Value *string `json:"value,omitempty"` } -// ArgumentApplyConfiguration constructs an declarative configuration of the Argument type for use with +// ArgumentApplyConfiguration constructs a declarative configuration of the Argument type for use with // apply. func Argument() *ArgumentApplyConfiguration { return &ArgumentApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/attachmetadata.go b/pkg/client/applyconfiguration/monitoring/v1/attachmetadata.go index 293aa9d5e91..ff71219de95 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/attachmetadata.go +++ b/pkg/client/applyconfiguration/monitoring/v1/attachmetadata.go @@ -16,13 +16,13 @@ package v1 -// AttachMetadataApplyConfiguration represents an declarative configuration of the AttachMetadata type for use +// AttachMetadataApplyConfiguration represents a declarative configuration of the AttachMetadata type for use // with apply. type AttachMetadataApplyConfiguration struct { Node *bool `json:"node,omitempty"` } -// AttachMetadataApplyConfiguration constructs an declarative configuration of the AttachMetadata type for use with +// AttachMetadataApplyConfiguration constructs a declarative configuration of the AttachMetadata type for use with // apply. func AttachMetadata() *AttachMetadataApplyConfiguration { return &AttachMetadataApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/authorization.go b/pkg/client/applyconfiguration/monitoring/v1/authorization.go index 0b274055ebf..5978294e595 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/authorization.go +++ b/pkg/client/applyconfiguration/monitoring/v1/authorization.go @@ -20,14 +20,14 @@ import ( corev1 "k8s.io/api/core/v1" ) -// AuthorizationApplyConfiguration represents an declarative configuration of the Authorization type for use +// AuthorizationApplyConfiguration represents a declarative configuration of the Authorization type for use // with apply. type AuthorizationApplyConfiguration struct { SafeAuthorizationApplyConfiguration `json:",inline"` CredentialsFile *string `json:"credentialsFile,omitempty"` } -// AuthorizationApplyConfiguration constructs an declarative configuration of the Authorization type for use with +// AuthorizationApplyConfiguration constructs a declarative configuration of the Authorization type for use with // apply. func Authorization() *AuthorizationApplyConfiguration { return &AuthorizationApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/azuread.go b/pkg/client/applyconfiguration/monitoring/v1/azuread.go index 1c38e4c6b23..758881efe3b 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/azuread.go +++ b/pkg/client/applyconfiguration/monitoring/v1/azuread.go @@ -16,7 +16,7 @@ package v1 -// AzureADApplyConfiguration represents an declarative configuration of the AzureAD type for use +// AzureADApplyConfiguration represents a declarative configuration of the AzureAD type for use // with apply. type AzureADApplyConfiguration struct { Cloud *string `json:"cloud,omitempty"` @@ -25,7 +25,7 @@ type AzureADApplyConfiguration struct { SDK *AzureSDKApplyConfiguration `json:"sdk,omitempty"` } -// AzureADApplyConfiguration constructs an declarative configuration of the AzureAD type for use with +// AzureADApplyConfiguration constructs a declarative configuration of the AzureAD type for use with // apply. func AzureAD() *AzureADApplyConfiguration { return &AzureADApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/azureoauth.go b/pkg/client/applyconfiguration/monitoring/v1/azureoauth.go index bb41b121d00..8ca031c983c 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/azureoauth.go +++ b/pkg/client/applyconfiguration/monitoring/v1/azureoauth.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// AzureOAuthApplyConfiguration represents an declarative configuration of the AzureOAuth type for use +// AzureOAuthApplyConfiguration represents a declarative configuration of the AzureOAuth type for use // with apply. type AzureOAuthApplyConfiguration struct { ClientID *string `json:"clientId,omitempty"` @@ -28,7 +28,7 @@ type AzureOAuthApplyConfiguration struct { TenantID *string `json:"tenantId,omitempty"` } -// AzureOAuthApplyConfiguration constructs an declarative configuration of the AzureOAuth type for use with +// AzureOAuthApplyConfiguration constructs a declarative configuration of the AzureOAuth type for use with // apply. func AzureOAuth() *AzureOAuthApplyConfiguration { return &AzureOAuthApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/azuresdk.go b/pkg/client/applyconfiguration/monitoring/v1/azuresdk.go index 2a366dd3134..51f71793de3 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/azuresdk.go +++ b/pkg/client/applyconfiguration/monitoring/v1/azuresdk.go @@ -16,13 +16,13 @@ package v1 -// AzureSDKApplyConfiguration represents an declarative configuration of the AzureSDK type for use +// AzureSDKApplyConfiguration represents a declarative configuration of the AzureSDK type for use // with apply. type AzureSDKApplyConfiguration struct { TenantID *string `json:"tenantId,omitempty"` } -// AzureSDKApplyConfiguration constructs an declarative configuration of the AzureSDK type for use with +// AzureSDKApplyConfiguration constructs a declarative configuration of the AzureSDK type for use with // apply. func AzureSDK() *AzureSDKApplyConfiguration { return &AzureSDKApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/basicauth.go b/pkg/client/applyconfiguration/monitoring/v1/basicauth.go index b00f14f8528..ba02cab5bc0 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/basicauth.go +++ b/pkg/client/applyconfiguration/monitoring/v1/basicauth.go @@ -20,14 +20,14 @@ import ( v1 "k8s.io/api/core/v1" ) -// BasicAuthApplyConfiguration represents an declarative configuration of the BasicAuth type for use +// BasicAuthApplyConfiguration represents a declarative configuration of the BasicAuth type for use // with apply. type BasicAuthApplyConfiguration struct { Username *v1.SecretKeySelector `json:"username,omitempty"` Password *v1.SecretKeySelector `json:"password,omitempty"` } -// BasicAuthApplyConfiguration constructs an declarative configuration of the BasicAuth type for use with +// BasicAuthApplyConfiguration constructs a declarative configuration of the BasicAuth type for use with // apply. func BasicAuth() *BasicAuthApplyConfiguration { return &BasicAuthApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/commonprometheusfields.go b/pkg/client/applyconfiguration/monitoring/v1/commonprometheusfields.go index 809d55addc6..8aa3d94c404 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/commonprometheusfields.go +++ b/pkg/client/applyconfiguration/monitoring/v1/commonprometheusfields.go @@ -23,7 +23,7 @@ import ( metav1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// CommonPrometheusFieldsApplyConfiguration represents an declarative configuration of the CommonPrometheusFields type for use +// CommonPrometheusFieldsApplyConfiguration represents a declarative configuration of the CommonPrometheusFields type for use // with apply. type CommonPrometheusFieldsApplyConfiguration struct { PodMetadata *EmbeddedObjectMetadataApplyConfiguration `json:"podMetadata,omitempty"` @@ -51,6 +51,7 @@ type CommonPrometheusFieldsApplyConfiguration struct { ScrapeProtocols []monitoringv1.ScrapeProtocol `json:"scrapeProtocols,omitempty"` ExternalLabels map[string]string `json:"externalLabels,omitempty"` EnableRemoteWriteReceiver *bool `json:"enableRemoteWriteReceiver,omitempty"` + RemoteWriteReceiverMessageVersions []monitoringv1.RemoteWriteMessageVersion `json:"remoteWriteReceiverMessageVersions,omitempty"` EnableFeatures []monitoringv1.EnableFeature `json:"enableFeatures,omitempty"` ExternalURL *string `json:"externalUrl,omitempty"` RoutePrefix *string `json:"routePrefix,omitempty"` @@ -69,7 +70,10 @@ type CommonPrometheusFieldsApplyConfiguration struct { Tolerations []corev1.Toleration `json:"tolerations,omitempty"` TopologySpreadConstraints []TopologySpreadConstraintApplyConfiguration `json:"topologySpreadConstraints,omitempty"` RemoteWrite []RemoteWriteSpecApplyConfiguration `json:"remoteWrite,omitempty"` + OTLP *OTLPConfigApplyConfiguration `json:"otlp,omitempty"` SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"` + DNSPolicy *monitoringv1.DNSPolicy `json:"dnsPolicy,omitempty"` + DNSConfig *PodDNSConfigApplyConfiguration `json:"dnsConfig,omitempty"` ListenLocal *bool `json:"listenLocal,omitempty"` Containers []corev1.Container `json:"containers,omitempty"` InitContainers []corev1.Container `json:"initContainers,omitempty"` @@ -107,9 +111,11 @@ type CommonPrometheusFieldsApplyConfiguration struct { ReloadStrategy *monitoringv1.ReloadStrategyType `json:"reloadStrategy,omitempty"` MaximumStartupDurationSeconds *int32 `json:"maximumStartupDurationSeconds,omitempty"` ScrapeClasses []ScrapeClassApplyConfiguration `json:"scrapeClasses,omitempty"` + ServiceDiscoveryRole *monitoringv1.ServiceDiscoveryRole `json:"serviceDiscoveryRole,omitempty"` + TSDB *TSDBSpecApplyConfiguration `json:"tsdb,omitempty"` } -// CommonPrometheusFieldsApplyConfiguration constructs an declarative configuration of the CommonPrometheusFields type for use with +// CommonPrometheusFieldsApplyConfiguration constructs a declarative configuration of the CommonPrometheusFields type for use with // apply. func CommonPrometheusFields() *CommonPrometheusFieldsApplyConfiguration { return &CommonPrometheusFieldsApplyConfiguration{} @@ -325,6 +331,16 @@ func (b *CommonPrometheusFieldsApplyConfiguration) WithEnableRemoteWriteReceiver return b } +// WithRemoteWriteReceiverMessageVersions adds the given value to the RemoteWriteReceiverMessageVersions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the RemoteWriteReceiverMessageVersions field. +func (b *CommonPrometheusFieldsApplyConfiguration) WithRemoteWriteReceiverMessageVersions(values ...monitoringv1.RemoteWriteMessageVersion) *CommonPrometheusFieldsApplyConfiguration { + for i := range values { + b.RemoteWriteReceiverMessageVersions = append(b.RemoteWriteReceiverMessageVersions, values[i]) + } + return b +} + // WithEnableFeatures adds the given value to the EnableFeatures field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the EnableFeatures field. @@ -497,6 +513,14 @@ func (b *CommonPrometheusFieldsApplyConfiguration) WithRemoteWrite(values ...*Re return b } +// WithOTLP sets the OTLP field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OTLP field is set to the value of the last call. +func (b *CommonPrometheusFieldsApplyConfiguration) WithOTLP(value *OTLPConfigApplyConfiguration) *CommonPrometheusFieldsApplyConfiguration { + b.OTLP = value + return b +} + // WithSecurityContext sets the SecurityContext field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the SecurityContext field is set to the value of the last call. @@ -505,6 +529,22 @@ func (b *CommonPrometheusFieldsApplyConfiguration) WithSecurityContext(value cor return b } +// WithDNSPolicy sets the DNSPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSPolicy field is set to the value of the last call. +func (b *CommonPrometheusFieldsApplyConfiguration) WithDNSPolicy(value monitoringv1.DNSPolicy) *CommonPrometheusFieldsApplyConfiguration { + b.DNSPolicy = &value + return b +} + +// WithDNSConfig sets the DNSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSConfig field is set to the value of the last call. +func (b *CommonPrometheusFieldsApplyConfiguration) WithDNSConfig(value *PodDNSConfigApplyConfiguration) *CommonPrometheusFieldsApplyConfiguration { + b.DNSConfig = value + return b +} + // WithListenLocal sets the ListenLocal field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the ListenLocal field is set to the value of the last call. @@ -826,3 +866,19 @@ func (b *CommonPrometheusFieldsApplyConfiguration) WithScrapeClasses(values ...* } return b } + +// WithServiceDiscoveryRole sets the ServiceDiscoveryRole field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceDiscoveryRole field is set to the value of the last call. +func (b *CommonPrometheusFieldsApplyConfiguration) WithServiceDiscoveryRole(value monitoringv1.ServiceDiscoveryRole) *CommonPrometheusFieldsApplyConfiguration { + b.ServiceDiscoveryRole = &value + return b +} + +// WithTSDB sets the TSDB field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TSDB field is set to the value of the last call. +func (b *CommonPrometheusFieldsApplyConfiguration) WithTSDB(value *TSDBSpecApplyConfiguration) *CommonPrometheusFieldsApplyConfiguration { + b.TSDB = value + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/condition.go b/pkg/client/applyconfiguration/monitoring/v1/condition.go index 11f02ee0605..880fc373513 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/condition.go +++ b/pkg/client/applyconfiguration/monitoring/v1/condition.go @@ -21,7 +21,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -// ConditionApplyConfiguration represents an declarative configuration of the Condition type for use +// ConditionApplyConfiguration represents a declarative configuration of the Condition type for use // with apply. type ConditionApplyConfiguration struct { Type *v1.ConditionType `json:"type,omitempty"` @@ -32,7 +32,7 @@ type ConditionApplyConfiguration struct { ObservedGeneration *int64 `json:"observedGeneration,omitempty"` } -// ConditionApplyConfiguration constructs an declarative configuration of the Condition type for use with +// ConditionApplyConfiguration constructs a declarative configuration of the Condition type for use with // apply. func Condition() *ConditionApplyConfiguration { return &ConditionApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/corev1topologyspreadconstraint.go b/pkg/client/applyconfiguration/monitoring/v1/corev1topologyspreadconstraint.go index 91ddfdf8771..72ed32108be 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/corev1topologyspreadconstraint.go +++ b/pkg/client/applyconfiguration/monitoring/v1/corev1topologyspreadconstraint.go @@ -21,7 +21,7 @@ import ( metav1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// CoreV1TopologySpreadConstraintApplyConfiguration represents an declarative configuration of the CoreV1TopologySpreadConstraint type for use +// CoreV1TopologySpreadConstraintApplyConfiguration represents a declarative configuration of the CoreV1TopologySpreadConstraint type for use // with apply. type CoreV1TopologySpreadConstraintApplyConfiguration struct { MaxSkew *int32 `json:"maxSkew,omitempty"` @@ -34,7 +34,7 @@ type CoreV1TopologySpreadConstraintApplyConfiguration struct { MatchLabelKeys []string `json:"matchLabelKeys,omitempty"` } -// CoreV1TopologySpreadConstraintApplyConfiguration constructs an declarative configuration of the CoreV1TopologySpreadConstraint type for use with +// CoreV1TopologySpreadConstraintApplyConfiguration constructs a declarative configuration of the CoreV1TopologySpreadConstraint type for use with // apply. func CoreV1TopologySpreadConstraint() *CoreV1TopologySpreadConstraintApplyConfiguration { return &CoreV1TopologySpreadConstraintApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/embeddedobjectmetadata.go b/pkg/client/applyconfiguration/monitoring/v1/embeddedobjectmetadata.go index 9005ab36c23..7258258d539 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/embeddedobjectmetadata.go +++ b/pkg/client/applyconfiguration/monitoring/v1/embeddedobjectmetadata.go @@ -16,7 +16,7 @@ package v1 -// EmbeddedObjectMetadataApplyConfiguration represents an declarative configuration of the EmbeddedObjectMetadata type for use +// EmbeddedObjectMetadataApplyConfiguration represents a declarative configuration of the EmbeddedObjectMetadata type for use // with apply. type EmbeddedObjectMetadataApplyConfiguration struct { Name *string `json:"name,omitempty"` @@ -24,7 +24,7 @@ type EmbeddedObjectMetadataApplyConfiguration struct { Annotations map[string]string `json:"annotations,omitempty"` } -// EmbeddedObjectMetadataApplyConfiguration constructs an declarative configuration of the EmbeddedObjectMetadata type for use with +// EmbeddedObjectMetadataApplyConfiguration constructs a declarative configuration of the EmbeddedObjectMetadata type for use with // apply. func EmbeddedObjectMetadata() *EmbeddedObjectMetadataApplyConfiguration { return &EmbeddedObjectMetadataApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/embeddedpersistentvolumeclaim.go b/pkg/client/applyconfiguration/monitoring/v1/embeddedpersistentvolumeclaim.go index ff6883a2088..2f8862a8ba4 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/embeddedpersistentvolumeclaim.go +++ b/pkg/client/applyconfiguration/monitoring/v1/embeddedpersistentvolumeclaim.go @@ -21,7 +21,7 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// EmbeddedPersistentVolumeClaimApplyConfiguration represents an declarative configuration of the EmbeddedPersistentVolumeClaim type for use +// EmbeddedPersistentVolumeClaimApplyConfiguration represents a declarative configuration of the EmbeddedPersistentVolumeClaim type for use // with apply. type EmbeddedPersistentVolumeClaimApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` @@ -30,7 +30,7 @@ type EmbeddedPersistentVolumeClaimApplyConfiguration struct { Status *corev1.PersistentVolumeClaimStatus `json:"status,omitempty"` } -// EmbeddedPersistentVolumeClaimApplyConfiguration constructs an declarative configuration of the EmbeddedPersistentVolumeClaim type for use with +// EmbeddedPersistentVolumeClaimApplyConfiguration constructs a declarative configuration of the EmbeddedPersistentVolumeClaim type for use with // apply. func EmbeddedPersistentVolumeClaim() *EmbeddedPersistentVolumeClaimApplyConfiguration { b := &EmbeddedPersistentVolumeClaimApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/endpoint.go b/pkg/client/applyconfiguration/monitoring/v1/endpoint.go index f3564ccf4c4..138abc534a4 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/endpoint.go +++ b/pkg/client/applyconfiguration/monitoring/v1/endpoint.go @@ -22,7 +22,7 @@ import ( intstr "k8s.io/apimachinery/pkg/util/intstr" ) -// EndpointApplyConfiguration represents an declarative configuration of the Endpoint type for use +// EndpointApplyConfiguration represents a declarative configuration of the Endpoint type for use // with apply. type EndpointApplyConfiguration struct { Port *string `json:"port,omitempty"` @@ -49,7 +49,7 @@ type EndpointApplyConfiguration struct { FilterRunning *bool `json:"filterRunning,omitempty"` } -// EndpointApplyConfiguration constructs an declarative configuration of the Endpoint type for use with +// EndpointApplyConfiguration constructs a declarative configuration of the Endpoint type for use with // apply. func Endpoint() *EndpointApplyConfiguration { return &EndpointApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/exemplars.go b/pkg/client/applyconfiguration/monitoring/v1/exemplars.go index 9d59e76157d..5fbd82890ca 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/exemplars.go +++ b/pkg/client/applyconfiguration/monitoring/v1/exemplars.go @@ -16,13 +16,13 @@ package v1 -// ExemplarsApplyConfiguration represents an declarative configuration of the Exemplars type for use +// ExemplarsApplyConfiguration represents a declarative configuration of the Exemplars type for use // with apply. type ExemplarsApplyConfiguration struct { MaxSize *int64 `json:"maxSize,omitempty"` } -// ExemplarsApplyConfiguration constructs an declarative configuration of the Exemplars type for use with +// ExemplarsApplyConfiguration constructs a declarative configuration of the Exemplars type for use with // apply. func Exemplars() *ExemplarsApplyConfiguration { return &ExemplarsApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/globalsmtpconfig.go b/pkg/client/applyconfiguration/monitoring/v1/globalsmtpconfig.go index 819d0df2550..37f8baf85df 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/globalsmtpconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/globalsmtpconfig.go @@ -20,7 +20,7 @@ import ( corev1 "k8s.io/api/core/v1" ) -// GlobalSMTPConfigApplyConfiguration represents an declarative configuration of the GlobalSMTPConfig type for use +// GlobalSMTPConfigApplyConfiguration represents a declarative configuration of the GlobalSMTPConfig type for use // with apply. type GlobalSMTPConfigApplyConfiguration struct { From *string `json:"from,omitempty"` @@ -33,7 +33,7 @@ type GlobalSMTPConfigApplyConfiguration struct { RequireTLS *bool `json:"requireTLS,omitempty"` } -// GlobalSMTPConfigApplyConfiguration constructs an declarative configuration of the GlobalSMTPConfig type for use with +// GlobalSMTPConfigApplyConfiguration constructs a declarative configuration of the GlobalSMTPConfig type for use with // apply. func GlobalSMTPConfig() *GlobalSMTPConfigApplyConfiguration { return &GlobalSMTPConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/hostalias.go b/pkg/client/applyconfiguration/monitoring/v1/hostalias.go index d432e6be361..023503a5699 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/hostalias.go +++ b/pkg/client/applyconfiguration/monitoring/v1/hostalias.go @@ -16,14 +16,14 @@ package v1 -// HostAliasApplyConfiguration represents an declarative configuration of the HostAlias type for use +// HostAliasApplyConfiguration represents a declarative configuration of the HostAlias type for use // with apply. type HostAliasApplyConfiguration struct { IP *string `json:"ip,omitempty"` Hostnames []string `json:"hostnames,omitempty"` } -// HostAliasApplyConfiguration constructs an declarative configuration of the HostAlias type for use with +// HostAliasApplyConfiguration constructs a declarative configuration of the HostAlias type for use with // apply. func HostAlias() *HostAliasApplyConfiguration { return &HostAliasApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/hostport.go b/pkg/client/applyconfiguration/monitoring/v1/hostport.go index 418ad0546e3..ff4e143e0da 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/hostport.go +++ b/pkg/client/applyconfiguration/monitoring/v1/hostport.go @@ -16,14 +16,14 @@ package v1 -// HostPortApplyConfiguration represents an declarative configuration of the HostPort type for use +// HostPortApplyConfiguration represents a declarative configuration of the HostPort type for use // with apply. type HostPortApplyConfiguration struct { Host *string `json:"host,omitempty"` Port *string `json:"port,omitempty"` } -// HostPortApplyConfiguration constructs an declarative configuration of the HostPort type for use with +// HostPortApplyConfiguration constructs a declarative configuration of the HostPort type for use with // apply. func HostPort() *HostPortApplyConfiguration { return &HostPortApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/httpconfig.go b/pkg/client/applyconfiguration/monitoring/v1/httpconfig.go index 0a9c803768c..f05fb9f44ae 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/httpconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/httpconfig.go @@ -20,19 +20,19 @@ import ( corev1 "k8s.io/api/core/v1" ) -// HTTPConfigApplyConfiguration represents an declarative configuration of the HTTPConfig type for use +// HTTPConfigApplyConfiguration represents a declarative configuration of the HTTPConfig type for use // with apply. type HTTPConfigApplyConfiguration struct { - Authorization *SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` - BasicAuth *BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` - OAuth2 *OAuth2ApplyConfiguration `json:"oauth2,omitempty"` - BearerTokenSecret *corev1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` - TLSConfig *SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` - ProxyURL *string `json:"proxyURL,omitempty"` - FollowRedirects *bool `json:"followRedirects,omitempty"` + Authorization *SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` + BasicAuth *BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` + OAuth2 *OAuth2ApplyConfiguration `json:"oauth2,omitempty"` + BearerTokenSecret *corev1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` + TLSConfig *SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` + ProxyConfigApplyConfiguration `json:",inline"` + FollowRedirects *bool `json:"followRedirects,omitempty"` } -// HTTPConfigApplyConfiguration constructs an declarative configuration of the HTTPConfig type for use with +// HTTPConfigApplyConfiguration constructs a declarative configuration of the HTTPConfig type for use with // apply. func HTTPConfig() *HTTPConfigApplyConfiguration { return &HTTPConfigApplyConfiguration{} @@ -86,6 +86,36 @@ func (b *HTTPConfigApplyConfiguration) WithProxyURL(value string) *HTTPConfigApp return b } +// WithNoProxy sets the NoProxy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NoProxy field is set to the value of the last call. +func (b *HTTPConfigApplyConfiguration) WithNoProxy(value string) *HTTPConfigApplyConfiguration { + b.NoProxy = &value + return b +} + +// WithProxyFromEnvironment sets the ProxyFromEnvironment field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyFromEnvironment field is set to the value of the last call. +func (b *HTTPConfigApplyConfiguration) WithProxyFromEnvironment(value bool) *HTTPConfigApplyConfiguration { + b.ProxyFromEnvironment = &value + return b +} + +// WithProxyConnectHeader puts the entries into the ProxyConnectHeader field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the ProxyConnectHeader field, +// overwriting an existing map entries in ProxyConnectHeader field with the same key. +func (b *HTTPConfigApplyConfiguration) WithProxyConnectHeader(entries map[string][]corev1.SecretKeySelector) *HTTPConfigApplyConfiguration { + if b.ProxyConnectHeader == nil && len(entries) > 0 { + b.ProxyConnectHeader = make(map[string][]corev1.SecretKeySelector, len(entries)) + } + for k, v := range entries { + b.ProxyConnectHeader[k] = v + } + return b +} + // WithFollowRedirects sets the FollowRedirects field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the FollowRedirects field is set to the value of the last call. diff --git a/pkg/client/applyconfiguration/monitoring/v1/managedidentity.go b/pkg/client/applyconfiguration/monitoring/v1/managedidentity.go index a53988d92a6..d43d114dc15 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/managedidentity.go +++ b/pkg/client/applyconfiguration/monitoring/v1/managedidentity.go @@ -16,13 +16,13 @@ package v1 -// ManagedIdentityApplyConfiguration represents an declarative configuration of the ManagedIdentity type for use +// ManagedIdentityApplyConfiguration represents a declarative configuration of the ManagedIdentity type for use // with apply. type ManagedIdentityApplyConfiguration struct { ClientID *string `json:"clientId,omitempty"` } -// ManagedIdentityApplyConfiguration constructs an declarative configuration of the ManagedIdentity type for use with +// ManagedIdentityApplyConfiguration constructs a declarative configuration of the ManagedIdentity type for use with // apply. func ManagedIdentity() *ManagedIdentityApplyConfiguration { return &ManagedIdentityApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/metadataconfig.go b/pkg/client/applyconfiguration/monitoring/v1/metadataconfig.go index c9ec12704dc..884849dd8ef 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/metadataconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/metadataconfig.go @@ -20,14 +20,14 @@ import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" ) -// MetadataConfigApplyConfiguration represents an declarative configuration of the MetadataConfig type for use +// MetadataConfigApplyConfiguration represents a declarative configuration of the MetadataConfig type for use // with apply. type MetadataConfigApplyConfiguration struct { Send *bool `json:"send,omitempty"` SendInterval *v1.Duration `json:"sendInterval,omitempty"` } -// MetadataConfigApplyConfiguration constructs an declarative configuration of the MetadataConfig type for use with +// MetadataConfigApplyConfiguration constructs a declarative configuration of the MetadataConfig type for use with // apply. func MetadataConfig() *MetadataConfigApplyConfiguration { return &MetadataConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/namespaceselector.go b/pkg/client/applyconfiguration/monitoring/v1/namespaceselector.go index 2bea8f60013..ac3845a875a 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/namespaceselector.go +++ b/pkg/client/applyconfiguration/monitoring/v1/namespaceselector.go @@ -16,14 +16,14 @@ package v1 -// NamespaceSelectorApplyConfiguration represents an declarative configuration of the NamespaceSelector type for use +// NamespaceSelectorApplyConfiguration represents a declarative configuration of the NamespaceSelector type for use // with apply. type NamespaceSelectorApplyConfiguration struct { Any *bool `json:"any,omitempty"` MatchNames []string `json:"matchNames,omitempty"` } -// NamespaceSelectorApplyConfiguration constructs an declarative configuration of the NamespaceSelector type for use with +// NamespaceSelectorApplyConfiguration constructs a declarative configuration of the NamespaceSelector type for use with // apply. func NamespaceSelector() *NamespaceSelectorApplyConfiguration { return &NamespaceSelectorApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/nativehistogramconfig.go b/pkg/client/applyconfiguration/monitoring/v1/nativehistogramconfig.go new file mode 100644 index 00000000000..15df68b9613 --- /dev/null +++ b/pkg/client/applyconfiguration/monitoring/v1/nativehistogramconfig.go @@ -0,0 +1,59 @@ +// Copyright The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + resource "k8s.io/apimachinery/pkg/api/resource" +) + +// NativeHistogramConfigApplyConfiguration represents a declarative configuration of the NativeHistogramConfig type for use +// with apply. +type NativeHistogramConfigApplyConfiguration struct { + ScrapeClassicHistograms *bool `json:"scrapeClassicHistograms,omitempty"` + NativeHistogramBucketLimit *uint64 `json:"nativeHistogramBucketLimit,omitempty"` + NativeHistogramMinBucketFactor *resource.Quantity `json:"nativeHistogramMinBucketFactor,omitempty"` +} + +// NativeHistogramConfigApplyConfiguration constructs a declarative configuration of the NativeHistogramConfig type for use with +// apply. +func NativeHistogramConfig() *NativeHistogramConfigApplyConfiguration { + return &NativeHistogramConfigApplyConfiguration{} +} + +// WithScrapeClassicHistograms sets the ScrapeClassicHistograms field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ScrapeClassicHistograms field is set to the value of the last call. +func (b *NativeHistogramConfigApplyConfiguration) WithScrapeClassicHistograms(value bool) *NativeHistogramConfigApplyConfiguration { + b.ScrapeClassicHistograms = &value + return b +} + +// WithNativeHistogramBucketLimit sets the NativeHistogramBucketLimit field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NativeHistogramBucketLimit field is set to the value of the last call. +func (b *NativeHistogramConfigApplyConfiguration) WithNativeHistogramBucketLimit(value uint64) *NativeHistogramConfigApplyConfiguration { + b.NativeHistogramBucketLimit = &value + return b +} + +// WithNativeHistogramMinBucketFactor sets the NativeHistogramMinBucketFactor field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NativeHistogramMinBucketFactor field is set to the value of the last call. +func (b *NativeHistogramConfigApplyConfiguration) WithNativeHistogramMinBucketFactor(value resource.Quantity) *NativeHistogramConfigApplyConfiguration { + b.NativeHistogramMinBucketFactor = &value + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/oauth2.go b/pkg/client/applyconfiguration/monitoring/v1/oauth2.go index a2a92da9b24..6489b956396 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/oauth2.go +++ b/pkg/client/applyconfiguration/monitoring/v1/oauth2.go @@ -20,17 +20,19 @@ import ( corev1 "k8s.io/api/core/v1" ) -// OAuth2ApplyConfiguration represents an declarative configuration of the OAuth2 type for use +// OAuth2ApplyConfiguration represents a declarative configuration of the OAuth2 type for use // with apply. type OAuth2ApplyConfiguration struct { - ClientID *SecretOrConfigMapApplyConfiguration `json:"clientId,omitempty"` - ClientSecret *corev1.SecretKeySelector `json:"clientSecret,omitempty"` - TokenURL *string `json:"tokenUrl,omitempty"` - Scopes []string `json:"scopes,omitempty"` - EndpointParams map[string]string `json:"endpointParams,omitempty"` + ClientID *SecretOrConfigMapApplyConfiguration `json:"clientId,omitempty"` + ClientSecret *corev1.SecretKeySelector `json:"clientSecret,omitempty"` + TokenURL *string `json:"tokenUrl,omitempty"` + Scopes []string `json:"scopes,omitempty"` + EndpointParams map[string]string `json:"endpointParams,omitempty"` + TLSConfig *SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` + ProxyConfigApplyConfiguration `json:",inline"` } -// OAuth2ApplyConfiguration constructs an declarative configuration of the OAuth2 type for use with +// OAuth2ApplyConfiguration constructs a declarative configuration of the OAuth2 type for use with // apply. func OAuth2() *OAuth2ApplyConfiguration { return &OAuth2ApplyConfiguration{} @@ -83,3 +85,49 @@ func (b *OAuth2ApplyConfiguration) WithEndpointParams(entries map[string]string) } return b } + +// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TLSConfig field is set to the value of the last call. +func (b *OAuth2ApplyConfiguration) WithTLSConfig(value *SafeTLSConfigApplyConfiguration) *OAuth2ApplyConfiguration { + b.TLSConfig = value + return b +} + +// WithProxyURL sets the ProxyURL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyURL field is set to the value of the last call. +func (b *OAuth2ApplyConfiguration) WithProxyURL(value string) *OAuth2ApplyConfiguration { + b.ProxyURL = &value + return b +} + +// WithNoProxy sets the NoProxy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NoProxy field is set to the value of the last call. +func (b *OAuth2ApplyConfiguration) WithNoProxy(value string) *OAuth2ApplyConfiguration { + b.NoProxy = &value + return b +} + +// WithProxyFromEnvironment sets the ProxyFromEnvironment field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyFromEnvironment field is set to the value of the last call. +func (b *OAuth2ApplyConfiguration) WithProxyFromEnvironment(value bool) *OAuth2ApplyConfiguration { + b.ProxyFromEnvironment = &value + return b +} + +// WithProxyConnectHeader puts the entries into the ProxyConnectHeader field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the ProxyConnectHeader field, +// overwriting an existing map entries in ProxyConnectHeader field with the same key. +func (b *OAuth2ApplyConfiguration) WithProxyConnectHeader(entries map[string][]corev1.SecretKeySelector) *OAuth2ApplyConfiguration { + if b.ProxyConnectHeader == nil && len(entries) > 0 { + b.ProxyConnectHeader = make(map[string][]corev1.SecretKeySelector, len(entries)) + } + for k, v := range entries { + b.ProxyConnectHeader[k] = v + } + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/objectreference.go b/pkg/client/applyconfiguration/monitoring/v1/objectreference.go index 8dc34333892..5bdf7ca8bd0 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/objectreference.go +++ b/pkg/client/applyconfiguration/monitoring/v1/objectreference.go @@ -16,7 +16,7 @@ package v1 -// ObjectReferenceApplyConfiguration represents an declarative configuration of the ObjectReference type for use +// ObjectReferenceApplyConfiguration represents a declarative configuration of the ObjectReference type for use // with apply. type ObjectReferenceApplyConfiguration struct { Group *string `json:"group,omitempty"` @@ -25,7 +25,7 @@ type ObjectReferenceApplyConfiguration struct { Name *string `json:"name,omitempty"` } -// ObjectReferenceApplyConfiguration constructs an declarative configuration of the ObjectReference type for use with +// ObjectReferenceApplyConfiguration constructs a declarative configuration of the ObjectReference type for use with // apply. func ObjectReference() *ObjectReferenceApplyConfiguration { return &ObjectReferenceApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/otlpconfig.go b/pkg/client/applyconfiguration/monitoring/v1/otlpconfig.go new file mode 100644 index 00000000000..4b509309331 --- /dev/null +++ b/pkg/client/applyconfiguration/monitoring/v1/otlpconfig.go @@ -0,0 +1,39 @@ +// Copyright The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// OTLPConfigApplyConfiguration represents a declarative configuration of the OTLPConfig type for use +// with apply. +type OTLPConfigApplyConfiguration struct { + PromoteResourceAttributes []string `json:"promoteResourceAttributes,omitempty"` +} + +// OTLPConfigApplyConfiguration constructs a declarative configuration of the OTLPConfig type for use with +// apply. +func OTLPConfig() *OTLPConfigApplyConfiguration { + return &OTLPConfigApplyConfiguration{} +} + +// WithPromoteResourceAttributes adds the given value to the PromoteResourceAttributes field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the PromoteResourceAttributes field. +func (b *OTLPConfigApplyConfiguration) WithPromoteResourceAttributes(values ...string) *OTLPConfigApplyConfiguration { + for i := range values { + b.PromoteResourceAttributes = append(b.PromoteResourceAttributes, values[i]) + } + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/poddnsconfig.go b/pkg/client/applyconfiguration/monitoring/v1/poddnsconfig.go new file mode 100644 index 00000000000..bc3d878f953 --- /dev/null +++ b/pkg/client/applyconfiguration/monitoring/v1/poddnsconfig.go @@ -0,0 +1,64 @@ +// Copyright The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// PodDNSConfigApplyConfiguration represents a declarative configuration of the PodDNSConfig type for use +// with apply. +type PodDNSConfigApplyConfiguration struct { + Nameservers []string `json:"nameservers,omitempty"` + Searches []string `json:"searches,omitempty"` + Options []PodDNSConfigOptionApplyConfiguration `json:"options,omitempty"` +} + +// PodDNSConfigApplyConfiguration constructs a declarative configuration of the PodDNSConfig type for use with +// apply. +func PodDNSConfig() *PodDNSConfigApplyConfiguration { + return &PodDNSConfigApplyConfiguration{} +} + +// WithNameservers adds the given value to the Nameservers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Nameservers field. +func (b *PodDNSConfigApplyConfiguration) WithNameservers(values ...string) *PodDNSConfigApplyConfiguration { + for i := range values { + b.Nameservers = append(b.Nameservers, values[i]) + } + return b +} + +// WithSearches adds the given value to the Searches field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Searches field. +func (b *PodDNSConfigApplyConfiguration) WithSearches(values ...string) *PodDNSConfigApplyConfiguration { + for i := range values { + b.Searches = append(b.Searches, values[i]) + } + return b +} + +// WithOptions adds the given value to the Options field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Options field. +func (b *PodDNSConfigApplyConfiguration) WithOptions(values ...*PodDNSConfigOptionApplyConfiguration) *PodDNSConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOptions") + } + b.Options = append(b.Options, *values[i]) + } + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/poddnsconfigoption.go b/pkg/client/applyconfiguration/monitoring/v1/poddnsconfigoption.go new file mode 100644 index 00000000000..ea47439543f --- /dev/null +++ b/pkg/client/applyconfiguration/monitoring/v1/poddnsconfigoption.go @@ -0,0 +1,46 @@ +// Copyright The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// PodDNSConfigOptionApplyConfiguration represents a declarative configuration of the PodDNSConfigOption type for use +// with apply. +type PodDNSConfigOptionApplyConfiguration struct { + Name *string `json:"name,omitempty"` + Value *string `json:"value,omitempty"` +} + +// PodDNSConfigOptionApplyConfiguration constructs a declarative configuration of the PodDNSConfigOption type for use with +// apply. +func PodDNSConfigOption() *PodDNSConfigOptionApplyConfiguration { + return &PodDNSConfigOptionApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *PodDNSConfigOptionApplyConfiguration) WithName(value string) *PodDNSConfigOptionApplyConfiguration { + b.Name = &value + return b +} + +// WithValue sets the Value field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Value field is set to the value of the last call. +func (b *PodDNSConfigOptionApplyConfiguration) WithValue(value string) *PodDNSConfigOptionApplyConfiguration { + b.Value = &value + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/podmetricsendpoint.go b/pkg/client/applyconfiguration/monitoring/v1/podmetricsendpoint.go index 7e824f66ea1..eb397df90b3 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/podmetricsendpoint.go +++ b/pkg/client/applyconfiguration/monitoring/v1/podmetricsendpoint.go @@ -22,7 +22,7 @@ import ( intstr "k8s.io/apimachinery/pkg/util/intstr" ) -// PodMetricsEndpointApplyConfiguration represents an declarative configuration of the PodMetricsEndpoint type for use +// PodMetricsEndpointApplyConfiguration represents a declarative configuration of the PodMetricsEndpoint type for use // with apply. type PodMetricsEndpointApplyConfiguration struct { Port *string `json:"port,omitempty"` @@ -48,7 +48,7 @@ type PodMetricsEndpointApplyConfiguration struct { FilterRunning *bool `json:"filterRunning,omitempty"` } -// PodMetricsEndpointApplyConfiguration constructs an declarative configuration of the PodMetricsEndpoint type for use with +// PodMetricsEndpointApplyConfiguration constructs a declarative configuration of the PodMetricsEndpoint type for use with // apply. func PodMetricsEndpoint() *PodMetricsEndpointApplyConfiguration { return &PodMetricsEndpointApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/podmonitor.go b/pkg/client/applyconfiguration/monitoring/v1/podmonitor.go index debd1415a30..f5059962e0e 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/podmonitor.go +++ b/pkg/client/applyconfiguration/monitoring/v1/podmonitor.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// PodMonitorApplyConfiguration represents an declarative configuration of the PodMonitor type for use +// PodMonitorApplyConfiguration represents a declarative configuration of the PodMonitor type for use // with apply. type PodMonitorApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` @@ -30,7 +30,7 @@ type PodMonitorApplyConfiguration struct { Spec *PodMonitorSpecApplyConfiguration `json:"spec,omitempty"` } -// PodMonitor constructs an declarative configuration of the PodMonitor type for use with +// PodMonitor constructs a declarative configuration of the PodMonitor type for use with // apply. func PodMonitor(name, namespace string) *PodMonitorApplyConfiguration { b := &PodMonitorApplyConfiguration{} @@ -206,3 +206,9 @@ func (b *PodMonitorApplyConfiguration) WithSpec(value *PodMonitorSpecApplyConfig b.Spec = value return b } + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *PodMonitorApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.Name +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/podmonitorspec.go b/pkg/client/applyconfiguration/monitoring/v1/podmonitorspec.go index a2efa7f0ac5..d2e0a5cc69b 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/podmonitorspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/podmonitorspec.go @@ -18,30 +18,32 @@ package v1 import ( monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + resource "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// PodMonitorSpecApplyConfiguration represents an declarative configuration of the PodMonitorSpec type for use +// PodMonitorSpecApplyConfiguration represents a declarative configuration of the PodMonitorSpec type for use // with apply. type PodMonitorSpecApplyConfiguration struct { - JobLabel *string `json:"jobLabel,omitempty"` - PodTargetLabels []string `json:"podTargetLabels,omitempty"` - PodMetricsEndpoints []PodMetricsEndpointApplyConfiguration `json:"podMetricsEndpoints,omitempty"` - Selector *metav1.LabelSelectorApplyConfiguration `json:"selector,omitempty"` - NamespaceSelector *NamespaceSelectorApplyConfiguration `json:"namespaceSelector,omitempty"` - SampleLimit *uint64 `json:"sampleLimit,omitempty"` - TargetLimit *uint64 `json:"targetLimit,omitempty"` - ScrapeProtocols []monitoringv1.ScrapeProtocol `json:"scrapeProtocols,omitempty"` - LabelLimit *uint64 `json:"labelLimit,omitempty"` - LabelNameLengthLimit *uint64 `json:"labelNameLengthLimit,omitempty"` - LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` - KeepDroppedTargets *uint64 `json:"keepDroppedTargets,omitempty"` - AttachMetadata *AttachMetadataApplyConfiguration `json:"attachMetadata,omitempty"` - ScrapeClassName *string `json:"scrapeClass,omitempty"` - BodySizeLimit *monitoringv1.ByteSize `json:"bodySizeLimit,omitempty"` -} - -// PodMonitorSpecApplyConfiguration constructs an declarative configuration of the PodMonitorSpec type for use with + JobLabel *string `json:"jobLabel,omitempty"` + PodTargetLabels []string `json:"podTargetLabels,omitempty"` + PodMetricsEndpoints []PodMetricsEndpointApplyConfiguration `json:"podMetricsEndpoints,omitempty"` + Selector *metav1.LabelSelectorApplyConfiguration `json:"selector,omitempty"` + NamespaceSelector *NamespaceSelectorApplyConfiguration `json:"namespaceSelector,omitempty"` + SampleLimit *uint64 `json:"sampleLimit,omitempty"` + TargetLimit *uint64 `json:"targetLimit,omitempty"` + ScrapeProtocols []monitoringv1.ScrapeProtocol `json:"scrapeProtocols,omitempty"` + LabelLimit *uint64 `json:"labelLimit,omitempty"` + LabelNameLengthLimit *uint64 `json:"labelNameLengthLimit,omitempty"` + LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` + NativeHistogramConfigApplyConfiguration `json:",inline"` + KeepDroppedTargets *uint64 `json:"keepDroppedTargets,omitempty"` + AttachMetadata *AttachMetadataApplyConfiguration `json:"attachMetadata,omitempty"` + ScrapeClassName *string `json:"scrapeClass,omitempty"` + BodySizeLimit *monitoringv1.ByteSize `json:"bodySizeLimit,omitempty"` +} + +// PodMonitorSpecApplyConfiguration constructs a declarative configuration of the PodMonitorSpec type for use with // apply. func PodMonitorSpec() *PodMonitorSpecApplyConfiguration { return &PodMonitorSpecApplyConfiguration{} @@ -144,6 +146,30 @@ func (b *PodMonitorSpecApplyConfiguration) WithLabelValueLengthLimit(value uint6 return b } +// WithScrapeClassicHistograms sets the ScrapeClassicHistograms field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ScrapeClassicHistograms field is set to the value of the last call. +func (b *PodMonitorSpecApplyConfiguration) WithScrapeClassicHistograms(value bool) *PodMonitorSpecApplyConfiguration { + b.ScrapeClassicHistograms = &value + return b +} + +// WithNativeHistogramBucketLimit sets the NativeHistogramBucketLimit field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NativeHistogramBucketLimit field is set to the value of the last call. +func (b *PodMonitorSpecApplyConfiguration) WithNativeHistogramBucketLimit(value uint64) *PodMonitorSpecApplyConfiguration { + b.NativeHistogramBucketLimit = &value + return b +} + +// WithNativeHistogramMinBucketFactor sets the NativeHistogramMinBucketFactor field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NativeHistogramMinBucketFactor field is set to the value of the last call. +func (b *PodMonitorSpecApplyConfiguration) WithNativeHistogramMinBucketFactor(value resource.Quantity) *PodMonitorSpecApplyConfiguration { + b.NativeHistogramMinBucketFactor = &value + return b +} + // WithKeepDroppedTargets sets the KeepDroppedTargets field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the KeepDroppedTargets field is set to the value of the last call. diff --git a/pkg/client/applyconfiguration/monitoring/v1/probe.go b/pkg/client/applyconfiguration/monitoring/v1/probe.go index 464ab9485ac..f820b7617e3 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/probe.go +++ b/pkg/client/applyconfiguration/monitoring/v1/probe.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// ProbeApplyConfiguration represents an declarative configuration of the Probe type for use +// ProbeApplyConfiguration represents a declarative configuration of the Probe type for use // with apply. type ProbeApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` @@ -30,7 +30,7 @@ type ProbeApplyConfiguration struct { Spec *ProbeSpecApplyConfiguration `json:"spec,omitempty"` } -// Probe constructs an declarative configuration of the Probe type for use with +// Probe constructs a declarative configuration of the Probe type for use with // apply. func Probe(name, namespace string) *ProbeApplyConfiguration { b := &ProbeApplyConfiguration{} @@ -206,3 +206,9 @@ func (b *ProbeApplyConfiguration) WithSpec(value *ProbeSpecApplyConfiguration) * b.Spec = value return b } + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *ProbeApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.Name +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/proberspec.go b/pkg/client/applyconfiguration/monitoring/v1/proberspec.go index a9f85fa6830..9549276bac0 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/proberspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/proberspec.go @@ -16,7 +16,7 @@ package v1 -// ProberSpecApplyConfiguration represents an declarative configuration of the ProberSpec type for use +// ProberSpecApplyConfiguration represents a declarative configuration of the ProberSpec type for use // with apply. type ProberSpecApplyConfiguration struct { URL *string `json:"url,omitempty"` @@ -25,7 +25,7 @@ type ProberSpecApplyConfiguration struct { ProxyURL *string `json:"proxyUrl,omitempty"` } -// ProberSpecApplyConfiguration constructs an declarative configuration of the ProberSpec type for use with +// ProberSpecApplyConfiguration constructs a declarative configuration of the ProberSpec type for use with // apply. func ProberSpec() *ProberSpecApplyConfiguration { return &ProberSpecApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/probespec.go b/pkg/client/applyconfiguration/monitoring/v1/probespec.go index fb65ac8836a..cd65bf29b07 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/probespec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/probespec.go @@ -19,34 +19,36 @@ package v1 import ( monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" corev1 "k8s.io/api/core/v1" + resource "k8s.io/apimachinery/pkg/api/resource" ) -// ProbeSpecApplyConfiguration represents an declarative configuration of the ProbeSpec type for use +// ProbeSpecApplyConfiguration represents a declarative configuration of the ProbeSpec type for use // with apply. type ProbeSpecApplyConfiguration struct { - JobName *string `json:"jobName,omitempty"` - ProberSpec *ProberSpecApplyConfiguration `json:"prober,omitempty"` - Module *string `json:"module,omitempty"` - Targets *ProbeTargetsApplyConfiguration `json:"targets,omitempty"` - Interval *monitoringv1.Duration `json:"interval,omitempty"` - ScrapeTimeout *monitoringv1.Duration `json:"scrapeTimeout,omitempty"` - TLSConfig *SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` - BearerTokenSecret *corev1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` - BasicAuth *BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` - OAuth2 *OAuth2ApplyConfiguration `json:"oauth2,omitempty"` - MetricRelabelConfigs []RelabelConfigApplyConfiguration `json:"metricRelabelings,omitempty"` - Authorization *SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` - SampleLimit *uint64 `json:"sampleLimit,omitempty"` - TargetLimit *uint64 `json:"targetLimit,omitempty"` - ScrapeProtocols []monitoringv1.ScrapeProtocol `json:"scrapeProtocols,omitempty"` - LabelLimit *uint64 `json:"labelLimit,omitempty"` - LabelNameLengthLimit *uint64 `json:"labelNameLengthLimit,omitempty"` - LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` - KeepDroppedTargets *uint64 `json:"keepDroppedTargets,omitempty"` - ScrapeClassName *string `json:"scrapeClass,omitempty"` -} - -// ProbeSpecApplyConfiguration constructs an declarative configuration of the ProbeSpec type for use with + JobName *string `json:"jobName,omitempty"` + ProberSpec *ProberSpecApplyConfiguration `json:"prober,omitempty"` + Module *string `json:"module,omitempty"` + Targets *ProbeTargetsApplyConfiguration `json:"targets,omitempty"` + Interval *monitoringv1.Duration `json:"interval,omitempty"` + ScrapeTimeout *monitoringv1.Duration `json:"scrapeTimeout,omitempty"` + TLSConfig *SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` + BearerTokenSecret *corev1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` + BasicAuth *BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` + OAuth2 *OAuth2ApplyConfiguration `json:"oauth2,omitempty"` + MetricRelabelConfigs []RelabelConfigApplyConfiguration `json:"metricRelabelings,omitempty"` + Authorization *SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` + SampleLimit *uint64 `json:"sampleLimit,omitempty"` + TargetLimit *uint64 `json:"targetLimit,omitempty"` + ScrapeProtocols []monitoringv1.ScrapeProtocol `json:"scrapeProtocols,omitempty"` + LabelLimit *uint64 `json:"labelLimit,omitempty"` + LabelNameLengthLimit *uint64 `json:"labelNameLengthLimit,omitempty"` + LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` + NativeHistogramConfigApplyConfiguration `json:",inline"` + KeepDroppedTargets *uint64 `json:"keepDroppedTargets,omitempty"` + ScrapeClassName *string `json:"scrapeClass,omitempty"` +} + +// ProbeSpecApplyConfiguration constructs a declarative configuration of the ProbeSpec type for use with // apply. func ProbeSpec() *ProbeSpecApplyConfiguration { return &ProbeSpecApplyConfiguration{} @@ -203,6 +205,30 @@ func (b *ProbeSpecApplyConfiguration) WithLabelValueLengthLimit(value uint64) *P return b } +// WithScrapeClassicHistograms sets the ScrapeClassicHistograms field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ScrapeClassicHistograms field is set to the value of the last call. +func (b *ProbeSpecApplyConfiguration) WithScrapeClassicHistograms(value bool) *ProbeSpecApplyConfiguration { + b.ScrapeClassicHistograms = &value + return b +} + +// WithNativeHistogramBucketLimit sets the NativeHistogramBucketLimit field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NativeHistogramBucketLimit field is set to the value of the last call. +func (b *ProbeSpecApplyConfiguration) WithNativeHistogramBucketLimit(value uint64) *ProbeSpecApplyConfiguration { + b.NativeHistogramBucketLimit = &value + return b +} + +// WithNativeHistogramMinBucketFactor sets the NativeHistogramMinBucketFactor field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NativeHistogramMinBucketFactor field is set to the value of the last call. +func (b *ProbeSpecApplyConfiguration) WithNativeHistogramMinBucketFactor(value resource.Quantity) *ProbeSpecApplyConfiguration { + b.NativeHistogramMinBucketFactor = &value + return b +} + // WithKeepDroppedTargets sets the KeepDroppedTargets field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the KeepDroppedTargets field is set to the value of the last call. diff --git a/pkg/client/applyconfiguration/monitoring/v1/probetargetingress.go b/pkg/client/applyconfiguration/monitoring/v1/probetargetingress.go index 5881b902476..f57befc96d5 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/probetargetingress.go +++ b/pkg/client/applyconfiguration/monitoring/v1/probetargetingress.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// ProbeTargetIngressApplyConfiguration represents an declarative configuration of the ProbeTargetIngress type for use +// ProbeTargetIngressApplyConfiguration represents a declarative configuration of the ProbeTargetIngress type for use // with apply. type ProbeTargetIngressApplyConfiguration struct { Selector *v1.LabelSelectorApplyConfiguration `json:"selector,omitempty"` @@ -28,7 +28,7 @@ type ProbeTargetIngressApplyConfiguration struct { RelabelConfigs []RelabelConfigApplyConfiguration `json:"relabelingConfigs,omitempty"` } -// ProbeTargetIngressApplyConfiguration constructs an declarative configuration of the ProbeTargetIngress type for use with +// ProbeTargetIngressApplyConfiguration constructs a declarative configuration of the ProbeTargetIngress type for use with // apply. func ProbeTargetIngress() *ProbeTargetIngressApplyConfiguration { return &ProbeTargetIngressApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/probetargets.go b/pkg/client/applyconfiguration/monitoring/v1/probetargets.go index a1a2e1fdfa4..ffa5d07af49 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/probetargets.go +++ b/pkg/client/applyconfiguration/monitoring/v1/probetargets.go @@ -16,14 +16,14 @@ package v1 -// ProbeTargetsApplyConfiguration represents an declarative configuration of the ProbeTargets type for use +// ProbeTargetsApplyConfiguration represents a declarative configuration of the ProbeTargets type for use // with apply. type ProbeTargetsApplyConfiguration struct { StaticConfig *ProbeTargetStaticConfigApplyConfiguration `json:"staticConfig,omitempty"` Ingress *ProbeTargetIngressApplyConfiguration `json:"ingress,omitempty"` } -// ProbeTargetsApplyConfiguration constructs an declarative configuration of the ProbeTargets type for use with +// ProbeTargetsApplyConfiguration constructs a declarative configuration of the ProbeTargets type for use with // apply. func ProbeTargets() *ProbeTargetsApplyConfiguration { return &ProbeTargetsApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/probetargetstaticconfig.go b/pkg/client/applyconfiguration/monitoring/v1/probetargetstaticconfig.go index c7b4a8081e0..8ee5f23a74c 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/probetargetstaticconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/probetargetstaticconfig.go @@ -16,7 +16,7 @@ package v1 -// ProbeTargetStaticConfigApplyConfiguration represents an declarative configuration of the ProbeTargetStaticConfig type for use +// ProbeTargetStaticConfigApplyConfiguration represents a declarative configuration of the ProbeTargetStaticConfig type for use // with apply. type ProbeTargetStaticConfigApplyConfiguration struct { Targets []string `json:"static,omitempty"` @@ -24,7 +24,7 @@ type ProbeTargetStaticConfigApplyConfiguration struct { RelabelConfigs []RelabelConfigApplyConfiguration `json:"relabelingConfigs,omitempty"` } -// ProbeTargetStaticConfigApplyConfiguration constructs an declarative configuration of the ProbeTargetStaticConfig type for use with +// ProbeTargetStaticConfigApplyConfiguration constructs a declarative configuration of the ProbeTargetStaticConfig type for use with // apply. func ProbeTargetStaticConfig() *ProbeTargetStaticConfigApplyConfiguration { return &ProbeTargetStaticConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/prometheus.go b/pkg/client/applyconfiguration/monitoring/v1/prometheus.go index 28a7b0df730..bd2b24b4986 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/prometheus.go +++ b/pkg/client/applyconfiguration/monitoring/v1/prometheus.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// PrometheusApplyConfiguration represents an declarative configuration of the Prometheus type for use +// PrometheusApplyConfiguration represents a declarative configuration of the Prometheus type for use // with apply. type PrometheusApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` @@ -31,7 +31,7 @@ type PrometheusApplyConfiguration struct { Status *PrometheusStatusApplyConfiguration `json:"status,omitempty"` } -// Prometheus constructs an declarative configuration of the Prometheus type for use with +// Prometheus constructs a declarative configuration of the Prometheus type for use with // apply. func Prometheus(name, namespace string) *PrometheusApplyConfiguration { b := &PrometheusApplyConfiguration{} @@ -215,3 +215,9 @@ func (b *PrometheusApplyConfiguration) WithStatus(value *PrometheusStatusApplyCo b.Status = value return b } + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *PrometheusApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.Name +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/prometheusrule.go b/pkg/client/applyconfiguration/monitoring/v1/prometheusrule.go index 9b6567f2bc2..fd99273494e 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/prometheusrule.go +++ b/pkg/client/applyconfiguration/monitoring/v1/prometheusrule.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// PrometheusRuleApplyConfiguration represents an declarative configuration of the PrometheusRule type for use +// PrometheusRuleApplyConfiguration represents a declarative configuration of the PrometheusRule type for use // with apply. type PrometheusRuleApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` @@ -30,7 +30,7 @@ type PrometheusRuleApplyConfiguration struct { Spec *PrometheusRuleSpecApplyConfiguration `json:"spec,omitempty"` } -// PrometheusRule constructs an declarative configuration of the PrometheusRule type for use with +// PrometheusRule constructs a declarative configuration of the PrometheusRule type for use with // apply. func PrometheusRule(name, namespace string) *PrometheusRuleApplyConfiguration { b := &PrometheusRuleApplyConfiguration{} @@ -206,3 +206,9 @@ func (b *PrometheusRuleApplyConfiguration) WithSpec(value *PrometheusRuleSpecApp b.Spec = value return b } + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *PrometheusRuleApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.Name +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/prometheusruleexcludeconfig.go b/pkg/client/applyconfiguration/monitoring/v1/prometheusruleexcludeconfig.go index a179af9c163..c5e22406565 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/prometheusruleexcludeconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/prometheusruleexcludeconfig.go @@ -16,14 +16,14 @@ package v1 -// PrometheusRuleExcludeConfigApplyConfiguration represents an declarative configuration of the PrometheusRuleExcludeConfig type for use +// PrometheusRuleExcludeConfigApplyConfiguration represents a declarative configuration of the PrometheusRuleExcludeConfig type for use // with apply. type PrometheusRuleExcludeConfigApplyConfiguration struct { RuleNamespace *string `json:"ruleNamespace,omitempty"` RuleName *string `json:"ruleName,omitempty"` } -// PrometheusRuleExcludeConfigApplyConfiguration constructs an declarative configuration of the PrometheusRuleExcludeConfig type for use with +// PrometheusRuleExcludeConfigApplyConfiguration constructs a declarative configuration of the PrometheusRuleExcludeConfig type for use with // apply. func PrometheusRuleExcludeConfig() *PrometheusRuleExcludeConfigApplyConfiguration { return &PrometheusRuleExcludeConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/prometheusrulespec.go b/pkg/client/applyconfiguration/monitoring/v1/prometheusrulespec.go index b5387dd4afe..1994d5892a0 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/prometheusrulespec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/prometheusrulespec.go @@ -16,13 +16,13 @@ package v1 -// PrometheusRuleSpecApplyConfiguration represents an declarative configuration of the PrometheusRuleSpec type for use +// PrometheusRuleSpecApplyConfiguration represents a declarative configuration of the PrometheusRuleSpec type for use // with apply. type PrometheusRuleSpecApplyConfiguration struct { Groups []RuleGroupApplyConfiguration `json:"groups,omitempty"` } -// PrometheusRuleSpecApplyConfiguration constructs an declarative configuration of the PrometheusRuleSpec type for use with +// PrometheusRuleSpecApplyConfiguration constructs a declarative configuration of the PrometheusRuleSpec type for use with // apply. func PrometheusRuleSpec() *PrometheusRuleSpecApplyConfiguration { return &PrometheusRuleSpecApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/prometheusspec.go b/pkg/client/applyconfiguration/monitoring/v1/prometheusspec.go index 82dd8ffc318..97ac6135202 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/prometheusspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/prometheusspec.go @@ -23,10 +23,11 @@ import ( metav1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// PrometheusSpecApplyConfiguration represents an declarative configuration of the PrometheusSpec type for use +// PrometheusSpecApplyConfiguration represents a declarative configuration of the PrometheusSpec type for use // with apply. type PrometheusSpecApplyConfiguration struct { CommonPrometheusFieldsApplyConfiguration `json:",inline"` + Runtime *RuntimeConfigApplyConfiguration `json:"runtime,omitempty"` BaseImage *string `json:"baseImage,omitempty"` Tag *string `json:"tag,omitempty"` SHA *string `json:"sha,omitempty"` @@ -47,11 +48,11 @@ type PrometheusSpecApplyConfiguration struct { AllowOverlappingBlocks *bool `json:"allowOverlappingBlocks,omitempty"` Exemplars *ExemplarsApplyConfiguration `json:"exemplars,omitempty"` EvaluationInterval *monitoringv1.Duration `json:"evaluationInterval,omitempty"` + RuleQueryOffset *monitoringv1.Duration `json:"ruleQueryOffset,omitempty"` EnableAdminAPI *bool `json:"enableAdminAPI,omitempty"` - TSDB *TSDBSpecApplyConfiguration `json:"tsdb,omitempty"` } -// PrometheusSpecApplyConfiguration constructs an declarative configuration of the PrometheusSpec type for use with +// PrometheusSpecApplyConfiguration constructs a declarative configuration of the PrometheusSpec type for use with // apply. func PrometheusSpec() *PrometheusSpecApplyConfiguration { return &PrometheusSpecApplyConfiguration{} @@ -267,6 +268,16 @@ func (b *PrometheusSpecApplyConfiguration) WithEnableRemoteWriteReceiver(value b return b } +// WithRemoteWriteReceiverMessageVersions adds the given value to the RemoteWriteReceiverMessageVersions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the RemoteWriteReceiverMessageVersions field. +func (b *PrometheusSpecApplyConfiguration) WithRemoteWriteReceiverMessageVersions(values ...monitoringv1.RemoteWriteMessageVersion) *PrometheusSpecApplyConfiguration { + for i := range values { + b.RemoteWriteReceiverMessageVersions = append(b.RemoteWriteReceiverMessageVersions, values[i]) + } + return b +} + // WithEnableFeatures adds the given value to the EnableFeatures field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the EnableFeatures field. @@ -439,6 +450,14 @@ func (b *PrometheusSpecApplyConfiguration) WithRemoteWrite(values ...*RemoteWrit return b } +// WithOTLP sets the OTLP field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OTLP field is set to the value of the last call. +func (b *PrometheusSpecApplyConfiguration) WithOTLP(value *OTLPConfigApplyConfiguration) *PrometheusSpecApplyConfiguration { + b.OTLP = value + return b +} + // WithSecurityContext sets the SecurityContext field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the SecurityContext field is set to the value of the last call. @@ -447,6 +466,22 @@ func (b *PrometheusSpecApplyConfiguration) WithSecurityContext(value corev1.PodS return b } +// WithDNSPolicy sets the DNSPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSPolicy field is set to the value of the last call. +func (b *PrometheusSpecApplyConfiguration) WithDNSPolicy(value monitoringv1.DNSPolicy) *PrometheusSpecApplyConfiguration { + b.DNSPolicy = &value + return b +} + +// WithDNSConfig sets the DNSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSConfig field is set to the value of the last call. +func (b *PrometheusSpecApplyConfiguration) WithDNSConfig(value *PodDNSConfigApplyConfiguration) *PrometheusSpecApplyConfiguration { + b.DNSConfig = value + return b +} + // WithListenLocal sets the ListenLocal field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the ListenLocal field is set to the value of the last call. @@ -769,6 +804,30 @@ func (b *PrometheusSpecApplyConfiguration) WithScrapeClasses(values ...*ScrapeCl return b } +// WithServiceDiscoveryRole sets the ServiceDiscoveryRole field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceDiscoveryRole field is set to the value of the last call. +func (b *PrometheusSpecApplyConfiguration) WithServiceDiscoveryRole(value monitoringv1.ServiceDiscoveryRole) *PrometheusSpecApplyConfiguration { + b.ServiceDiscoveryRole = &value + return b +} + +// WithTSDB sets the TSDB field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TSDB field is set to the value of the last call. +func (b *PrometheusSpecApplyConfiguration) WithTSDB(value *TSDBSpecApplyConfiguration) *PrometheusSpecApplyConfiguration { + b.TSDB = value + return b +} + +// WithRuntime sets the Runtime field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Runtime field is set to the value of the last call. +func (b *PrometheusSpecApplyConfiguration) WithRuntime(value *RuntimeConfigApplyConfiguration) *PrometheusSpecApplyConfiguration { + b.Runtime = value + return b +} + // WithBaseImage sets the BaseImage field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the BaseImage field is set to the value of the last call. @@ -939,18 +998,18 @@ func (b *PrometheusSpecApplyConfiguration) WithEvaluationInterval(value monitori return b } -// WithEnableAdminAPI sets the EnableAdminAPI field in the declarative configuration to the given value +// WithRuleQueryOffset sets the RuleQueryOffset field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the EnableAdminAPI field is set to the value of the last call. -func (b *PrometheusSpecApplyConfiguration) WithEnableAdminAPI(value bool) *PrometheusSpecApplyConfiguration { - b.EnableAdminAPI = &value +// If called multiple times, the RuleQueryOffset field is set to the value of the last call. +func (b *PrometheusSpecApplyConfiguration) WithRuleQueryOffset(value monitoringv1.Duration) *PrometheusSpecApplyConfiguration { + b.RuleQueryOffset = &value return b } -// WithTSDB sets the TSDB field in the declarative configuration to the given value +// WithEnableAdminAPI sets the EnableAdminAPI field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the TSDB field is set to the value of the last call. -func (b *PrometheusSpecApplyConfiguration) WithTSDB(value *TSDBSpecApplyConfiguration) *PrometheusSpecApplyConfiguration { - b.TSDB = value +// If called multiple times, the EnableAdminAPI field is set to the value of the last call. +func (b *PrometheusSpecApplyConfiguration) WithEnableAdminAPI(value bool) *PrometheusSpecApplyConfiguration { + b.EnableAdminAPI = &value return b } diff --git a/pkg/client/applyconfiguration/monitoring/v1/prometheusstatus.go b/pkg/client/applyconfiguration/monitoring/v1/prometheusstatus.go index 4cff63eb864..53f0c59e8c8 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/prometheusstatus.go +++ b/pkg/client/applyconfiguration/monitoring/v1/prometheusstatus.go @@ -16,7 +16,7 @@ package v1 -// PrometheusStatusApplyConfiguration represents an declarative configuration of the PrometheusStatus type for use +// PrometheusStatusApplyConfiguration represents a declarative configuration of the PrometheusStatus type for use // with apply. type PrometheusStatusApplyConfiguration struct { Paused *bool `json:"paused,omitempty"` @@ -30,7 +30,7 @@ type PrometheusStatusApplyConfiguration struct { Selector *string `json:"selector,omitempty"` } -// PrometheusStatusApplyConfiguration constructs an declarative configuration of the PrometheusStatus type for use with +// PrometheusStatusApplyConfiguration constructs a declarative configuration of the PrometheusStatus type for use with // apply. func PrometheusStatus() *PrometheusStatusApplyConfiguration { return &PrometheusStatusApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/prometheustracingconfig.go b/pkg/client/applyconfiguration/monitoring/v1/prometheustracingconfig.go index b9957a72d0c..c3b5171581b 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/prometheustracingconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/prometheustracingconfig.go @@ -21,7 +21,7 @@ import ( resource "k8s.io/apimachinery/pkg/api/resource" ) -// PrometheusTracingConfigApplyConfiguration represents an declarative configuration of the PrometheusTracingConfig type for use +// PrometheusTracingConfigApplyConfiguration represents a declarative configuration of the PrometheusTracingConfig type for use // with apply. type PrometheusTracingConfigApplyConfiguration struct { ClientType *string `json:"clientType,omitempty"` @@ -34,7 +34,7 @@ type PrometheusTracingConfigApplyConfiguration struct { TLSConfig *TLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` } -// PrometheusTracingConfigApplyConfiguration constructs an declarative configuration of the PrometheusTracingConfig type for use with +// PrometheusTracingConfigApplyConfiguration constructs a declarative configuration of the PrometheusTracingConfig type for use with // apply. func PrometheusTracingConfig() *PrometheusTracingConfigApplyConfiguration { return &PrometheusTracingConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/prometheuswebspec.go b/pkg/client/applyconfiguration/monitoring/v1/prometheuswebspec.go index 714556fa260..c312f0d0a9e 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/prometheuswebspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/prometheuswebspec.go @@ -16,7 +16,7 @@ package v1 -// PrometheusWebSpecApplyConfiguration represents an declarative configuration of the PrometheusWebSpec type for use +// PrometheusWebSpecApplyConfiguration represents a declarative configuration of the PrometheusWebSpec type for use // with apply. type PrometheusWebSpecApplyConfiguration struct { WebConfigFileFieldsApplyConfiguration `json:",inline"` @@ -24,7 +24,7 @@ type PrometheusWebSpecApplyConfiguration struct { MaxConnections *int32 `json:"maxConnections,omitempty"` } -// PrometheusWebSpecApplyConfiguration constructs an declarative configuration of the PrometheusWebSpec type for use with +// PrometheusWebSpecApplyConfiguration constructs a declarative configuration of the PrometheusWebSpec type for use with // apply. func PrometheusWebSpec() *PrometheusWebSpecApplyConfiguration { return &PrometheusWebSpecApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/proxyconfig.go b/pkg/client/applyconfiguration/monitoring/v1/proxyconfig.go index 21eef8243f3..9af4f9eecd5 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/proxyconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/proxyconfig.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// ProxyConfigApplyConfiguration represents an declarative configuration of the ProxyConfig type for use +// ProxyConfigApplyConfiguration represents a declarative configuration of the ProxyConfig type for use // with apply. type ProxyConfigApplyConfiguration struct { ProxyURL *string `json:"proxyUrl,omitempty"` @@ -29,7 +29,7 @@ type ProxyConfigApplyConfiguration struct { ProxyConnectHeader map[string][]v1.SecretKeySelector `json:"proxyConnectHeader,omitempty"` } -// ProxyConfigApplyConfiguration constructs an declarative configuration of the ProxyConfig type for use with +// ProxyConfigApplyConfiguration constructs a declarative configuration of the ProxyConfig type for use with // apply. func ProxyConfig() *ProxyConfigApplyConfiguration { return &ProxyConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/queryspec.go b/pkg/client/applyconfiguration/monitoring/v1/queryspec.go index f3cef07283e..9634469ff17 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/queryspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/queryspec.go @@ -20,7 +20,7 @@ import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" ) -// QuerySpecApplyConfiguration represents an declarative configuration of the QuerySpec type for use +// QuerySpecApplyConfiguration represents a declarative configuration of the QuerySpec type for use // with apply. type QuerySpecApplyConfiguration struct { LookbackDelta *string `json:"lookbackDelta,omitempty"` @@ -29,7 +29,7 @@ type QuerySpecApplyConfiguration struct { Timeout *v1.Duration `json:"timeout,omitempty"` } -// QuerySpecApplyConfiguration constructs an declarative configuration of the QuerySpec type for use with +// QuerySpecApplyConfiguration constructs a declarative configuration of the QuerySpec type for use with // apply. func QuerySpec() *QuerySpecApplyConfiguration { return &QuerySpecApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/queueconfig.go b/pkg/client/applyconfiguration/monitoring/v1/queueconfig.go index b8f9953edf0..cede032ddc4 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/queueconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/queueconfig.go @@ -20,7 +20,7 @@ import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" ) -// QueueConfigApplyConfiguration represents an declarative configuration of the QueueConfig type for use +// QueueConfigApplyConfiguration represents a declarative configuration of the QueueConfig type for use // with apply. type QueueConfigApplyConfiguration struct { Capacity *int `json:"capacity,omitempty"` @@ -35,7 +35,7 @@ type QueueConfigApplyConfiguration struct { SampleAgeLimit *v1.Duration `json:"sampleAgeLimit,omitempty"` } -// QueueConfigApplyConfiguration constructs an declarative configuration of the QueueConfig type for use with +// QueueConfigApplyConfiguration constructs a declarative configuration of the QueueConfig type for use with // apply. func QueueConfig() *QueueConfigApplyConfiguration { return &QueueConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/relabelconfig.go b/pkg/client/applyconfiguration/monitoring/v1/relabelconfig.go index f52f4a3163e..d402e8ba231 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/relabelconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/relabelconfig.go @@ -20,7 +20,7 @@ import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" ) -// RelabelConfigApplyConfiguration represents an declarative configuration of the RelabelConfig type for use +// RelabelConfigApplyConfiguration represents a declarative configuration of the RelabelConfig type for use // with apply. type RelabelConfigApplyConfiguration struct { SourceLabels []v1.LabelName `json:"sourceLabels,omitempty"` @@ -32,7 +32,7 @@ type RelabelConfigApplyConfiguration struct { Action *string `json:"action,omitempty"` } -// RelabelConfigApplyConfiguration constructs an declarative configuration of the RelabelConfig type for use with +// RelabelConfigApplyConfiguration constructs a declarative configuration of the RelabelConfig type for use with // apply. func RelabelConfig() *RelabelConfigApplyConfiguration { return &RelabelConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/remotereadspec.go b/pkg/client/applyconfiguration/monitoring/v1/remotereadspec.go index 1c4dd930ab7..612734ceffa 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/remotereadspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/remotereadspec.go @@ -21,7 +21,7 @@ import ( corev1 "k8s.io/api/core/v1" ) -// RemoteReadSpecApplyConfiguration represents an declarative configuration of the RemoteReadSpec type for use +// RemoteReadSpecApplyConfiguration represents a declarative configuration of the RemoteReadSpec type for use // with apply. type RemoteReadSpecApplyConfiguration struct { URL *string `json:"url,omitempty"` @@ -41,7 +41,7 @@ type RemoteReadSpecApplyConfiguration struct { FilterExternalLabels *bool `json:"filterExternalLabels,omitempty"` } -// RemoteReadSpecApplyConfiguration constructs an declarative configuration of the RemoteReadSpec type for use with +// RemoteReadSpecApplyConfiguration constructs a declarative configuration of the RemoteReadSpec type for use with // apply. func RemoteReadSpec() *RemoteReadSpecApplyConfiguration { return &RemoteReadSpecApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/remotewritespec.go b/pkg/client/applyconfiguration/monitoring/v1/remotewritespec.go index 5aa71de8116..0fb019eb7a1 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/remotewritespec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/remotewritespec.go @@ -21,11 +21,12 @@ import ( corev1 "k8s.io/api/core/v1" ) -// RemoteWriteSpecApplyConfiguration represents an declarative configuration of the RemoteWriteSpec type for use +// RemoteWriteSpecApplyConfiguration represents a declarative configuration of the RemoteWriteSpec type for use // with apply. type RemoteWriteSpecApplyConfiguration struct { URL *string `json:"url,omitempty"` Name *string `json:"name,omitempty"` + MessageVersion *v1.RemoteWriteMessageVersion `json:"messageVersion,omitempty"` SendExemplars *bool `json:"sendExemplars,omitempty"` SendNativeHistograms *bool `json:"sendNativeHistograms,omitempty"` RemoteTimeout *v1.Duration `json:"remoteTimeout,omitempty"` @@ -46,7 +47,7 @@ type RemoteWriteSpecApplyConfiguration struct { EnableHttp2 *bool `json:"enableHTTP2,omitempty"` } -// RemoteWriteSpecApplyConfiguration constructs an declarative configuration of the RemoteWriteSpec type for use with +// RemoteWriteSpecApplyConfiguration constructs a declarative configuration of the RemoteWriteSpec type for use with // apply. func RemoteWriteSpec() *RemoteWriteSpecApplyConfiguration { return &RemoteWriteSpecApplyConfiguration{} @@ -68,6 +69,14 @@ func (b *RemoteWriteSpecApplyConfiguration) WithName(value string) *RemoteWriteS return b } +// WithMessageVersion sets the MessageVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MessageVersion field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithMessageVersion(value v1.RemoteWriteMessageVersion) *RemoteWriteSpecApplyConfiguration { + b.MessageVersion = &value + return b +} + // WithSendExemplars sets the SendExemplars field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the SendExemplars field is set to the value of the last call. diff --git a/pkg/client/applyconfiguration/monitoring/v1/rule.go b/pkg/client/applyconfiguration/monitoring/v1/rule.go index 8cbc73c896a..82a25bfada0 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/rule.go +++ b/pkg/client/applyconfiguration/monitoring/v1/rule.go @@ -21,7 +21,7 @@ import ( intstr "k8s.io/apimachinery/pkg/util/intstr" ) -// RuleApplyConfiguration represents an declarative configuration of the Rule type for use +// RuleApplyConfiguration represents a declarative configuration of the Rule type for use // with apply. type RuleApplyConfiguration struct { Record *string `json:"record,omitempty"` @@ -33,7 +33,7 @@ type RuleApplyConfiguration struct { Annotations map[string]string `json:"annotations,omitempty"` } -// RuleApplyConfiguration constructs an declarative configuration of the Rule type for use with +// RuleApplyConfiguration constructs a declarative configuration of the Rule type for use with // apply. func Rule() *RuleApplyConfiguration { return &RuleApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/rulegroup.go b/pkg/client/applyconfiguration/monitoring/v1/rulegroup.go index c2b5c52802e..1e69ac4fda6 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/rulegroup.go +++ b/pkg/client/applyconfiguration/monitoring/v1/rulegroup.go @@ -20,17 +20,18 @@ import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" ) -// RuleGroupApplyConfiguration represents an declarative configuration of the RuleGroup type for use +// RuleGroupApplyConfiguration represents a declarative configuration of the RuleGroup type for use // with apply. type RuleGroupApplyConfiguration struct { Name *string `json:"name,omitempty"` Interval *v1.Duration `json:"interval,omitempty"` + QueryOffset *v1.Duration `json:"query_offset,omitempty"` Rules []RuleApplyConfiguration `json:"rules,omitempty"` PartialResponseStrategy *string `json:"partial_response_strategy,omitempty"` Limit *int `json:"limit,omitempty"` } -// RuleGroupApplyConfiguration constructs an declarative configuration of the RuleGroup type for use with +// RuleGroupApplyConfiguration constructs a declarative configuration of the RuleGroup type for use with // apply. func RuleGroup() *RuleGroupApplyConfiguration { return &RuleGroupApplyConfiguration{} @@ -52,6 +53,14 @@ func (b *RuleGroupApplyConfiguration) WithInterval(value v1.Duration) *RuleGroup return b } +// WithQueryOffset sets the QueryOffset field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the QueryOffset field is set to the value of the last call. +func (b *RuleGroupApplyConfiguration) WithQueryOffset(value v1.Duration) *RuleGroupApplyConfiguration { + b.QueryOffset = &value + return b +} + // WithRules adds the given value to the Rules field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the Rules field. diff --git a/pkg/client/applyconfiguration/monitoring/v1/rules.go b/pkg/client/applyconfiguration/monitoring/v1/rules.go index a9dcf982a04..1ae1e1f9f78 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/rules.go +++ b/pkg/client/applyconfiguration/monitoring/v1/rules.go @@ -16,13 +16,13 @@ package v1 -// RulesApplyConfiguration represents an declarative configuration of the Rules type for use +// RulesApplyConfiguration represents a declarative configuration of the Rules type for use // with apply. type RulesApplyConfiguration struct { Alert *RulesAlertApplyConfiguration `json:"alert,omitempty"` } -// RulesApplyConfiguration constructs an declarative configuration of the Rules type for use with +// RulesApplyConfiguration constructs a declarative configuration of the Rules type for use with // apply. func Rules() *RulesApplyConfiguration { return &RulesApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/rulesalert.go b/pkg/client/applyconfiguration/monitoring/v1/rulesalert.go index 8ad9ddbdde4..9428363f911 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/rulesalert.go +++ b/pkg/client/applyconfiguration/monitoring/v1/rulesalert.go @@ -16,7 +16,7 @@ package v1 -// RulesAlertApplyConfiguration represents an declarative configuration of the RulesAlert type for use +// RulesAlertApplyConfiguration represents a declarative configuration of the RulesAlert type for use // with apply. type RulesAlertApplyConfiguration struct { ForOutageTolerance *string `json:"forOutageTolerance,omitempty"` @@ -24,7 +24,7 @@ type RulesAlertApplyConfiguration struct { ResendDelay *string `json:"resendDelay,omitempty"` } -// RulesAlertApplyConfiguration constructs an declarative configuration of the RulesAlert type for use with +// RulesAlertApplyConfiguration constructs a declarative configuration of the RulesAlert type for use with // apply. func RulesAlert() *RulesAlertApplyConfiguration { return &RulesAlertApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/runtimeconfig.go b/pkg/client/applyconfiguration/monitoring/v1/runtimeconfig.go new file mode 100644 index 00000000000..2e65f6c75de --- /dev/null +++ b/pkg/client/applyconfiguration/monitoring/v1/runtimeconfig.go @@ -0,0 +1,37 @@ +// Copyright The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// RuntimeConfigApplyConfiguration represents a declarative configuration of the RuntimeConfig type for use +// with apply. +type RuntimeConfigApplyConfiguration struct { + GoGC *int32 `json:"goGC,omitempty"` +} + +// RuntimeConfigApplyConfiguration constructs a declarative configuration of the RuntimeConfig type for use with +// apply. +func RuntimeConfig() *RuntimeConfigApplyConfiguration { + return &RuntimeConfigApplyConfiguration{} +} + +// WithGoGC sets the GoGC field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GoGC field is set to the value of the last call. +func (b *RuntimeConfigApplyConfiguration) WithGoGC(value int32) *RuntimeConfigApplyConfiguration { + b.GoGC = &value + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/safeauthorization.go b/pkg/client/applyconfiguration/monitoring/v1/safeauthorization.go index 9a7967ee2be..fe5536f3bc2 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/safeauthorization.go +++ b/pkg/client/applyconfiguration/monitoring/v1/safeauthorization.go @@ -20,14 +20,14 @@ import ( v1 "k8s.io/api/core/v1" ) -// SafeAuthorizationApplyConfiguration represents an declarative configuration of the SafeAuthorization type for use +// SafeAuthorizationApplyConfiguration represents a declarative configuration of the SafeAuthorization type for use // with apply. type SafeAuthorizationApplyConfiguration struct { Type *string `json:"type,omitempty"` Credentials *v1.SecretKeySelector `json:"credentials,omitempty"` } -// SafeAuthorizationApplyConfiguration constructs an declarative configuration of the SafeAuthorization type for use with +// SafeAuthorizationApplyConfiguration constructs a declarative configuration of the SafeAuthorization type for use with // apply. func SafeAuthorization() *SafeAuthorizationApplyConfiguration { return &SafeAuthorizationApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/safetlsconfig.go b/pkg/client/applyconfiguration/monitoring/v1/safetlsconfig.go index 9b5bde7d00a..dfc1cb31d9c 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/safetlsconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/safetlsconfig.go @@ -17,10 +17,11 @@ package v1 import ( + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" corev1 "k8s.io/api/core/v1" ) -// SafeTLSConfigApplyConfiguration represents an declarative configuration of the SafeTLSConfig type for use +// SafeTLSConfigApplyConfiguration represents a declarative configuration of the SafeTLSConfig type for use // with apply. type SafeTLSConfigApplyConfiguration struct { CA *SecretOrConfigMapApplyConfiguration `json:"ca,omitempty"` @@ -28,9 +29,11 @@ type SafeTLSConfigApplyConfiguration struct { KeySecret *corev1.SecretKeySelector `json:"keySecret,omitempty"` ServerName *string `json:"serverName,omitempty"` InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"` + MinVersion *monitoringv1.TLSVersion `json:"minVersion,omitempty"` + MaxVersion *monitoringv1.TLSVersion `json:"maxVersion,omitempty"` } -// SafeTLSConfigApplyConfiguration constructs an declarative configuration of the SafeTLSConfig type for use with +// SafeTLSConfigApplyConfiguration constructs a declarative configuration of the SafeTLSConfig type for use with // apply. func SafeTLSConfig() *SafeTLSConfigApplyConfiguration { return &SafeTLSConfigApplyConfiguration{} @@ -75,3 +78,19 @@ func (b *SafeTLSConfigApplyConfiguration) WithInsecureSkipVerify(value bool) *Sa b.InsecureSkipVerify = &value return b } + +// WithMinVersion sets the MinVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MinVersion field is set to the value of the last call. +func (b *SafeTLSConfigApplyConfiguration) WithMinVersion(value monitoringv1.TLSVersion) *SafeTLSConfigApplyConfiguration { + b.MinVersion = &value + return b +} + +// WithMaxVersion sets the MaxVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MaxVersion field is set to the value of the last call. +func (b *SafeTLSConfigApplyConfiguration) WithMaxVersion(value monitoringv1.TLSVersion) *SafeTLSConfigApplyConfiguration { + b.MaxVersion = &value + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/scrapeclass.go b/pkg/client/applyconfiguration/monitoring/v1/scrapeclass.go index e3e70808090..f4c07fa5332 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/scrapeclass.go +++ b/pkg/client/applyconfiguration/monitoring/v1/scrapeclass.go @@ -16,7 +16,7 @@ package v1 -// ScrapeClassApplyConfiguration represents an declarative configuration of the ScrapeClass type for use +// ScrapeClassApplyConfiguration represents a declarative configuration of the ScrapeClass type for use // with apply. type ScrapeClassApplyConfiguration struct { Name *string `json:"name,omitempty"` @@ -24,9 +24,10 @@ type ScrapeClassApplyConfiguration struct { TLSConfig *TLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` Relabelings []RelabelConfigApplyConfiguration `json:"relabelings,omitempty"` MetricRelabelings []RelabelConfigApplyConfiguration `json:"metricRelabelings,omitempty"` + AttachMetadata *AttachMetadataApplyConfiguration `json:"attachMetadata,omitempty"` } -// ScrapeClassApplyConfiguration constructs an declarative configuration of the ScrapeClass type for use with +// ScrapeClassApplyConfiguration constructs a declarative configuration of the ScrapeClass type for use with // apply. func ScrapeClass() *ScrapeClassApplyConfiguration { return &ScrapeClassApplyConfiguration{} @@ -81,3 +82,11 @@ func (b *ScrapeClassApplyConfiguration) WithMetricRelabelings(values ...*Relabel } return b } + +// WithAttachMetadata sets the AttachMetadata field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AttachMetadata field is set to the value of the last call. +func (b *ScrapeClassApplyConfiguration) WithAttachMetadata(value *AttachMetadataApplyConfiguration) *ScrapeClassApplyConfiguration { + b.AttachMetadata = value + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/secretorconfigmap.go b/pkg/client/applyconfiguration/monitoring/v1/secretorconfigmap.go index 4e633187d42..58445156fbf 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/secretorconfigmap.go +++ b/pkg/client/applyconfiguration/monitoring/v1/secretorconfigmap.go @@ -20,14 +20,14 @@ import ( v1 "k8s.io/api/core/v1" ) -// SecretOrConfigMapApplyConfiguration represents an declarative configuration of the SecretOrConfigMap type for use +// SecretOrConfigMapApplyConfiguration represents a declarative configuration of the SecretOrConfigMap type for use // with apply. type SecretOrConfigMapApplyConfiguration struct { Secret *v1.SecretKeySelector `json:"secret,omitempty"` ConfigMap *v1.ConfigMapKeySelector `json:"configMap,omitempty"` } -// SecretOrConfigMapApplyConfiguration constructs an declarative configuration of the SecretOrConfigMap type for use with +// SecretOrConfigMapApplyConfiguration constructs a declarative configuration of the SecretOrConfigMap type for use with // apply. func SecretOrConfigMap() *SecretOrConfigMapApplyConfiguration { return &SecretOrConfigMapApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/servicemonitor.go b/pkg/client/applyconfiguration/monitoring/v1/servicemonitor.go index 6b87ef476ea..04bb73bc76f 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/servicemonitor.go +++ b/pkg/client/applyconfiguration/monitoring/v1/servicemonitor.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// ServiceMonitorApplyConfiguration represents an declarative configuration of the ServiceMonitor type for use +// ServiceMonitorApplyConfiguration represents a declarative configuration of the ServiceMonitor type for use // with apply. type ServiceMonitorApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` @@ -30,7 +30,7 @@ type ServiceMonitorApplyConfiguration struct { Spec *ServiceMonitorSpecApplyConfiguration `json:"spec,omitempty"` } -// ServiceMonitor constructs an declarative configuration of the ServiceMonitor type for use with +// ServiceMonitor constructs a declarative configuration of the ServiceMonitor type for use with // apply. func ServiceMonitor(name, namespace string) *ServiceMonitorApplyConfiguration { b := &ServiceMonitorApplyConfiguration{} @@ -206,3 +206,9 @@ func (b *ServiceMonitorApplyConfiguration) WithSpec(value *ServiceMonitorSpecApp b.Spec = value return b } + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *ServiceMonitorApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.Name +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/servicemonitorspec.go b/pkg/client/applyconfiguration/monitoring/v1/servicemonitorspec.go index 960faa850a2..9c3cf14d6ca 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/servicemonitorspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/servicemonitorspec.go @@ -18,31 +18,33 @@ package v1 import ( monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + resource "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// ServiceMonitorSpecApplyConfiguration represents an declarative configuration of the ServiceMonitorSpec type for use +// ServiceMonitorSpecApplyConfiguration represents a declarative configuration of the ServiceMonitorSpec type for use // with apply. type ServiceMonitorSpecApplyConfiguration struct { - JobLabel *string `json:"jobLabel,omitempty"` - TargetLabels []string `json:"targetLabels,omitempty"` - PodTargetLabels []string `json:"podTargetLabels,omitempty"` - Endpoints []EndpointApplyConfiguration `json:"endpoints,omitempty"` - Selector *metav1.LabelSelectorApplyConfiguration `json:"selector,omitempty"` - NamespaceSelector *NamespaceSelectorApplyConfiguration `json:"namespaceSelector,omitempty"` - SampleLimit *uint64 `json:"sampleLimit,omitempty"` - ScrapeProtocols []monitoringv1.ScrapeProtocol `json:"scrapeProtocols,omitempty"` - TargetLimit *uint64 `json:"targetLimit,omitempty"` - LabelLimit *uint64 `json:"labelLimit,omitempty"` - LabelNameLengthLimit *uint64 `json:"labelNameLengthLimit,omitempty"` - LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` - KeepDroppedTargets *uint64 `json:"keepDroppedTargets,omitempty"` - AttachMetadata *AttachMetadataApplyConfiguration `json:"attachMetadata,omitempty"` - ScrapeClassName *string `json:"scrapeClass,omitempty"` - BodySizeLimit *monitoringv1.ByteSize `json:"bodySizeLimit,omitempty"` -} - -// ServiceMonitorSpecApplyConfiguration constructs an declarative configuration of the ServiceMonitorSpec type for use with + JobLabel *string `json:"jobLabel,omitempty"` + TargetLabels []string `json:"targetLabels,omitempty"` + PodTargetLabels []string `json:"podTargetLabels,omitempty"` + Endpoints []EndpointApplyConfiguration `json:"endpoints,omitempty"` + Selector *metav1.LabelSelectorApplyConfiguration `json:"selector,omitempty"` + NamespaceSelector *NamespaceSelectorApplyConfiguration `json:"namespaceSelector,omitempty"` + SampleLimit *uint64 `json:"sampleLimit,omitempty"` + ScrapeProtocols []monitoringv1.ScrapeProtocol `json:"scrapeProtocols,omitempty"` + TargetLimit *uint64 `json:"targetLimit,omitempty"` + LabelLimit *uint64 `json:"labelLimit,omitempty"` + LabelNameLengthLimit *uint64 `json:"labelNameLengthLimit,omitempty"` + LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` + NativeHistogramConfigApplyConfiguration `json:",inline"` + KeepDroppedTargets *uint64 `json:"keepDroppedTargets,omitempty"` + AttachMetadata *AttachMetadataApplyConfiguration `json:"attachMetadata,omitempty"` + ScrapeClassName *string `json:"scrapeClass,omitempty"` + BodySizeLimit *monitoringv1.ByteSize `json:"bodySizeLimit,omitempty"` +} + +// ServiceMonitorSpecApplyConfiguration constructs a declarative configuration of the ServiceMonitorSpec type for use with // apply. func ServiceMonitorSpec() *ServiceMonitorSpecApplyConfiguration { return &ServiceMonitorSpecApplyConfiguration{} @@ -155,6 +157,30 @@ func (b *ServiceMonitorSpecApplyConfiguration) WithLabelValueLengthLimit(value u return b } +// WithScrapeClassicHistograms sets the ScrapeClassicHistograms field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ScrapeClassicHistograms field is set to the value of the last call. +func (b *ServiceMonitorSpecApplyConfiguration) WithScrapeClassicHistograms(value bool) *ServiceMonitorSpecApplyConfiguration { + b.ScrapeClassicHistograms = &value + return b +} + +// WithNativeHistogramBucketLimit sets the NativeHistogramBucketLimit field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NativeHistogramBucketLimit field is set to the value of the last call. +func (b *ServiceMonitorSpecApplyConfiguration) WithNativeHistogramBucketLimit(value uint64) *ServiceMonitorSpecApplyConfiguration { + b.NativeHistogramBucketLimit = &value + return b +} + +// WithNativeHistogramMinBucketFactor sets the NativeHistogramMinBucketFactor field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NativeHistogramMinBucketFactor field is set to the value of the last call. +func (b *ServiceMonitorSpecApplyConfiguration) WithNativeHistogramMinBucketFactor(value resource.Quantity) *ServiceMonitorSpecApplyConfiguration { + b.NativeHistogramMinBucketFactor = &value + return b +} + // WithKeepDroppedTargets sets the KeepDroppedTargets field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the KeepDroppedTargets field is set to the value of the last call. diff --git a/pkg/client/applyconfiguration/monitoring/v1/shardstatus.go b/pkg/client/applyconfiguration/monitoring/v1/shardstatus.go index f595bac2bd3..dc99ebb0ce3 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/shardstatus.go +++ b/pkg/client/applyconfiguration/monitoring/v1/shardstatus.go @@ -16,7 +16,7 @@ package v1 -// ShardStatusApplyConfiguration represents an declarative configuration of the ShardStatus type for use +// ShardStatusApplyConfiguration represents a declarative configuration of the ShardStatus type for use // with apply. type ShardStatusApplyConfiguration struct { ShardID *string `json:"shardID,omitempty"` @@ -26,7 +26,7 @@ type ShardStatusApplyConfiguration struct { UnavailableReplicas *int32 `json:"unavailableReplicas,omitempty"` } -// ShardStatusApplyConfiguration constructs an declarative configuration of the ShardStatus type for use with +// ShardStatusApplyConfiguration constructs a declarative configuration of the ShardStatus type for use with // apply. func ShardStatus() *ShardStatusApplyConfiguration { return &ShardStatusApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/sigv4.go b/pkg/client/applyconfiguration/monitoring/v1/sigv4.go index 65c29408639..1a00d5460b5 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/sigv4.go +++ b/pkg/client/applyconfiguration/monitoring/v1/sigv4.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// Sigv4ApplyConfiguration represents an declarative configuration of the Sigv4 type for use +// Sigv4ApplyConfiguration represents a declarative configuration of the Sigv4 type for use // with apply. type Sigv4ApplyConfiguration struct { Region *string `json:"region,omitempty"` @@ -30,7 +30,7 @@ type Sigv4ApplyConfiguration struct { RoleArn *string `json:"roleArn,omitempty"` } -// Sigv4ApplyConfiguration constructs an declarative configuration of the Sigv4 type for use with +// Sigv4ApplyConfiguration constructs a declarative configuration of the Sigv4 type for use with // apply. func Sigv4() *Sigv4ApplyConfiguration { return &Sigv4ApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/storagespec.go b/pkg/client/applyconfiguration/monitoring/v1/storagespec.go index 7817f8011ef..8d1ad2b981b 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/storagespec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/storagespec.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// StorageSpecApplyConfiguration represents an declarative configuration of the StorageSpec type for use +// StorageSpecApplyConfiguration represents a declarative configuration of the StorageSpec type for use // with apply. type StorageSpecApplyConfiguration struct { DisableMountSubPath *bool `json:"disableMountSubPath,omitempty"` @@ -29,7 +29,7 @@ type StorageSpecApplyConfiguration struct { VolumeClaimTemplate *EmbeddedPersistentVolumeClaimApplyConfiguration `json:"volumeClaimTemplate,omitempty"` } -// StorageSpecApplyConfiguration constructs an declarative configuration of the StorageSpec type for use with +// StorageSpecApplyConfiguration constructs a declarative configuration of the StorageSpec type for use with // apply. func StorageSpec() *StorageSpecApplyConfiguration { return &StorageSpecApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/thanosruler.go b/pkg/client/applyconfiguration/monitoring/v1/thanosruler.go index fd80ebd74eb..c27b2f2693d 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/thanosruler.go +++ b/pkg/client/applyconfiguration/monitoring/v1/thanosruler.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// ThanosRulerApplyConfiguration represents an declarative configuration of the ThanosRuler type for use +// ThanosRulerApplyConfiguration represents a declarative configuration of the ThanosRuler type for use // with apply. type ThanosRulerApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` @@ -31,7 +31,7 @@ type ThanosRulerApplyConfiguration struct { Status *ThanosRulerStatusApplyConfiguration `json:"status,omitempty"` } -// ThanosRuler constructs an declarative configuration of the ThanosRuler type for use with +// ThanosRuler constructs a declarative configuration of the ThanosRuler type for use with // apply. func ThanosRuler(name, namespace string) *ThanosRulerApplyConfiguration { b := &ThanosRulerApplyConfiguration{} @@ -215,3 +215,9 @@ func (b *ThanosRulerApplyConfiguration) WithStatus(value *ThanosRulerStatusApply b.Status = value return b } + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *ThanosRulerApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.Name +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/thanosrulerspec.go b/pkg/client/applyconfiguration/monitoring/v1/thanosrulerspec.go index cf76d2ea201..539b4598855 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/thanosrulerspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/thanosrulerspec.go @@ -22,7 +22,7 @@ import ( metav1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// ThanosRulerSpecApplyConfiguration represents an declarative configuration of the ThanosRulerSpec type for use +// ThanosRulerSpecApplyConfiguration represents a declarative configuration of the ThanosRulerSpec type for use // with apply. type ThanosRulerSpecApplyConfiguration struct { Version *string `json:"version,omitempty"` @@ -38,6 +38,8 @@ type ThanosRulerSpecApplyConfiguration struct { Tolerations []corev1.Toleration `json:"tolerations,omitempty"` TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"` + DNSPolicy *monitoringv1.DNSPolicy `json:"dnsPolicy,omitempty"` + DNSConfig *PodDNSConfigApplyConfiguration `json:"dnsConfig,omitempty"` PriorityClassName *string `json:"priorityClassName,omitempty"` ServiceAccountName *string `json:"serviceAccountName,omitempty"` Storage *StorageSpecApplyConfiguration `json:"storage,omitempty"` @@ -78,7 +80,7 @@ type ThanosRulerSpecApplyConfiguration struct { Web *ThanosRulerWebSpecApplyConfiguration `json:"web,omitempty"` } -// ThanosRulerSpecApplyConfiguration constructs an declarative configuration of the ThanosRulerSpec type for use with +// ThanosRulerSpecApplyConfiguration constructs a declarative configuration of the ThanosRulerSpec type for use with // apply. func ThanosRulerSpec() *ThanosRulerSpecApplyConfiguration { return &ThanosRulerSpecApplyConfiguration{} @@ -200,6 +202,22 @@ func (b *ThanosRulerSpecApplyConfiguration) WithSecurityContext(value corev1.Pod return b } +// WithDNSPolicy sets the DNSPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSPolicy field is set to the value of the last call. +func (b *ThanosRulerSpecApplyConfiguration) WithDNSPolicy(value monitoringv1.DNSPolicy) *ThanosRulerSpecApplyConfiguration { + b.DNSPolicy = &value + return b +} + +// WithDNSConfig sets the DNSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSConfig field is set to the value of the last call. +func (b *ThanosRulerSpecApplyConfiguration) WithDNSConfig(value *PodDNSConfigApplyConfiguration) *ThanosRulerSpecApplyConfiguration { + b.DNSConfig = value + return b +} + // WithPriorityClassName sets the PriorityClassName field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the PriorityClassName field is set to the value of the last call. diff --git a/pkg/client/applyconfiguration/monitoring/v1/thanosrulerstatus.go b/pkg/client/applyconfiguration/monitoring/v1/thanosrulerstatus.go index dbd55d21b0d..e37031fb92e 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/thanosrulerstatus.go +++ b/pkg/client/applyconfiguration/monitoring/v1/thanosrulerstatus.go @@ -16,7 +16,7 @@ package v1 -// ThanosRulerStatusApplyConfiguration represents an declarative configuration of the ThanosRulerStatus type for use +// ThanosRulerStatusApplyConfiguration represents a declarative configuration of the ThanosRulerStatus type for use // with apply. type ThanosRulerStatusApplyConfiguration struct { Paused *bool `json:"paused,omitempty"` @@ -27,7 +27,7 @@ type ThanosRulerStatusApplyConfiguration struct { Conditions []ConditionApplyConfiguration `json:"conditions,omitempty"` } -// ThanosRulerStatusApplyConfiguration constructs an declarative configuration of the ThanosRulerStatus type for use with +// ThanosRulerStatusApplyConfiguration constructs a declarative configuration of the ThanosRulerStatus type for use with // apply. func ThanosRulerStatus() *ThanosRulerStatusApplyConfiguration { return &ThanosRulerStatusApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/thanosrulerwebspec.go b/pkg/client/applyconfiguration/monitoring/v1/thanosrulerwebspec.go index 52e0aa586b1..f5b5cf11d97 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/thanosrulerwebspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/thanosrulerwebspec.go @@ -16,13 +16,13 @@ package v1 -// ThanosRulerWebSpecApplyConfiguration represents an declarative configuration of the ThanosRulerWebSpec type for use +// ThanosRulerWebSpecApplyConfiguration represents a declarative configuration of the ThanosRulerWebSpec type for use // with apply. type ThanosRulerWebSpecApplyConfiguration struct { WebConfigFileFieldsApplyConfiguration `json:",inline"` } -// ThanosRulerWebSpecApplyConfiguration constructs an declarative configuration of the ThanosRulerWebSpec type for use with +// ThanosRulerWebSpecApplyConfiguration constructs a declarative configuration of the ThanosRulerWebSpec type for use with // apply. func ThanosRulerWebSpec() *ThanosRulerWebSpecApplyConfiguration { return &ThanosRulerWebSpecApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/thanosspec.go b/pkg/client/applyconfiguration/monitoring/v1/thanosspec.go index 91e01109de4..55474ec6db4 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/thanosspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/thanosspec.go @@ -21,7 +21,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// ThanosSpecApplyConfiguration represents an declarative configuration of the ThanosSpec type for use +// ThanosSpecApplyConfiguration represents a declarative configuration of the ThanosSpec type for use // with apply. type ThanosSpecApplyConfiguration struct { Image *string `json:"image,omitempty"` @@ -49,7 +49,7 @@ type ThanosSpecApplyConfiguration struct { AdditionalArgs []ArgumentApplyConfiguration `json:"additionalArgs,omitempty"` } -// ThanosSpecApplyConfiguration constructs an declarative configuration of the ThanosSpec type for use with +// ThanosSpecApplyConfiguration constructs a declarative configuration of the ThanosSpec type for use with // apply. func ThanosSpec() *ThanosSpecApplyConfiguration { return &ThanosSpecApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/tlsconfig.go b/pkg/client/applyconfiguration/monitoring/v1/tlsconfig.go index 6830ecc51fa..581b7145e0b 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/tlsconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/tlsconfig.go @@ -17,10 +17,11 @@ package v1 import ( + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" corev1 "k8s.io/api/core/v1" ) -// TLSConfigApplyConfiguration represents an declarative configuration of the TLSConfig type for use +// TLSConfigApplyConfiguration represents a declarative configuration of the TLSConfig type for use // with apply. type TLSConfigApplyConfiguration struct { SafeTLSConfigApplyConfiguration `json:",inline"` @@ -29,7 +30,7 @@ type TLSConfigApplyConfiguration struct { KeyFile *string `json:"keyFile,omitempty"` } -// TLSConfigApplyConfiguration constructs an declarative configuration of the TLSConfig type for use with +// TLSConfigApplyConfiguration constructs a declarative configuration of the TLSConfig type for use with // apply. func TLSConfig() *TLSConfigApplyConfiguration { return &TLSConfigApplyConfiguration{} @@ -75,6 +76,22 @@ func (b *TLSConfigApplyConfiguration) WithInsecureSkipVerify(value bool) *TLSCon return b } +// WithMinVersion sets the MinVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MinVersion field is set to the value of the last call. +func (b *TLSConfigApplyConfiguration) WithMinVersion(value monitoringv1.TLSVersion) *TLSConfigApplyConfiguration { + b.MinVersion = &value + return b +} + +// WithMaxVersion sets the MaxVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MaxVersion field is set to the value of the last call. +func (b *TLSConfigApplyConfiguration) WithMaxVersion(value monitoringv1.TLSVersion) *TLSConfigApplyConfiguration { + b.MaxVersion = &value + return b +} + // WithCAFile sets the CAFile field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the CAFile field is set to the value of the last call. diff --git a/pkg/client/applyconfiguration/monitoring/v1/topologyspreadconstraint.go b/pkg/client/applyconfiguration/monitoring/v1/topologyspreadconstraint.go index 8ce14df5ae8..6d02a7b4e26 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/topologyspreadconstraint.go +++ b/pkg/client/applyconfiguration/monitoring/v1/topologyspreadconstraint.go @@ -22,14 +22,14 @@ import ( metav1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// TopologySpreadConstraintApplyConfiguration represents an declarative configuration of the TopologySpreadConstraint type for use +// TopologySpreadConstraintApplyConfiguration represents a declarative configuration of the TopologySpreadConstraint type for use // with apply. type TopologySpreadConstraintApplyConfiguration struct { CoreV1TopologySpreadConstraintApplyConfiguration `json:",inline"` AdditionalLabelSelectors *monitoringv1.AdditionalLabelSelectors `json:"additionalLabelSelectors,omitempty"` } -// TopologySpreadConstraintApplyConfiguration constructs an declarative configuration of the TopologySpreadConstraint type for use with +// TopologySpreadConstraintApplyConfiguration constructs a declarative configuration of the TopologySpreadConstraint type for use with // apply. func TopologySpreadConstraint() *TopologySpreadConstraintApplyConfiguration { return &TopologySpreadConstraintApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/tsdbspec.go b/pkg/client/applyconfiguration/monitoring/v1/tsdbspec.go index fffda73cdeb..ff1836b6ff0 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/tsdbspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/tsdbspec.go @@ -20,13 +20,13 @@ import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" ) -// TSDBSpecApplyConfiguration represents an declarative configuration of the TSDBSpec type for use +// TSDBSpecApplyConfiguration represents a declarative configuration of the TSDBSpec type for use // with apply. type TSDBSpecApplyConfiguration struct { OutOfOrderTimeWindow *v1.Duration `json:"outOfOrderTimeWindow,omitempty"` } -// TSDBSpecApplyConfiguration constructs an declarative configuration of the TSDBSpec type for use with +// TSDBSpecApplyConfiguration constructs a declarative configuration of the TSDBSpec type for use with // apply. func TSDBSpec() *TSDBSpecApplyConfiguration { return &TSDBSpecApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/webconfigfilefields.go b/pkg/client/applyconfiguration/monitoring/v1/webconfigfilefields.go index ed0e0792d09..0c37e74cc01 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/webconfigfilefields.go +++ b/pkg/client/applyconfiguration/monitoring/v1/webconfigfilefields.go @@ -16,14 +16,14 @@ package v1 -// WebConfigFileFieldsApplyConfiguration represents an declarative configuration of the WebConfigFileFields type for use +// WebConfigFileFieldsApplyConfiguration represents a declarative configuration of the WebConfigFileFields type for use // with apply. type WebConfigFileFieldsApplyConfiguration struct { TLSConfig *WebTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` HTTPConfig *WebHTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// WebConfigFileFieldsApplyConfiguration constructs an declarative configuration of the WebConfigFileFields type for use with +// WebConfigFileFieldsApplyConfiguration constructs a declarative configuration of the WebConfigFileFields type for use with // apply. func WebConfigFileFields() *WebConfigFileFieldsApplyConfiguration { return &WebConfigFileFieldsApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/webhttpconfig.go b/pkg/client/applyconfiguration/monitoring/v1/webhttpconfig.go index b58aa6a9018..1f7f130d463 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/webhttpconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/webhttpconfig.go @@ -16,14 +16,14 @@ package v1 -// WebHTTPConfigApplyConfiguration represents an declarative configuration of the WebHTTPConfig type for use +// WebHTTPConfigApplyConfiguration represents a declarative configuration of the WebHTTPConfig type for use // with apply. type WebHTTPConfigApplyConfiguration struct { HTTP2 *bool `json:"http2,omitempty"` Headers *WebHTTPHeadersApplyConfiguration `json:"headers,omitempty"` } -// WebHTTPConfigApplyConfiguration constructs an declarative configuration of the WebHTTPConfig type for use with +// WebHTTPConfigApplyConfiguration constructs a declarative configuration of the WebHTTPConfig type for use with // apply. func WebHTTPConfig() *WebHTTPConfigApplyConfiguration { return &WebHTTPConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/webhttpheaders.go b/pkg/client/applyconfiguration/monitoring/v1/webhttpheaders.go index 0650767b1db..483b88d4945 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/webhttpheaders.go +++ b/pkg/client/applyconfiguration/monitoring/v1/webhttpheaders.go @@ -16,7 +16,7 @@ package v1 -// WebHTTPHeadersApplyConfiguration represents an declarative configuration of the WebHTTPHeaders type for use +// WebHTTPHeadersApplyConfiguration represents a declarative configuration of the WebHTTPHeaders type for use // with apply. type WebHTTPHeadersApplyConfiguration struct { ContentSecurityPolicy *string `json:"contentSecurityPolicy,omitempty"` @@ -26,7 +26,7 @@ type WebHTTPHeadersApplyConfiguration struct { StrictTransportSecurity *string `json:"strictTransportSecurity,omitempty"` } -// WebHTTPHeadersApplyConfiguration constructs an declarative configuration of the WebHTTPHeaders type for use with +// WebHTTPHeadersApplyConfiguration constructs a declarative configuration of the WebHTTPHeaders type for use with // apply. func WebHTTPHeaders() *WebHTTPHeadersApplyConfiguration { return &WebHTTPHeadersApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1/webtlsconfig.go b/pkg/client/applyconfiguration/monitoring/v1/webtlsconfig.go index 8bfd1f4c99b..690b468592e 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/webtlsconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/webtlsconfig.go @@ -17,37 +17,32 @@ package v1 import ( - v1 "k8s.io/api/core/v1" + corev1 "k8s.io/api/core/v1" ) -// WebTLSConfigApplyConfiguration represents an declarative configuration of the WebTLSConfig type for use +// WebTLSConfigApplyConfiguration represents a declarative configuration of the WebTLSConfig type for use // with apply. type WebTLSConfigApplyConfiguration struct { - KeySecret *v1.SecretKeySelector `json:"keySecret,omitempty"` Cert *SecretOrConfigMapApplyConfiguration `json:"cert,omitempty"` - ClientAuthType *string `json:"clientAuthType,omitempty"` ClientCA *SecretOrConfigMapApplyConfiguration `json:"client_ca,omitempty"` + KeySecret *corev1.SecretKeySelector `json:"keySecret,omitempty"` + ClientAuthType *string `json:"clientAuthType,omitempty"` MinVersion *string `json:"minVersion,omitempty"` MaxVersion *string `json:"maxVersion,omitempty"` CipherSuites []string `json:"cipherSuites,omitempty"` PreferServerCipherSuites *bool `json:"preferServerCipherSuites,omitempty"` CurvePreferences []string `json:"curvePreferences,omitempty"` + KeyFile *string `json:"keyFile,omitempty"` + CertFile *string `json:"certFile,omitempty"` + ClientCAFile *string `json:"clientCAFile,omitempty"` } -// WebTLSConfigApplyConfiguration constructs an declarative configuration of the WebTLSConfig type for use with +// WebTLSConfigApplyConfiguration constructs a declarative configuration of the WebTLSConfig type for use with // apply. func WebTLSConfig() *WebTLSConfigApplyConfiguration { return &WebTLSConfigApplyConfiguration{} } -// WithKeySecret sets the KeySecret field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the KeySecret field is set to the value of the last call. -func (b *WebTLSConfigApplyConfiguration) WithKeySecret(value v1.SecretKeySelector) *WebTLSConfigApplyConfiguration { - b.KeySecret = &value - return b -} - // WithCert sets the Cert field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Cert field is set to the value of the last call. @@ -56,14 +51,6 @@ func (b *WebTLSConfigApplyConfiguration) WithCert(value *SecretOrConfigMapApplyC return b } -// WithClientAuthType sets the ClientAuthType field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the ClientAuthType field is set to the value of the last call. -func (b *WebTLSConfigApplyConfiguration) WithClientAuthType(value string) *WebTLSConfigApplyConfiguration { - b.ClientAuthType = &value - return b -} - // WithClientCA sets the ClientCA field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the ClientCA field is set to the value of the last call. @@ -72,6 +59,22 @@ func (b *WebTLSConfigApplyConfiguration) WithClientCA(value *SecretOrConfigMapAp return b } +// WithKeySecret sets the KeySecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the KeySecret field is set to the value of the last call. +func (b *WebTLSConfigApplyConfiguration) WithKeySecret(value corev1.SecretKeySelector) *WebTLSConfigApplyConfiguration { + b.KeySecret = &value + return b +} + +// WithClientAuthType sets the ClientAuthType field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientAuthType field is set to the value of the last call. +func (b *WebTLSConfigApplyConfiguration) WithClientAuthType(value string) *WebTLSConfigApplyConfiguration { + b.ClientAuthType = &value + return b +} + // WithMinVersion sets the MinVersion field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the MinVersion field is set to the value of the last call. @@ -115,3 +118,27 @@ func (b *WebTLSConfigApplyConfiguration) WithCurvePreferences(values ...string) } return b } + +// WithKeyFile sets the KeyFile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the KeyFile field is set to the value of the last call. +func (b *WebTLSConfigApplyConfiguration) WithKeyFile(value string) *WebTLSConfigApplyConfiguration { + b.KeyFile = &value + return b +} + +// WithCertFile sets the CertFile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CertFile field is set to the value of the last call. +func (b *WebTLSConfigApplyConfiguration) WithCertFile(value string) *WebTLSConfigApplyConfiguration { + b.CertFile = &value + return b +} + +// WithClientCAFile sets the ClientCAFile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientCAFile field is set to the value of the last call. +func (b *WebTLSConfigApplyConfiguration) WithClientCAFile(value string) *WebTLSConfigApplyConfiguration { + b.ClientCAFile = &value + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/alertmanagerconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/alertmanagerconfig.go index 62eb676c6da..ba6904c72da 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/alertmanagerconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/alertmanagerconfig.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// AlertmanagerConfigApplyConfiguration represents an declarative configuration of the AlertmanagerConfig type for use +// AlertmanagerConfigApplyConfiguration represents a declarative configuration of the AlertmanagerConfig type for use // with apply. type AlertmanagerConfigApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` @@ -30,7 +30,7 @@ type AlertmanagerConfigApplyConfiguration struct { Spec *AlertmanagerConfigSpecApplyConfiguration `json:"spec,omitempty"` } -// AlertmanagerConfig constructs an declarative configuration of the AlertmanagerConfig type for use with +// AlertmanagerConfig constructs a declarative configuration of the AlertmanagerConfig type for use with // apply. func AlertmanagerConfig(name, namespace string) *AlertmanagerConfigApplyConfiguration { b := &AlertmanagerConfigApplyConfiguration{} @@ -206,3 +206,9 @@ func (b *AlertmanagerConfigApplyConfiguration) WithSpec(value *AlertmanagerConfi b.Spec = value return b } + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *AlertmanagerConfigApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.Name +} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/alertmanagerconfigspec.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/alertmanagerconfigspec.go index f0eae4765e4..5f56465bcdf 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/alertmanagerconfigspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/alertmanagerconfigspec.go @@ -16,7 +16,7 @@ package v1alpha1 -// AlertmanagerConfigSpecApplyConfiguration represents an declarative configuration of the AlertmanagerConfigSpec type for use +// AlertmanagerConfigSpecApplyConfiguration represents a declarative configuration of the AlertmanagerConfigSpec type for use // with apply. type AlertmanagerConfigSpecApplyConfiguration struct { Route *RouteApplyConfiguration `json:"route,omitempty"` @@ -25,7 +25,7 @@ type AlertmanagerConfigSpecApplyConfiguration struct { MuteTimeIntervals []MuteTimeIntervalApplyConfiguration `json:"muteTimeIntervals,omitempty"` } -// AlertmanagerConfigSpecApplyConfiguration constructs an declarative configuration of the AlertmanagerConfigSpec type for use with +// AlertmanagerConfigSpecApplyConfiguration constructs a declarative configuration of the AlertmanagerConfigSpec type for use with // apply. func AlertmanagerConfigSpec() *AlertmanagerConfigSpecApplyConfiguration { return &AlertmanagerConfigSpecApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/attachmetadata.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/attachmetadata.go index fee0256ca82..50cbdd3cd76 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/attachmetadata.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/attachmetadata.go @@ -16,13 +16,13 @@ package v1alpha1 -// AttachMetadataApplyConfiguration represents an declarative configuration of the AttachMetadata type for use +// AttachMetadataApplyConfiguration represents a declarative configuration of the AttachMetadata type for use // with apply. type AttachMetadataApplyConfiguration struct { Node *bool `json:"node,omitempty"` } -// AttachMetadataApplyConfiguration constructs an declarative configuration of the AttachMetadata type for use with +// AttachMetadataApplyConfiguration constructs a declarative configuration of the AttachMetadata type for use with // apply. func AttachMetadata() *AttachMetadataApplyConfiguration { return &AttachMetadataApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/azuresdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/azuresdconfig.go index 92ee156d0e7..32e75d00092 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/azuresdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/azuresdconfig.go @@ -21,7 +21,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// AzureSDConfigApplyConfiguration represents an declarative configuration of the AzureSDConfig type for use +// AzureSDConfigApplyConfiguration represents a declarative configuration of the AzureSDConfig type for use // with apply. type AzureSDConfigApplyConfiguration struct { Environment *string `json:"environment,omitempty"` @@ -35,7 +35,7 @@ type AzureSDConfigApplyConfiguration struct { Port *int `json:"port,omitempty"` } -// AzureSDConfigApplyConfiguration constructs an declarative configuration of the AzureSDConfig type for use with +// AzureSDConfigApplyConfiguration constructs a declarative configuration of the AzureSDConfig type for use with // apply. func AzureSDConfig() *AzureSDConfigApplyConfiguration { return &AzureSDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/consulsdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/consulsdconfig.go index dfbd69cb0dc..68fa456192b 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/consulsdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/consulsdconfig.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// ConsulSDConfigApplyConfiguration represents an declarative configuration of the ConsulSDConfig type for use +// ConsulSDConfigApplyConfiguration represents a declarative configuration of the ConsulSDConfig type for use // with apply. type ConsulSDConfigApplyConfiguration struct { Server *string `json:"server,omitempty"` @@ -46,7 +46,7 @@ type ConsulSDConfigApplyConfiguration struct { TLSConfig *applyconfigurationmonitoringv1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` } -// ConsulSDConfigApplyConfiguration constructs an declarative configuration of the ConsulSDConfig type for use with +// ConsulSDConfigApplyConfiguration constructs a declarative configuration of the ConsulSDConfig type for use with // apply. func ConsulSDConfig() *ConsulSDConfigApplyConfiguration { return &ConsulSDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/dayofmonthrange.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/dayofmonthrange.go index 0dc46a51805..782563d7c90 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/dayofmonthrange.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/dayofmonthrange.go @@ -16,14 +16,14 @@ package v1alpha1 -// DayOfMonthRangeApplyConfiguration represents an declarative configuration of the DayOfMonthRange type for use +// DayOfMonthRangeApplyConfiguration represents a declarative configuration of the DayOfMonthRange type for use // with apply. type DayOfMonthRangeApplyConfiguration struct { Start *int `json:"start,omitempty"` End *int `json:"end,omitempty"` } -// DayOfMonthRangeApplyConfiguration constructs an declarative configuration of the DayOfMonthRange type for use with +// DayOfMonthRangeApplyConfiguration constructs a declarative configuration of the DayOfMonthRange type for use with // apply. func DayOfMonthRange() *DayOfMonthRangeApplyConfiguration { return &DayOfMonthRangeApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/digitaloceansdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/digitaloceansdconfig.go index 71f1b077caa..61885712049 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/digitaloceansdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/digitaloceansdconfig.go @@ -22,7 +22,7 @@ import ( corev1 "k8s.io/api/core/v1" ) -// DigitalOceanSDConfigApplyConfiguration represents an declarative configuration of the DigitalOceanSDConfig type for use +// DigitalOceanSDConfigApplyConfiguration represents a declarative configuration of the DigitalOceanSDConfig type for use // with apply. type DigitalOceanSDConfigApplyConfiguration struct { Authorization *v1.SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` @@ -35,7 +35,7 @@ type DigitalOceanSDConfigApplyConfiguration struct { RefreshInterval *monitoringv1.Duration `json:"refreshInterval,omitempty"` } -// DigitalOceanSDConfigApplyConfiguration constructs an declarative configuration of the DigitalOceanSDConfig type for use with +// DigitalOceanSDConfigApplyConfiguration constructs a declarative configuration of the DigitalOceanSDConfig type for use with // apply. func DigitalOceanSDConfig() *DigitalOceanSDConfigApplyConfiguration { return &DigitalOceanSDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/discordconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/discordconfig.go index eb8c269148b..fecae446886 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/discordconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/discordconfig.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// DiscordConfigApplyConfiguration represents an declarative configuration of the DiscordConfig type for use +// DiscordConfigApplyConfiguration represents a declarative configuration of the DiscordConfig type for use // with apply. type DiscordConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -30,7 +30,7 @@ type DiscordConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// DiscordConfigApplyConfiguration constructs an declarative configuration of the DiscordConfig type for use with +// DiscordConfigApplyConfiguration constructs a declarative configuration of the DiscordConfig type for use with // apply. func DiscordConfig() *DiscordConfigApplyConfiguration { return &DiscordConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/dnssdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/dnssdconfig.go index a2531686598..514b4882180 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/dnssdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/dnssdconfig.go @@ -18,18 +18,19 @@ package v1alpha1 import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" ) -// DNSSDConfigApplyConfiguration represents an declarative configuration of the DNSSDConfig type for use +// DNSSDConfigApplyConfiguration represents a declarative configuration of the DNSSDConfig type for use // with apply. type DNSSDConfigApplyConfiguration struct { - Names []string `json:"names,omitempty"` - RefreshInterval *v1.Duration `json:"refreshInterval,omitempty"` - Type *string `json:"type,omitempty"` - Port *int `json:"port,omitempty"` + Names []string `json:"names,omitempty"` + RefreshInterval *v1.Duration `json:"refreshInterval,omitempty"` + Type *v1alpha1.DNSRecordType `json:"type,omitempty"` + Port *int32 `json:"port,omitempty"` } -// DNSSDConfigApplyConfiguration constructs an declarative configuration of the DNSSDConfig type for use with +// DNSSDConfigApplyConfiguration constructs a declarative configuration of the DNSSDConfig type for use with // apply. func DNSSDConfig() *DNSSDConfigApplyConfiguration { return &DNSSDConfigApplyConfiguration{} @@ -56,7 +57,7 @@ func (b *DNSSDConfigApplyConfiguration) WithRefreshInterval(value v1.Duration) * // WithType sets the Type field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Type field is set to the value of the last call. -func (b *DNSSDConfigApplyConfiguration) WithType(value string) *DNSSDConfigApplyConfiguration { +func (b *DNSSDConfigApplyConfiguration) WithType(value v1alpha1.DNSRecordType) *DNSSDConfigApplyConfiguration { b.Type = &value return b } @@ -64,7 +65,7 @@ func (b *DNSSDConfigApplyConfiguration) WithType(value string) *DNSSDConfigApply // WithPort sets the Port field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Port field is set to the value of the last call. -func (b *DNSSDConfigApplyConfiguration) WithPort(value int) *DNSSDConfigApplyConfiguration { +func (b *DNSSDConfigApplyConfiguration) WithPort(value int32) *DNSSDConfigApplyConfiguration { b.Port = &value return b } diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/dockersdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/dockersdconfig.go index 3ed0829d08a..75fc3279cd9 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/dockersdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/dockersdconfig.go @@ -18,11 +18,12 @@ package v1alpha1 import ( monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" v1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" corev1 "k8s.io/api/core/v1" ) -// DockerSDConfigApplyConfiguration represents an declarative configuration of the DockerSDConfig type for use +// DockerSDConfigApplyConfiguration represents a declarative configuration of the DockerSDConfig type for use // with apply. type DockerSDConfigApplyConfiguration struct { Host *string `json:"host,omitempty"` @@ -30,7 +31,8 @@ type DockerSDConfigApplyConfiguration struct { TLSConfig *v1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` Port *int `json:"port,omitempty"` HostNetworkingHost *string `json:"hostNetworkingHost,omitempty"` - Filters *[]DockerFilterApplyConfiguration `json:"filters,omitempty"` + MatchFirstNetwork *bool `json:"matchFirstNetwork,omitempty"` + Filters *v1alpha1.Filters `json:"filters,omitempty"` RefreshInterval *monitoringv1.Duration `json:"refreshInterval,omitempty"` BasicAuth *v1.BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` Authorization *v1.SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` @@ -39,7 +41,7 @@ type DockerSDConfigApplyConfiguration struct { EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` } -// DockerSDConfigApplyConfiguration constructs an declarative configuration of the DockerSDConfig type for use with +// DockerSDConfigApplyConfiguration constructs a declarative configuration of the DockerSDConfig type for use with // apply. func DockerSDConfig() *DockerSDConfigApplyConfiguration { return &DockerSDConfigApplyConfiguration{} @@ -115,23 +117,19 @@ func (b *DockerSDConfigApplyConfiguration) WithHostNetworkingHost(value string) return b } -func (b *DockerSDConfigApplyConfiguration) ensureDockerFilterApplyConfigurationExists() { - if b.Filters == nil { - b.Filters = &[]DockerFilterApplyConfiguration{} - } +// WithMatchFirstNetwork sets the MatchFirstNetwork field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MatchFirstNetwork field is set to the value of the last call. +func (b *DockerSDConfigApplyConfiguration) WithMatchFirstNetwork(value bool) *DockerSDConfigApplyConfiguration { + b.MatchFirstNetwork = &value + return b } -// WithFilters adds the given value to the Filters field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Filters field. -func (b *DockerSDConfigApplyConfiguration) WithFilters(values ...*DockerFilterApplyConfiguration) *DockerSDConfigApplyConfiguration { - b.ensureDockerFilterApplyConfigurationExists() - for i := range values { - if values[i] == nil { - panic("nil value passed to WithFilters") - } - *b.Filters = append(*b.Filters, *values[i]) - } +// WithFilters sets the Filters field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Filters field is set to the value of the last call. +func (b *DockerSDConfigApplyConfiguration) WithFilters(value v1alpha1.Filters) *DockerSDConfigApplyConfiguration { + b.Filters = &value return b } diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/dockerswarmsdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/dockerswarmsdconfig.go index 4d4189d2c57..7acc4c68af9 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/dockerswarmsdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/dockerswarmsdconfig.go @@ -18,17 +18,18 @@ package v1alpha1 import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" corev1 "k8s.io/api/core/v1" ) -// DockerSwarmSDConfigApplyConfiguration represents an declarative configuration of the DockerSwarmSDConfig type for use +// DockerSwarmSDConfigApplyConfiguration represents a declarative configuration of the DockerSwarmSDConfig type for use // with apply. type DockerSwarmSDConfigApplyConfiguration struct { Host *string `json:"host,omitempty"` Role *string `json:"role,omitempty"` Port *int32 `json:"port,omitempty"` - Filters []DockerSwarmFilterApplyConfiguration `json:"filters,omitempty"` + Filters *v1alpha1.Filters `json:"filters,omitempty"` RefreshInterval *v1.Duration `json:"refreshInterval,omitempty"` BasicAuth *monitoringv1.BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` Authorization *monitoringv1.SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` @@ -39,7 +40,7 @@ type DockerSwarmSDConfigApplyConfiguration struct { EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` } -// DockerSwarmSDConfigApplyConfiguration constructs an declarative configuration of the DockerSwarmSDConfig type for use with +// DockerSwarmSDConfigApplyConfiguration constructs a declarative configuration of the DockerSwarmSDConfig type for use with // apply. func DockerSwarmSDConfig() *DockerSwarmSDConfigApplyConfiguration { return &DockerSwarmSDConfigApplyConfiguration{} @@ -69,16 +70,11 @@ func (b *DockerSwarmSDConfigApplyConfiguration) WithPort(value int32) *DockerSwa return b } -// WithFilters adds the given value to the Filters field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Filters field. -func (b *DockerSwarmSDConfigApplyConfiguration) WithFilters(values ...*DockerSwarmFilterApplyConfiguration) *DockerSwarmSDConfigApplyConfiguration { - for i := range values { - if values[i] == nil { - panic("nil value passed to WithFilters") - } - b.Filters = append(b.Filters, *values[i]) - } +// WithFilters sets the Filters field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Filters field is set to the value of the last call. +func (b *DockerSwarmSDConfigApplyConfiguration) WithFilters(value v1alpha1.Filters) *DockerSwarmSDConfigApplyConfiguration { + b.Filters = &value return b } diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/ec2sdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/ec2sdconfig.go index 2a838009c7f..f521e43356d 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/ec2sdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/ec2sdconfig.go @@ -19,22 +19,27 @@ package v1alpha1 import ( monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" + applyconfigurationmonitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" v1 "k8s.io/api/core/v1" ) -// EC2SDConfigApplyConfiguration represents an declarative configuration of the EC2SDConfig type for use +// EC2SDConfigApplyConfiguration represents a declarative configuration of the EC2SDConfig type for use // with apply. type EC2SDConfigApplyConfiguration struct { - Region *string `json:"region,omitempty"` - AccessKey *v1.SecretKeySelector `json:"accessKey,omitempty"` - SecretKey *v1.SecretKeySelector `json:"secretKey,omitempty"` - RoleARN *string `json:"roleARN,omitempty"` - RefreshInterval *monitoringv1.Duration `json:"refreshInterval,omitempty"` - Port *int `json:"port,omitempty"` - Filters []*v1alpha1.EC2Filter `json:"filters,omitempty"` + Region *string `json:"region,omitempty"` + AccessKey *v1.SecretKeySelector `json:"accessKey,omitempty"` + SecretKey *v1.SecretKeySelector `json:"secretKey,omitempty"` + RoleARN *string `json:"roleARN,omitempty"` + Port *int32 `json:"port,omitempty"` + RefreshInterval *monitoringv1.Duration `json:"refreshInterval,omitempty"` + Filters *v1alpha1.Filters `json:"filters,omitempty"` + applyconfigurationmonitoringv1.ProxyConfigApplyConfiguration `json:",inline"` + TLSConfig *applyconfigurationmonitoringv1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` + FollowRedirects *bool `json:"followRedirects,omitempty"` + EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` } -// EC2SDConfigApplyConfiguration constructs an declarative configuration of the EC2SDConfig type for use with +// EC2SDConfigApplyConfiguration constructs a declarative configuration of the EC2SDConfig type for use with // apply. func EC2SDConfig() *EC2SDConfigApplyConfiguration { return &EC2SDConfigApplyConfiguration{} @@ -72,6 +77,14 @@ func (b *EC2SDConfigApplyConfiguration) WithRoleARN(value string) *EC2SDConfigAp return b } +// WithPort sets the Port field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Port field is set to the value of the last call. +func (b *EC2SDConfigApplyConfiguration) WithPort(value int32) *EC2SDConfigApplyConfiguration { + b.Port = &value + return b +} + // WithRefreshInterval sets the RefreshInterval field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the RefreshInterval field is set to the value of the last call. @@ -80,23 +93,72 @@ func (b *EC2SDConfigApplyConfiguration) WithRefreshInterval(value monitoringv1.D return b } -// WithPort sets the Port field in the declarative configuration to the given value +// WithFilters sets the Filters field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Port field is set to the value of the last call. -func (b *EC2SDConfigApplyConfiguration) WithPort(value int) *EC2SDConfigApplyConfiguration { - b.Port = &value +// If called multiple times, the Filters field is set to the value of the last call. +func (b *EC2SDConfigApplyConfiguration) WithFilters(value v1alpha1.Filters) *EC2SDConfigApplyConfiguration { + b.Filters = &value + return b +} + +// WithProxyURL sets the ProxyURL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyURL field is set to the value of the last call. +func (b *EC2SDConfigApplyConfiguration) WithProxyURL(value string) *EC2SDConfigApplyConfiguration { + b.ProxyURL = &value + return b +} + +// WithNoProxy sets the NoProxy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NoProxy field is set to the value of the last call. +func (b *EC2SDConfigApplyConfiguration) WithNoProxy(value string) *EC2SDConfigApplyConfiguration { + b.NoProxy = &value return b } -// WithFilters adds the given value to the Filters field in the declarative configuration +// WithProxyFromEnvironment sets the ProxyFromEnvironment field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyFromEnvironment field is set to the value of the last call. +func (b *EC2SDConfigApplyConfiguration) WithProxyFromEnvironment(value bool) *EC2SDConfigApplyConfiguration { + b.ProxyFromEnvironment = &value + return b +} + +// WithProxyConnectHeader puts the entries into the ProxyConnectHeader field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Filters field. -func (b *EC2SDConfigApplyConfiguration) WithFilters(values ...**v1alpha1.EC2Filter) *EC2SDConfigApplyConfiguration { - for i := range values { - if values[i] == nil { - panic("nil value passed to WithFilters") - } - b.Filters = append(b.Filters, *values[i]) +// If called multiple times, the entries provided by each call will be put on the ProxyConnectHeader field, +// overwriting an existing map entries in ProxyConnectHeader field with the same key. +func (b *EC2SDConfigApplyConfiguration) WithProxyConnectHeader(entries map[string][]v1.SecretKeySelector) *EC2SDConfigApplyConfiguration { + if b.ProxyConnectHeader == nil && len(entries) > 0 { + b.ProxyConnectHeader = make(map[string][]v1.SecretKeySelector, len(entries)) + } + for k, v := range entries { + b.ProxyConnectHeader[k] = v } return b } + +// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TLSConfig field is set to the value of the last call. +func (b *EC2SDConfigApplyConfiguration) WithTLSConfig(value *applyconfigurationmonitoringv1.SafeTLSConfigApplyConfiguration) *EC2SDConfigApplyConfiguration { + b.TLSConfig = value + return b +} + +// WithFollowRedirects sets the FollowRedirects field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the FollowRedirects field is set to the value of the last call. +func (b *EC2SDConfigApplyConfiguration) WithFollowRedirects(value bool) *EC2SDConfigApplyConfiguration { + b.FollowRedirects = &value + return b +} + +// WithEnableHTTP2 sets the EnableHTTP2 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the EnableHTTP2 field is set to the value of the last call. +func (b *EC2SDConfigApplyConfiguration) WithEnableHTTP2(value bool) *EC2SDConfigApplyConfiguration { + b.EnableHTTP2 = &value + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/emailconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/emailconfig.go index 9f3e9fa2efb..84ac3fb7f36 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/emailconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/emailconfig.go @@ -21,7 +21,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// EmailConfigApplyConfiguration represents an declarative configuration of the EmailConfig type for use +// EmailConfigApplyConfiguration represents a declarative configuration of the EmailConfig type for use // with apply. type EmailConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -40,7 +40,7 @@ type EmailConfigApplyConfiguration struct { TLSConfig *monitoringv1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` } -// EmailConfigApplyConfiguration constructs an declarative configuration of the EmailConfig type for use with +// EmailConfigApplyConfiguration constructs a declarative configuration of the EmailConfig type for use with // apply. func EmailConfig() *EmailConfigApplyConfiguration { return &EmailConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/eurekasdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/eurekasdconfig.go index c42593ecb32..c5c02518b03 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/eurekasdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/eurekasdconfig.go @@ -22,7 +22,7 @@ import ( corev1 "k8s.io/api/core/v1" ) -// EurekaSDConfigApplyConfiguration represents an declarative configuration of the EurekaSDConfig type for use +// EurekaSDConfigApplyConfiguration represents a declarative configuration of the EurekaSDConfig type for use // with apply. type EurekaSDConfigApplyConfiguration struct { Server *string `json:"server,omitempty"` @@ -36,7 +36,7 @@ type EurekaSDConfigApplyConfiguration struct { RefreshInterval *monitoringv1.Duration `json:"refreshInterval,omitempty"` } -// EurekaSDConfigApplyConfiguration constructs an declarative configuration of the EurekaSDConfig type for use with +// EurekaSDConfigApplyConfiguration constructs a declarative configuration of the EurekaSDConfig type for use with // apply. func EurekaSDConfig() *EurekaSDConfigApplyConfiguration { return &EurekaSDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/filesdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/filesdconfig.go index f88ac8b182d..38057f43ae4 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/filesdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/filesdconfig.go @@ -21,14 +21,14 @@ import ( v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" ) -// FileSDConfigApplyConfiguration represents an declarative configuration of the FileSDConfig type for use +// FileSDConfigApplyConfiguration represents a declarative configuration of the FileSDConfig type for use // with apply. type FileSDConfigApplyConfiguration struct { Files []v1alpha1.SDFile `json:"files,omitempty"` RefreshInterval *v1.Duration `json:"refreshInterval,omitempty"` } -// FileSDConfigApplyConfiguration constructs an declarative configuration of the FileSDConfig type for use with +// FileSDConfigApplyConfiguration constructs a declarative configuration of the FileSDConfig type for use with // apply. func FileSDConfig() *FileSDConfigApplyConfiguration { return &FileSDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/filter.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/filter.go new file mode 100644 index 00000000000..263c3f1a8ac --- /dev/null +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/filter.go @@ -0,0 +1,48 @@ +// Copyright The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// FilterApplyConfiguration represents a declarative configuration of the Filter type for use +// with apply. +type FilterApplyConfiguration struct { + Name *string `json:"name,omitempty"` + Values []string `json:"values,omitempty"` +} + +// FilterApplyConfiguration constructs a declarative configuration of the Filter type for use with +// apply. +func Filter() *FilterApplyConfiguration { + return &FilterApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *FilterApplyConfiguration) WithName(value string) *FilterApplyConfiguration { + b.Name = &value + return b +} + +// WithValues adds the given value to the Values field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Values field. +func (b *FilterApplyConfiguration) WithValues(values ...string) *FilterApplyConfiguration { + for i := range values { + b.Values = append(b.Values, values[i]) + } + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/gcesdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/gcesdconfig.go index 0574dec513a..903f2d5d63d 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/gcesdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/gcesdconfig.go @@ -20,7 +20,7 @@ import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" ) -// GCESDConfigApplyConfiguration represents an declarative configuration of the GCESDConfig type for use +// GCESDConfigApplyConfiguration represents a declarative configuration of the GCESDConfig type for use // with apply. type GCESDConfigApplyConfiguration struct { Project *string `json:"project,omitempty"` @@ -31,7 +31,7 @@ type GCESDConfigApplyConfiguration struct { TagSeparator *string `json:"tagSeparator,omitempty"` } -// GCESDConfigApplyConfiguration constructs an declarative configuration of the GCESDConfig type for use with +// GCESDConfigApplyConfiguration constructs a declarative configuration of the GCESDConfig type for use with // apply. func GCESDConfig() *GCESDConfigApplyConfiguration { return &GCESDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/hetznersdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/hetznersdconfig.go index a15e128554a..b8bca1e6471 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/hetznersdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/hetznersdconfig.go @@ -22,7 +22,7 @@ import ( corev1 "k8s.io/api/core/v1" ) -// HetznerSDConfigApplyConfiguration represents an declarative configuration of the HetznerSDConfig type for use +// HetznerSDConfigApplyConfiguration represents a declarative configuration of the HetznerSDConfig type for use // with apply. type HetznerSDConfigApplyConfiguration struct { Role *string `json:"role,omitempty"` @@ -37,7 +37,7 @@ type HetznerSDConfigApplyConfiguration struct { RefreshInterval *monitoringv1.Duration `json:"refreshInterval,omitempty"` } -// HetznerSDConfigApplyConfiguration constructs an declarative configuration of the HetznerSDConfig type for use with +// HetznerSDConfigApplyConfiguration constructs a declarative configuration of the HetznerSDConfig type for use with // apply. func HetznerSDConfig() *HetznerSDConfigApplyConfiguration { return &HetznerSDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/httpconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/httpconfig.go index 0fe4a92a417..01a019ca991 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/httpconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/httpconfig.go @@ -21,19 +21,20 @@ import ( corev1 "k8s.io/api/core/v1" ) -// HTTPConfigApplyConfiguration represents an declarative configuration of the HTTPConfig type for use +// HTTPConfigApplyConfiguration represents a declarative configuration of the HTTPConfig type for use // with apply. type HTTPConfigApplyConfiguration struct { - Authorization *v1.SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` - BasicAuth *v1.BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` - OAuth2 *v1.OAuth2ApplyConfiguration `json:"oauth2,omitempty"` - BearerTokenSecret *corev1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` - TLSConfig *v1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` - ProxyURL *string `json:"proxyURL,omitempty"` - FollowRedirects *bool `json:"followRedirects,omitempty"` + Authorization *v1.SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` + BasicAuth *v1.BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` + OAuth2 *v1.OAuth2ApplyConfiguration `json:"oauth2,omitempty"` + BearerTokenSecret *corev1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` + TLSConfig *v1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` + ProxyURLOriginal *string `json:"proxyURL,omitempty"` + v1.ProxyConfigApplyConfiguration `json:",inline"` + FollowRedirects *bool `json:"followRedirects,omitempty"` } -// HTTPConfigApplyConfiguration constructs an declarative configuration of the HTTPConfig type for use with +// HTTPConfigApplyConfiguration constructs a declarative configuration of the HTTPConfig type for use with // apply. func HTTPConfig() *HTTPConfigApplyConfiguration { return &HTTPConfigApplyConfiguration{} @@ -79,6 +80,14 @@ func (b *HTTPConfigApplyConfiguration) WithTLSConfig(value *v1.SafeTLSConfigAppl return b } +// WithProxyURLOriginal sets the ProxyURLOriginal field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyURLOriginal field is set to the value of the last call. +func (b *HTTPConfigApplyConfiguration) WithProxyURLOriginal(value string) *HTTPConfigApplyConfiguration { + b.ProxyURLOriginal = &value + return b +} + // WithProxyURL sets the ProxyURL field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the ProxyURL field is set to the value of the last call. @@ -87,6 +96,36 @@ func (b *HTTPConfigApplyConfiguration) WithProxyURL(value string) *HTTPConfigApp return b } +// WithNoProxy sets the NoProxy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NoProxy field is set to the value of the last call. +func (b *HTTPConfigApplyConfiguration) WithNoProxy(value string) *HTTPConfigApplyConfiguration { + b.NoProxy = &value + return b +} + +// WithProxyFromEnvironment sets the ProxyFromEnvironment field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyFromEnvironment field is set to the value of the last call. +func (b *HTTPConfigApplyConfiguration) WithProxyFromEnvironment(value bool) *HTTPConfigApplyConfiguration { + b.ProxyFromEnvironment = &value + return b +} + +// WithProxyConnectHeader puts the entries into the ProxyConnectHeader field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the ProxyConnectHeader field, +// overwriting an existing map entries in ProxyConnectHeader field with the same key. +func (b *HTTPConfigApplyConfiguration) WithProxyConnectHeader(entries map[string][]corev1.SecretKeySelector) *HTTPConfigApplyConfiguration { + if b.ProxyConnectHeader == nil && len(entries) > 0 { + b.ProxyConnectHeader = make(map[string][]corev1.SecretKeySelector, len(entries)) + } + for k, v := range entries { + b.ProxyConnectHeader[k] = v + } + return b +} + // WithFollowRedirects sets the FollowRedirects field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the FollowRedirects field is set to the value of the last call. diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/httpsdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/httpsdconfig.go index 9ccca7fbe07..245d00d37b9 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/httpsdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/httpsdconfig.go @@ -22,18 +22,21 @@ import ( corev1 "k8s.io/api/core/v1" ) -// HTTPSDConfigApplyConfiguration represents an declarative configuration of the HTTPSDConfig type for use +// HTTPSDConfigApplyConfiguration represents a declarative configuration of the HTTPSDConfig type for use // with apply. type HTTPSDConfigApplyConfiguration struct { URL *string `json:"url,omitempty"` RefreshInterval *v1.Duration `json:"refreshInterval,omitempty"` BasicAuth *monitoringv1.BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` Authorization *monitoringv1.SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` - TLSConfig *monitoringv1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` + OAuth2 *monitoringv1.OAuth2ApplyConfiguration `json:"oauth2,omitempty"` monitoringv1.ProxyConfigApplyConfiguration `json:",inline"` + TLSConfig *monitoringv1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` + FollowRedirects *bool `json:"followRedirects,omitempty"` + EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` } -// HTTPSDConfigApplyConfiguration constructs an declarative configuration of the HTTPSDConfig type for use with +// HTTPSDConfigApplyConfiguration constructs a declarative configuration of the HTTPSDConfig type for use with // apply. func HTTPSDConfig() *HTTPSDConfigApplyConfiguration { return &HTTPSDConfigApplyConfiguration{} @@ -71,11 +74,11 @@ func (b *HTTPSDConfigApplyConfiguration) WithAuthorization(value *monitoringv1.S return b } -// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value +// WithOAuth2 sets the OAuth2 field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the TLSConfig field is set to the value of the last call. -func (b *HTTPSDConfigApplyConfiguration) WithTLSConfig(value *monitoringv1.SafeTLSConfigApplyConfiguration) *HTTPSDConfigApplyConfiguration { - b.TLSConfig = value +// If called multiple times, the OAuth2 field is set to the value of the last call. +func (b *HTTPSDConfigApplyConfiguration) WithOAuth2(value *monitoringv1.OAuth2ApplyConfiguration) *HTTPSDConfigApplyConfiguration { + b.OAuth2 = value return b } @@ -116,3 +119,27 @@ func (b *HTTPSDConfigApplyConfiguration) WithProxyConnectHeader(entries map[stri } return b } + +// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TLSConfig field is set to the value of the last call. +func (b *HTTPSDConfigApplyConfiguration) WithTLSConfig(value *monitoringv1.SafeTLSConfigApplyConfiguration) *HTTPSDConfigApplyConfiguration { + b.TLSConfig = value + return b +} + +// WithFollowRedirects sets the FollowRedirects field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the FollowRedirects field is set to the value of the last call. +func (b *HTTPSDConfigApplyConfiguration) WithFollowRedirects(value bool) *HTTPSDConfigApplyConfiguration { + b.FollowRedirects = &value + return b +} + +// WithEnableHTTP2 sets the EnableHTTP2 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the EnableHTTP2 field is set to the value of the last call. +func (b *HTTPSDConfigApplyConfiguration) WithEnableHTTP2(value bool) *HTTPSDConfigApplyConfiguration { + b.EnableHTTP2 = &value + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/inhibitrule.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/inhibitrule.go index eb4f9eaa744..dfa0ec7e254 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/inhibitrule.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/inhibitrule.go @@ -16,7 +16,7 @@ package v1alpha1 -// InhibitRuleApplyConfiguration represents an declarative configuration of the InhibitRule type for use +// InhibitRuleApplyConfiguration represents a declarative configuration of the InhibitRule type for use // with apply. type InhibitRuleApplyConfiguration struct { TargetMatch []MatcherApplyConfiguration `json:"targetMatch,omitempty"` @@ -24,7 +24,7 @@ type InhibitRuleApplyConfiguration struct { Equal []string `json:"equal,omitempty"` } -// InhibitRuleApplyConfiguration constructs an declarative configuration of the InhibitRule type for use with +// InhibitRuleApplyConfiguration constructs a declarative configuration of the InhibitRule type for use with // apply. func InhibitRule() *InhibitRuleApplyConfiguration { return &InhibitRuleApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/ionossdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/ionossdconfig.go new file mode 100644 index 00000000000..bdb3ddaee16 --- /dev/null +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/ionossdconfig.go @@ -0,0 +1,136 @@ +// Copyright The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" + corev1 "k8s.io/api/core/v1" +) + +// IonosSDConfigApplyConfiguration represents a declarative configuration of the IonosSDConfig type for use +// with apply. +type IonosSDConfigApplyConfiguration struct { + DataCenterID *string `json:"datacenterID,omitempty"` + Port *int32 `json:"port,omitempty"` + RefreshInterval *v1.Duration `json:"refreshInterval,omitempty"` + Authorization *monitoringv1.SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` + monitoringv1.ProxyConfigApplyConfiguration `json:",inline"` + TLSConfig *monitoringv1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` + FollowRedirects *bool `json:"followRedirects,omitempty"` + EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` +} + +// IonosSDConfigApplyConfiguration constructs a declarative configuration of the IonosSDConfig type for use with +// apply. +func IonosSDConfig() *IonosSDConfigApplyConfiguration { + return &IonosSDConfigApplyConfiguration{} +} + +// WithDataCenterID sets the DataCenterID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DataCenterID field is set to the value of the last call. +func (b *IonosSDConfigApplyConfiguration) WithDataCenterID(value string) *IonosSDConfigApplyConfiguration { + b.DataCenterID = &value + return b +} + +// WithPort sets the Port field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Port field is set to the value of the last call. +func (b *IonosSDConfigApplyConfiguration) WithPort(value int32) *IonosSDConfigApplyConfiguration { + b.Port = &value + return b +} + +// WithRefreshInterval sets the RefreshInterval field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RefreshInterval field is set to the value of the last call. +func (b *IonosSDConfigApplyConfiguration) WithRefreshInterval(value v1.Duration) *IonosSDConfigApplyConfiguration { + b.RefreshInterval = &value + return b +} + +// WithAuthorization sets the Authorization field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Authorization field is set to the value of the last call. +func (b *IonosSDConfigApplyConfiguration) WithAuthorization(value *monitoringv1.SafeAuthorizationApplyConfiguration) *IonosSDConfigApplyConfiguration { + b.Authorization = value + return b +} + +// WithProxyURL sets the ProxyURL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyURL field is set to the value of the last call. +func (b *IonosSDConfigApplyConfiguration) WithProxyURL(value string) *IonosSDConfigApplyConfiguration { + b.ProxyURL = &value + return b +} + +// WithNoProxy sets the NoProxy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NoProxy field is set to the value of the last call. +func (b *IonosSDConfigApplyConfiguration) WithNoProxy(value string) *IonosSDConfigApplyConfiguration { + b.NoProxy = &value + return b +} + +// WithProxyFromEnvironment sets the ProxyFromEnvironment field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyFromEnvironment field is set to the value of the last call. +func (b *IonosSDConfigApplyConfiguration) WithProxyFromEnvironment(value bool) *IonosSDConfigApplyConfiguration { + b.ProxyFromEnvironment = &value + return b +} + +// WithProxyConnectHeader puts the entries into the ProxyConnectHeader field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the ProxyConnectHeader field, +// overwriting an existing map entries in ProxyConnectHeader field with the same key. +func (b *IonosSDConfigApplyConfiguration) WithProxyConnectHeader(entries map[string][]corev1.SecretKeySelector) *IonosSDConfigApplyConfiguration { + if b.ProxyConnectHeader == nil && len(entries) > 0 { + b.ProxyConnectHeader = make(map[string][]corev1.SecretKeySelector, len(entries)) + } + for k, v := range entries { + b.ProxyConnectHeader[k] = v + } + return b +} + +// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TLSConfig field is set to the value of the last call. +func (b *IonosSDConfigApplyConfiguration) WithTLSConfig(value *monitoringv1.SafeTLSConfigApplyConfiguration) *IonosSDConfigApplyConfiguration { + b.TLSConfig = value + return b +} + +// WithFollowRedirects sets the FollowRedirects field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the FollowRedirects field is set to the value of the last call. +func (b *IonosSDConfigApplyConfiguration) WithFollowRedirects(value bool) *IonosSDConfigApplyConfiguration { + b.FollowRedirects = &value + return b +} + +// WithEnableHTTP2 sets the EnableHTTP2 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the EnableHTTP2 field is set to the value of the last call. +func (b *IonosSDConfigApplyConfiguration) WithEnableHTTP2(value bool) *IonosSDConfigApplyConfiguration { + b.EnableHTTP2 = &value + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/k8sselectorconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/k8sselectorconfig.go index a274e6fcdb5..980aa121414 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/k8sselectorconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/k8sselectorconfig.go @@ -20,15 +20,15 @@ import ( v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" ) -// K8SSelectorConfigApplyConfiguration represents an declarative configuration of the K8SSelectorConfig type for use +// K8SSelectorConfigApplyConfiguration represents a declarative configuration of the K8SSelectorConfig type for use // with apply. type K8SSelectorConfigApplyConfiguration struct { - Role *v1alpha1.Role `json:"role,omitempty"` - Label *string `json:"label,omitempty"` - Field *string `json:"field,omitempty"` + Role *v1alpha1.KubernetesRole `json:"role,omitempty"` + Label *string `json:"label,omitempty"` + Field *string `json:"field,omitempty"` } -// K8SSelectorConfigApplyConfiguration constructs an declarative configuration of the K8SSelectorConfig type for use with +// K8SSelectorConfigApplyConfiguration constructs a declarative configuration of the K8SSelectorConfig type for use with // apply. func K8SSelectorConfig() *K8SSelectorConfigApplyConfiguration { return &K8SSelectorConfigApplyConfiguration{} @@ -37,7 +37,7 @@ func K8SSelectorConfig() *K8SSelectorConfigApplyConfiguration { // WithRole sets the Role field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Role field is set to the value of the last call. -func (b *K8SSelectorConfigApplyConfiguration) WithRole(value v1alpha1.Role) *K8SSelectorConfigApplyConfiguration { +func (b *K8SSelectorConfigApplyConfiguration) WithRole(value v1alpha1.KubernetesRole) *K8SSelectorConfigApplyConfiguration { b.Role = &value return b } diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/keyvalue.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/keyvalue.go index 31a44c86256..65edc56a3e8 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/keyvalue.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/keyvalue.go @@ -16,14 +16,14 @@ package v1alpha1 -// KeyValueApplyConfiguration represents an declarative configuration of the KeyValue type for use +// KeyValueApplyConfiguration represents a declarative configuration of the KeyValue type for use // with apply. type KeyValueApplyConfiguration struct { Key *string `json:"key,omitempty"` Value *string `json:"value,omitempty"` } -// KeyValueApplyConfiguration constructs an declarative configuration of the KeyValue type for use with +// KeyValueApplyConfiguration constructs a declarative configuration of the KeyValue type for use with // apply. func KeyValue() *KeyValueApplyConfiguration { return &KeyValueApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/kubernetessdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/kubernetessdconfig.go index 8c02fed9421..f38d02e0954 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/kubernetessdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/kubernetessdconfig.go @@ -22,24 +22,24 @@ import ( corev1 "k8s.io/api/core/v1" ) -// KubernetesSDConfigApplyConfiguration represents an declarative configuration of the KubernetesSDConfig type for use +// KubernetesSDConfigApplyConfiguration represents a declarative configuration of the KubernetesSDConfig type for use // with apply. type KubernetesSDConfigApplyConfiguration struct { APIServer *string `json:"apiServer,omitempty"` - Role *v1alpha1.Role `json:"role,omitempty"` + Role *v1alpha1.KubernetesRole `json:"role,omitempty"` + Namespaces *NamespaceDiscoveryApplyConfiguration `json:"namespaces,omitempty"` + AttachMetadata *AttachMetadataApplyConfiguration `json:"attachMetadata,omitempty"` + Selectors []K8SSelectorConfigApplyConfiguration `json:"selectors,omitempty"` BasicAuth *v1.BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` Authorization *v1.SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` OAuth2 *v1.OAuth2ApplyConfiguration `json:"oauth2,omitempty"` v1.ProxyConfigApplyConfiguration `json:",inline"` - FollowRedirects *bool `json:"followRedirects,omitempty"` - EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` - TLSConfig *v1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` - Namespaces *NamespaceDiscoveryApplyConfiguration `json:"namespaces,omitempty"` - AttachMetadata *AttachMetadataApplyConfiguration `json:"attachMetadata,omitempty"` - Selectors []K8SSelectorConfigApplyConfiguration `json:"selectors,omitempty"` + FollowRedirects *bool `json:"followRedirects,omitempty"` + EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` + TLSConfig *v1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` } -// KubernetesSDConfigApplyConfiguration constructs an declarative configuration of the KubernetesSDConfig type for use with +// KubernetesSDConfigApplyConfiguration constructs a declarative configuration of the KubernetesSDConfig type for use with // apply. func KubernetesSDConfig() *KubernetesSDConfigApplyConfiguration { return &KubernetesSDConfigApplyConfiguration{} @@ -56,11 +56,40 @@ func (b *KubernetesSDConfigApplyConfiguration) WithAPIServer(value string) *Kube // WithRole sets the Role field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Role field is set to the value of the last call. -func (b *KubernetesSDConfigApplyConfiguration) WithRole(value v1alpha1.Role) *KubernetesSDConfigApplyConfiguration { +func (b *KubernetesSDConfigApplyConfiguration) WithRole(value v1alpha1.KubernetesRole) *KubernetesSDConfigApplyConfiguration { b.Role = &value return b } +// WithNamespaces sets the Namespaces field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespaces field is set to the value of the last call. +func (b *KubernetesSDConfigApplyConfiguration) WithNamespaces(value *NamespaceDiscoveryApplyConfiguration) *KubernetesSDConfigApplyConfiguration { + b.Namespaces = value + return b +} + +// WithAttachMetadata sets the AttachMetadata field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AttachMetadata field is set to the value of the last call. +func (b *KubernetesSDConfigApplyConfiguration) WithAttachMetadata(value *AttachMetadataApplyConfiguration) *KubernetesSDConfigApplyConfiguration { + b.AttachMetadata = value + return b +} + +// WithSelectors adds the given value to the Selectors field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Selectors field. +func (b *KubernetesSDConfigApplyConfiguration) WithSelectors(values ...*K8SSelectorConfigApplyConfiguration) *KubernetesSDConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithSelectors") + } + b.Selectors = append(b.Selectors, *values[i]) + } + return b +} + // WithBasicAuth sets the BasicAuth field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the BasicAuth field is set to the value of the last call. @@ -146,32 +175,3 @@ func (b *KubernetesSDConfigApplyConfiguration) WithTLSConfig(value *v1.SafeTLSCo b.TLSConfig = value return b } - -// WithNamespaces sets the Namespaces field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Namespaces field is set to the value of the last call. -func (b *KubernetesSDConfigApplyConfiguration) WithNamespaces(value *NamespaceDiscoveryApplyConfiguration) *KubernetesSDConfigApplyConfiguration { - b.Namespaces = value - return b -} - -// WithAttachMetadata sets the AttachMetadata field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the AttachMetadata field is set to the value of the last call. -func (b *KubernetesSDConfigApplyConfiguration) WithAttachMetadata(value *AttachMetadataApplyConfiguration) *KubernetesSDConfigApplyConfiguration { - b.AttachMetadata = value - return b -} - -// WithSelectors adds the given value to the Selectors field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Selectors field. -func (b *KubernetesSDConfigApplyConfiguration) WithSelectors(values ...*K8SSelectorConfigApplyConfiguration) *KubernetesSDConfigApplyConfiguration { - for i := range values { - if values[i] == nil { - panic("nil value passed to WithSelectors") - } - b.Selectors = append(b.Selectors, *values[i]) - } - return b -} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/kumasdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/kumasdconfig.go index f8413773434..b144c090fe3 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/kumasdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/kumasdconfig.go @@ -22,7 +22,7 @@ import ( corev1 "k8s.io/api/core/v1" ) -// KumaSDConfigApplyConfiguration represents an declarative configuration of the KumaSDConfig type for use +// KumaSDConfigApplyConfiguration represents a declarative configuration of the KumaSDConfig type for use // with apply. type KumaSDConfigApplyConfiguration struct { Server *string `json:"server,omitempty"` @@ -38,7 +38,7 @@ type KumaSDConfigApplyConfiguration struct { EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` } -// KumaSDConfigApplyConfiguration constructs an declarative configuration of the KumaSDConfig type for use with +// KumaSDConfigApplyConfiguration constructs a declarative configuration of the KumaSDConfig type for use with // apply. func KumaSDConfig() *KumaSDConfigApplyConfiguration { return &KumaSDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/lightsailsdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/lightsailsdconfig.go index e090a1cf157..ebd7f678195 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/lightsailsdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/lightsailsdconfig.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// LightSailSDConfigApplyConfiguration represents an declarative configuration of the LightSailSDConfig type for use +// LightSailSDConfigApplyConfiguration represents a declarative configuration of the LightSailSDConfig type for use // with apply. type LightSailSDConfigApplyConfiguration struct { Region *string `json:"region,omitempty"` @@ -41,7 +41,7 @@ type LightSailSDConfigApplyConfiguration struct { EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` } -// LightSailSDConfigApplyConfiguration constructs an declarative configuration of the LightSailSDConfig type for use with +// LightSailSDConfigApplyConfiguration constructs a declarative configuration of the LightSailSDConfig type for use with // apply. func LightSailSDConfig() *LightSailSDConfigApplyConfiguration { return &LightSailSDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/linodesdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/linodesdconfig.go index fba2174e873..b5f522ee139 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/linodesdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/linodesdconfig.go @@ -22,7 +22,7 @@ import ( corev1 "k8s.io/api/core/v1" ) -// LinodeSDConfigApplyConfiguration represents an declarative configuration of the LinodeSDConfig type for use +// LinodeSDConfigApplyConfiguration represents a declarative configuration of the LinodeSDConfig type for use // with apply. type LinodeSDConfigApplyConfiguration struct { Region *string `json:"region,omitempty"` @@ -37,7 +37,7 @@ type LinodeSDConfigApplyConfiguration struct { EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` } -// LinodeSDConfigApplyConfiguration constructs an declarative configuration of the LinodeSDConfig type for use with +// LinodeSDConfigApplyConfiguration constructs a declarative configuration of the LinodeSDConfig type for use with // apply. func LinodeSDConfig() *LinodeSDConfigApplyConfiguration { return &LinodeSDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/matcher.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/matcher.go index 4491e98ac82..b6865ee9bd1 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/matcher.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/matcher.go @@ -20,7 +20,7 @@ import ( v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" ) -// MatcherApplyConfiguration represents an declarative configuration of the Matcher type for use +// MatcherApplyConfiguration represents a declarative configuration of the Matcher type for use // with apply. type MatcherApplyConfiguration struct { Name *string `json:"name,omitempty"` @@ -29,7 +29,7 @@ type MatcherApplyConfiguration struct { Regex *bool `json:"regex,omitempty"` } -// MatcherApplyConfiguration constructs an declarative configuration of the Matcher type for use with +// MatcherApplyConfiguration constructs a declarative configuration of the Matcher type for use with // apply. func Matcher() *MatcherApplyConfiguration { return &MatcherApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/msteamsconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/msteamsconfig.go index 7e117dd386c..5e2c3fb3c58 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/msteamsconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/msteamsconfig.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// MSTeamsConfigApplyConfiguration represents an declarative configuration of the MSTeamsConfig type for use +// MSTeamsConfigApplyConfiguration represents a declarative configuration of the MSTeamsConfig type for use // with apply. type MSTeamsConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -31,7 +31,7 @@ type MSTeamsConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// MSTeamsConfigApplyConfiguration constructs an declarative configuration of the MSTeamsConfig type for use with +// MSTeamsConfigApplyConfiguration constructs a declarative configuration of the MSTeamsConfig type for use with // apply. func MSTeamsConfig() *MSTeamsConfigApplyConfiguration { return &MSTeamsConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/mutetimeinterval.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/mutetimeinterval.go index 85092e523f1..d98e1a0e901 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/mutetimeinterval.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/mutetimeinterval.go @@ -16,14 +16,14 @@ package v1alpha1 -// MuteTimeIntervalApplyConfiguration represents an declarative configuration of the MuteTimeInterval type for use +// MuteTimeIntervalApplyConfiguration represents a declarative configuration of the MuteTimeInterval type for use // with apply. type MuteTimeIntervalApplyConfiguration struct { Name *string `json:"name,omitempty"` TimeIntervals []TimeIntervalApplyConfiguration `json:"timeIntervals,omitempty"` } -// MuteTimeIntervalApplyConfiguration constructs an declarative configuration of the MuteTimeInterval type for use with +// MuteTimeIntervalApplyConfiguration constructs a declarative configuration of the MuteTimeInterval type for use with // apply. func MuteTimeInterval() *MuteTimeIntervalApplyConfiguration { return &MuteTimeIntervalApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/namespacediscovery.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/namespacediscovery.go index 15ef41bb48c..aa78fb20b01 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/namespacediscovery.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/namespacediscovery.go @@ -16,14 +16,14 @@ package v1alpha1 -// NamespaceDiscoveryApplyConfiguration represents an declarative configuration of the NamespaceDiscovery type for use +// NamespaceDiscoveryApplyConfiguration represents a declarative configuration of the NamespaceDiscovery type for use // with apply. type NamespaceDiscoveryApplyConfiguration struct { IncludeOwnNamespace *bool `json:"ownNamespace,omitempty"` Names []string `json:"names,omitempty"` } -// NamespaceDiscoveryApplyConfiguration constructs an declarative configuration of the NamespaceDiscovery type for use with +// NamespaceDiscoveryApplyConfiguration constructs a declarative configuration of the NamespaceDiscovery type for use with // apply. func NamespaceDiscovery() *NamespaceDiscoveryApplyConfiguration { return &NamespaceDiscoveryApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/nomadsdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/nomadsdconfig.go index c36211b1634..a5d790929b0 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/nomadsdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/nomadsdconfig.go @@ -22,7 +22,7 @@ import ( corev1 "k8s.io/api/core/v1" ) -// NomadSDConfigApplyConfiguration represents an declarative configuration of the NomadSDConfig type for use +// NomadSDConfigApplyConfiguration represents a declarative configuration of the NomadSDConfig type for use // with apply. type NomadSDConfigApplyConfiguration struct { AllowStale *bool `json:"allowStale,omitempty"` @@ -40,7 +40,7 @@ type NomadSDConfigApplyConfiguration struct { EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` } -// NomadSDConfigApplyConfiguration constructs an declarative configuration of the NomadSDConfig type for use with +// NomadSDConfigApplyConfiguration constructs a declarative configuration of the NomadSDConfig type for use with // apply. func NomadSDConfig() *NomadSDConfigApplyConfiguration { return &NomadSDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/openstacksdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/openstacksdconfig.go index 5826a77a6f2..63c9b296725 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/openstacksdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/openstacksdconfig.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// OpenStackSDConfigApplyConfiguration represents an declarative configuration of the OpenStackSDConfig type for use +// OpenStackSDConfigApplyConfiguration represents a declarative configuration of the OpenStackSDConfig type for use // with apply. type OpenStackSDConfigApplyConfiguration struct { Role *string `json:"role,omitempty"` @@ -45,7 +45,7 @@ type OpenStackSDConfigApplyConfiguration struct { TLSConfig *applyconfigurationmonitoringv1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` } -// OpenStackSDConfigApplyConfiguration constructs an declarative configuration of the OpenStackSDConfig type for use with +// OpenStackSDConfigApplyConfiguration constructs a declarative configuration of the OpenStackSDConfig type for use with // apply. func OpenStackSDConfig() *OpenStackSDConfigApplyConfiguration { return &OpenStackSDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/opsgenieconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/opsgenieconfig.go index 5e333de95cb..d8bbd7d8810 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/opsgenieconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/opsgenieconfig.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// OpsGenieConfigApplyConfiguration represents an declarative configuration of the OpsGenieConfig type for use +// OpsGenieConfigApplyConfiguration represents a declarative configuration of the OpsGenieConfig type for use // with apply. type OpsGenieConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -40,7 +40,7 @@ type OpsGenieConfigApplyConfiguration struct { Actions *string `json:"actions,omitempty"` } -// OpsGenieConfigApplyConfiguration constructs an declarative configuration of the OpsGenieConfig type for use with +// OpsGenieConfigApplyConfiguration constructs a declarative configuration of the OpsGenieConfig type for use with // apply. func OpsGenieConfig() *OpsGenieConfigApplyConfiguration { return &OpsGenieConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/opsgenieconfigresponder.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/opsgenieconfigresponder.go index c2b9caabc80..c6a3aa65d3c 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/opsgenieconfigresponder.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/opsgenieconfigresponder.go @@ -16,7 +16,7 @@ package v1alpha1 -// OpsGenieConfigResponderApplyConfiguration represents an declarative configuration of the OpsGenieConfigResponder type for use +// OpsGenieConfigResponderApplyConfiguration represents a declarative configuration of the OpsGenieConfigResponder type for use // with apply. type OpsGenieConfigResponderApplyConfiguration struct { ID *string `json:"id,omitempty"` @@ -25,7 +25,7 @@ type OpsGenieConfigResponderApplyConfiguration struct { Type *string `json:"type,omitempty"` } -// OpsGenieConfigResponderApplyConfiguration constructs an declarative configuration of the OpsGenieConfigResponder type for use with +// OpsGenieConfigResponderApplyConfiguration constructs a declarative configuration of the OpsGenieConfigResponder type for use with // apply. func OpsGenieConfigResponder() *OpsGenieConfigResponderApplyConfiguration { return &OpsGenieConfigResponderApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/ovhcloudsdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/ovhcloudsdconfig.go index cbd953080a0..a9386e827b3 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/ovhcloudsdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/ovhcloudsdconfig.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// OVHCloudSDConfigApplyConfiguration represents an declarative configuration of the OVHCloudSDConfig type for use +// OVHCloudSDConfigApplyConfiguration represents a declarative configuration of the OVHCloudSDConfig type for use // with apply. type OVHCloudSDConfigApplyConfiguration struct { ApplicationKey *string `json:"applicationKey,omitempty"` @@ -33,7 +33,7 @@ type OVHCloudSDConfigApplyConfiguration struct { RefreshInterval *monitoringv1.Duration `json:"refreshInterval,omitempty"` } -// OVHCloudSDConfigApplyConfiguration constructs an declarative configuration of the OVHCloudSDConfig type for use with +// OVHCloudSDConfigApplyConfiguration constructs a declarative configuration of the OVHCloudSDConfig type for use with // apply. func OVHCloudSDConfig() *OVHCloudSDConfigApplyConfiguration { return &OVHCloudSDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/pagerdutyconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/pagerdutyconfig.go index cd39b948880..b33e6802d91 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/pagerdutyconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/pagerdutyconfig.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// PagerDutyConfigApplyConfiguration represents an declarative configuration of the PagerDutyConfig type for use +// PagerDutyConfigApplyConfiguration represents a declarative configuration of the PagerDutyConfig type for use // with apply. type PagerDutyConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -41,7 +41,7 @@ type PagerDutyConfigApplyConfiguration struct { Source *string `json:"source,omitempty"` } -// PagerDutyConfigApplyConfiguration constructs an declarative configuration of the PagerDutyConfig type for use with +// PagerDutyConfigApplyConfiguration constructs a declarative configuration of the PagerDutyConfig type for use with // apply. func PagerDutyConfig() *PagerDutyConfigApplyConfiguration { return &PagerDutyConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/pagerdutyimageconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/pagerdutyimageconfig.go index c9c2addc746..a0759824b88 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/pagerdutyimageconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/pagerdutyimageconfig.go @@ -16,7 +16,7 @@ package v1alpha1 -// PagerDutyImageConfigApplyConfiguration represents an declarative configuration of the PagerDutyImageConfig type for use +// PagerDutyImageConfigApplyConfiguration represents a declarative configuration of the PagerDutyImageConfig type for use // with apply. type PagerDutyImageConfigApplyConfiguration struct { Src *string `json:"src,omitempty"` @@ -24,7 +24,7 @@ type PagerDutyImageConfigApplyConfiguration struct { Alt *string `json:"alt,omitempty"` } -// PagerDutyImageConfigApplyConfiguration constructs an declarative configuration of the PagerDutyImageConfig type for use with +// PagerDutyImageConfigApplyConfiguration constructs a declarative configuration of the PagerDutyImageConfig type for use with // apply. func PagerDutyImageConfig() *PagerDutyImageConfigApplyConfiguration { return &PagerDutyImageConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/pagerdutylinkconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/pagerdutylinkconfig.go index 84c422111b3..418c322ac38 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/pagerdutylinkconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/pagerdutylinkconfig.go @@ -16,14 +16,14 @@ package v1alpha1 -// PagerDutyLinkConfigApplyConfiguration represents an declarative configuration of the PagerDutyLinkConfig type for use +// PagerDutyLinkConfigApplyConfiguration represents a declarative configuration of the PagerDutyLinkConfig type for use // with apply. type PagerDutyLinkConfigApplyConfiguration struct { Href *string `json:"href,omitempty"` Text *string `json:"alt,omitempty"` } -// PagerDutyLinkConfigApplyConfiguration constructs an declarative configuration of the PagerDutyLinkConfig type for use with +// PagerDutyLinkConfigApplyConfiguration constructs a declarative configuration of the PagerDutyLinkConfig type for use with // apply. func PagerDutyLinkConfig() *PagerDutyLinkConfigApplyConfiguration { return &PagerDutyLinkConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/prometheusagent.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/prometheusagent.go index 1bb14cb7d40..aaad33d71ae 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/prometheusagent.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/prometheusagent.go @@ -23,7 +23,7 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// PrometheusAgentApplyConfiguration represents an declarative configuration of the PrometheusAgent type for use +// PrometheusAgentApplyConfiguration represents a declarative configuration of the PrometheusAgent type for use // with apply. type PrometheusAgentApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` @@ -32,7 +32,7 @@ type PrometheusAgentApplyConfiguration struct { Status *monitoringv1.PrometheusStatusApplyConfiguration `json:"status,omitempty"` } -// PrometheusAgent constructs an declarative configuration of the PrometheusAgent type for use with +// PrometheusAgent constructs a declarative configuration of the PrometheusAgent type for use with // apply. func PrometheusAgent(name, namespace string) *PrometheusAgentApplyConfiguration { b := &PrometheusAgentApplyConfiguration{} @@ -216,3 +216,9 @@ func (b *PrometheusAgentApplyConfiguration) WithStatus(value *monitoringv1.Prome b.Status = value return b } + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *PrometheusAgentApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.Name +} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/prometheusagentspec.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/prometheusagentspec.go index 19ee2be2071..84b30ab36f2 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/prometheusagentspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/prometheusagentspec.go @@ -24,14 +24,14 @@ import ( metav1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// PrometheusAgentSpecApplyConfiguration represents an declarative configuration of the PrometheusAgentSpec type for use +// PrometheusAgentSpecApplyConfiguration represents a declarative configuration of the PrometheusAgentSpec type for use // with apply. type PrometheusAgentSpecApplyConfiguration struct { Mode *string `json:"mode,omitempty"` v1.CommonPrometheusFieldsApplyConfiguration `json:",inline"` } -// PrometheusAgentSpecApplyConfiguration constructs an declarative configuration of the PrometheusAgentSpec type for use with +// PrometheusAgentSpecApplyConfiguration constructs a declarative configuration of the PrometheusAgentSpec type for use with // apply. func PrometheusAgentSpec() *PrometheusAgentSpecApplyConfiguration { return &PrometheusAgentSpecApplyConfiguration{} @@ -255,6 +255,16 @@ func (b *PrometheusAgentSpecApplyConfiguration) WithEnableRemoteWriteReceiver(va return b } +// WithRemoteWriteReceiverMessageVersions adds the given value to the RemoteWriteReceiverMessageVersions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the RemoteWriteReceiverMessageVersions field. +func (b *PrometheusAgentSpecApplyConfiguration) WithRemoteWriteReceiverMessageVersions(values ...monitoringv1.RemoteWriteMessageVersion) *PrometheusAgentSpecApplyConfiguration { + for i := range values { + b.RemoteWriteReceiverMessageVersions = append(b.RemoteWriteReceiverMessageVersions, values[i]) + } + return b +} + // WithEnableFeatures adds the given value to the EnableFeatures field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the EnableFeatures field. @@ -427,6 +437,14 @@ func (b *PrometheusAgentSpecApplyConfiguration) WithRemoteWrite(values ...*v1.Re return b } +// WithOTLP sets the OTLP field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OTLP field is set to the value of the last call. +func (b *PrometheusAgentSpecApplyConfiguration) WithOTLP(value *v1.OTLPConfigApplyConfiguration) *PrometheusAgentSpecApplyConfiguration { + b.OTLP = value + return b +} + // WithSecurityContext sets the SecurityContext field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the SecurityContext field is set to the value of the last call. @@ -435,6 +453,22 @@ func (b *PrometheusAgentSpecApplyConfiguration) WithSecurityContext(value corev1 return b } +// WithDNSPolicy sets the DNSPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSPolicy field is set to the value of the last call. +func (b *PrometheusAgentSpecApplyConfiguration) WithDNSPolicy(value monitoringv1.DNSPolicy) *PrometheusAgentSpecApplyConfiguration { + b.DNSPolicy = &value + return b +} + +// WithDNSConfig sets the DNSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSConfig field is set to the value of the last call. +func (b *PrometheusAgentSpecApplyConfiguration) WithDNSConfig(value *v1.PodDNSConfigApplyConfiguration) *PrometheusAgentSpecApplyConfiguration { + b.DNSConfig = value + return b +} + // WithListenLocal sets the ListenLocal field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the ListenLocal field is set to the value of the last call. @@ -756,3 +790,19 @@ func (b *PrometheusAgentSpecApplyConfiguration) WithScrapeClasses(values ...*v1. } return b } + +// WithServiceDiscoveryRole sets the ServiceDiscoveryRole field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceDiscoveryRole field is set to the value of the last call. +func (b *PrometheusAgentSpecApplyConfiguration) WithServiceDiscoveryRole(value monitoringv1.ServiceDiscoveryRole) *PrometheusAgentSpecApplyConfiguration { + b.ServiceDiscoveryRole = &value + return b +} + +// WithTSDB sets the TSDB field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TSDB field is set to the value of the last call. +func (b *PrometheusAgentSpecApplyConfiguration) WithTSDB(value *v1.TSDBSpecApplyConfiguration) *PrometheusAgentSpecApplyConfiguration { + b.TSDB = value + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/puppetdbsdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/puppetdbsdconfig.go index e05a7aacdbd..5c30f5c097d 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/puppetdbsdconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/puppetdbsdconfig.go @@ -22,7 +22,7 @@ import ( corev1 "k8s.io/api/core/v1" ) -// PuppetDBSDConfigApplyConfiguration represents an declarative configuration of the PuppetDBSDConfig type for use +// PuppetDBSDConfigApplyConfiguration represents a declarative configuration of the PuppetDBSDConfig type for use // with apply. type PuppetDBSDConfigApplyConfiguration struct { URL *string `json:"url,omitempty"` @@ -39,7 +39,7 @@ type PuppetDBSDConfigApplyConfiguration struct { EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` } -// PuppetDBSDConfigApplyConfiguration constructs an declarative configuration of the PuppetDBSDConfig type for use with +// PuppetDBSDConfigApplyConfiguration constructs a declarative configuration of the PuppetDBSDConfig type for use with // apply. func PuppetDBSDConfig() *PuppetDBSDConfigApplyConfiguration { return &PuppetDBSDConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/pushoverconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/pushoverconfig.go index 21d38957581..822e174d399 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/pushoverconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/pushoverconfig.go @@ -21,7 +21,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// PushoverConfigApplyConfiguration represents an declarative configuration of the PushoverConfig type for use +// PushoverConfigApplyConfiguration represents a declarative configuration of the PushoverConfig type for use // with apply. type PushoverConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -43,7 +43,7 @@ type PushoverConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// PushoverConfigApplyConfiguration constructs an declarative configuration of the PushoverConfig type for use with +// PushoverConfigApplyConfiguration constructs a declarative configuration of the PushoverConfig type for use with // apply. func PushoverConfig() *PushoverConfigApplyConfiguration { return &PushoverConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/receiver.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/receiver.go index 13a4175c55a..46fa76c5308 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/receiver.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/receiver.go @@ -16,7 +16,7 @@ package v1alpha1 -// ReceiverApplyConfiguration represents an declarative configuration of the Receiver type for use +// ReceiverApplyConfiguration represents a declarative configuration of the Receiver type for use // with apply. type ReceiverApplyConfiguration struct { Name *string `json:"name,omitempty"` @@ -35,7 +35,7 @@ type ReceiverApplyConfiguration struct { MSTeamsConfigs []MSTeamsConfigApplyConfiguration `json:"msteamsConfigs,omitempty"` } -// ReceiverApplyConfiguration constructs an declarative configuration of the Receiver type for use with +// ReceiverApplyConfiguration constructs a declarative configuration of the Receiver type for use with // apply. func Receiver() *ReceiverApplyConfiguration { return &ReceiverApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/route.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/route.go index cbcca407616..273fc89f5b4 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/route.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/route.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" ) -// RouteApplyConfiguration represents an declarative configuration of the Route type for use +// RouteApplyConfiguration represents a declarative configuration of the Route type for use // with apply. type RouteApplyConfiguration struct { Receiver *string `json:"receiver,omitempty"` @@ -35,7 +35,7 @@ type RouteApplyConfiguration struct { ActiveTimeIntervals []string `json:"activeTimeIntervals,omitempty"` } -// RouteApplyConfiguration constructs an declarative configuration of the Route type for use with +// RouteApplyConfiguration constructs a declarative configuration of the Route type for use with // apply. func Route() *RouteApplyConfiguration { return &RouteApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/scalewaysdconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/scalewaysdconfig.go new file mode 100644 index 00000000000..86782aa1ef2 --- /dev/null +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/scalewaysdconfig.go @@ -0,0 +1,193 @@ +// Copyright The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" + applyconfigurationmonitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" + v1 "k8s.io/api/core/v1" +) + +// ScalewaySDConfigApplyConfiguration represents a declarative configuration of the ScalewaySDConfig type for use +// with apply. +type ScalewaySDConfigApplyConfiguration struct { + AccessKey *string `json:"accessKey,omitempty"` + SecretKey *v1.SecretKeySelector `json:"secretKey,omitempty"` + ProjectID *string `json:"projectID,omitempty"` + Role *v1alpha1.ScalewayRole `json:"role,omitempty"` + Port *int32 `json:"port,omitempty"` + ApiURL *string `json:"apiURL,omitempty"` + Zone *string `json:"zone,omitempty"` + NameFilter *string `json:"nameFilter,omitempty"` + TagsFilter []string `json:"tagsFilter,omitempty"` + RefreshInterval *monitoringv1.Duration `json:"refreshInterval,omitempty"` + applyconfigurationmonitoringv1.ProxyConfigApplyConfiguration `json:",inline"` + FollowRedirects *bool `json:"followRedirects,omitempty"` + EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` + TLSConfig *applyconfigurationmonitoringv1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` +} + +// ScalewaySDConfigApplyConfiguration constructs a declarative configuration of the ScalewaySDConfig type for use with +// apply. +func ScalewaySDConfig() *ScalewaySDConfigApplyConfiguration { + return &ScalewaySDConfigApplyConfiguration{} +} + +// WithAccessKey sets the AccessKey field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AccessKey field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithAccessKey(value string) *ScalewaySDConfigApplyConfiguration { + b.AccessKey = &value + return b +} + +// WithSecretKey sets the SecretKey field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretKey field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithSecretKey(value v1.SecretKeySelector) *ScalewaySDConfigApplyConfiguration { + b.SecretKey = &value + return b +} + +// WithProjectID sets the ProjectID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProjectID field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithProjectID(value string) *ScalewaySDConfigApplyConfiguration { + b.ProjectID = &value + return b +} + +// WithRole sets the Role field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Role field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithRole(value v1alpha1.ScalewayRole) *ScalewaySDConfigApplyConfiguration { + b.Role = &value + return b +} + +// WithPort sets the Port field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Port field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithPort(value int32) *ScalewaySDConfigApplyConfiguration { + b.Port = &value + return b +} + +// WithApiURL sets the ApiURL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ApiURL field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithApiURL(value string) *ScalewaySDConfigApplyConfiguration { + b.ApiURL = &value + return b +} + +// WithZone sets the Zone field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Zone field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithZone(value string) *ScalewaySDConfigApplyConfiguration { + b.Zone = &value + return b +} + +// WithNameFilter sets the NameFilter field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NameFilter field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithNameFilter(value string) *ScalewaySDConfigApplyConfiguration { + b.NameFilter = &value + return b +} + +// WithTagsFilter adds the given value to the TagsFilter field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TagsFilter field. +func (b *ScalewaySDConfigApplyConfiguration) WithTagsFilter(values ...string) *ScalewaySDConfigApplyConfiguration { + for i := range values { + b.TagsFilter = append(b.TagsFilter, values[i]) + } + return b +} + +// WithRefreshInterval sets the RefreshInterval field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RefreshInterval field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithRefreshInterval(value monitoringv1.Duration) *ScalewaySDConfigApplyConfiguration { + b.RefreshInterval = &value + return b +} + +// WithProxyURL sets the ProxyURL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyURL field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithProxyURL(value string) *ScalewaySDConfigApplyConfiguration { + b.ProxyURL = &value + return b +} + +// WithNoProxy sets the NoProxy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NoProxy field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithNoProxy(value string) *ScalewaySDConfigApplyConfiguration { + b.NoProxy = &value + return b +} + +// WithProxyFromEnvironment sets the ProxyFromEnvironment field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyFromEnvironment field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithProxyFromEnvironment(value bool) *ScalewaySDConfigApplyConfiguration { + b.ProxyFromEnvironment = &value + return b +} + +// WithProxyConnectHeader puts the entries into the ProxyConnectHeader field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the ProxyConnectHeader field, +// overwriting an existing map entries in ProxyConnectHeader field with the same key. +func (b *ScalewaySDConfigApplyConfiguration) WithProxyConnectHeader(entries map[string][]v1.SecretKeySelector) *ScalewaySDConfigApplyConfiguration { + if b.ProxyConnectHeader == nil && len(entries) > 0 { + b.ProxyConnectHeader = make(map[string][]v1.SecretKeySelector, len(entries)) + } + for k, v := range entries { + b.ProxyConnectHeader[k] = v + } + return b +} + +// WithFollowRedirects sets the FollowRedirects field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the FollowRedirects field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithFollowRedirects(value bool) *ScalewaySDConfigApplyConfiguration { + b.FollowRedirects = &value + return b +} + +// WithEnableHTTP2 sets the EnableHTTP2 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the EnableHTTP2 field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithEnableHTTP2(value bool) *ScalewaySDConfigApplyConfiguration { + b.EnableHTTP2 = &value + return b +} + +// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TLSConfig field is set to the value of the last call. +func (b *ScalewaySDConfigApplyConfiguration) WithTLSConfig(value *applyconfigurationmonitoringv1.SafeTLSConfigApplyConfiguration) *ScalewaySDConfigApplyConfiguration { + b.TLSConfig = value + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/scrapeconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/scrapeconfig.go index 6c5dc1665c2..1f75cf63d8f 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/scrapeconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/scrapeconfig.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// ScrapeConfigApplyConfiguration represents an declarative configuration of the ScrapeConfig type for use +// ScrapeConfigApplyConfiguration represents a declarative configuration of the ScrapeConfig type for use // with apply. type ScrapeConfigApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` @@ -30,7 +30,7 @@ type ScrapeConfigApplyConfiguration struct { Spec *ScrapeConfigSpecApplyConfiguration `json:"spec,omitempty"` } -// ScrapeConfig constructs an declarative configuration of the ScrapeConfig type for use with +// ScrapeConfig constructs a declarative configuration of the ScrapeConfig type for use with // apply. func ScrapeConfig(name, namespace string) *ScrapeConfigApplyConfiguration { b := &ScrapeConfigApplyConfiguration{} @@ -206,3 +206,9 @@ func (b *ScrapeConfigApplyConfiguration) WithSpec(value *ScrapeConfigSpecApplyCo b.Spec = value return b } + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *ScrapeConfigApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.Name +} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/scrapeconfigspec.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/scrapeconfigspec.go index c5a46f5acdd..f0407a247f8 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/scrapeconfigspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/scrapeconfigspec.go @@ -20,59 +20,64 @@ import ( monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" v1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" corev1 "k8s.io/api/core/v1" + resource "k8s.io/apimachinery/pkg/api/resource" ) -// ScrapeConfigSpecApplyConfiguration represents an declarative configuration of the ScrapeConfigSpec type for use +// ScrapeConfigSpecApplyConfiguration represents a declarative configuration of the ScrapeConfigSpec type for use // with apply. type ScrapeConfigSpecApplyConfiguration struct { - JobName *string `json:"jobName,omitempty"` - StaticConfigs []StaticConfigApplyConfiguration `json:"staticConfigs,omitempty"` - FileSDConfigs []FileSDConfigApplyConfiguration `json:"fileSDConfigs,omitempty"` - HTTPSDConfigs []HTTPSDConfigApplyConfiguration `json:"httpSDConfigs,omitempty"` - KubernetesSDConfigs []KubernetesSDConfigApplyConfiguration `json:"kubernetesSDConfigs,omitempty"` - ConsulSDConfigs []ConsulSDConfigApplyConfiguration `json:"consulSDConfigs,omitempty"` - DNSSDConfigs []DNSSDConfigApplyConfiguration `json:"dnsSDConfigs,omitempty"` - EC2SDConfigs []EC2SDConfigApplyConfiguration `json:"ec2SDConfigs,omitempty"` - AzureSDConfigs []AzureSDConfigApplyConfiguration `json:"azureSDConfigs,omitempty"` - GCESDConfigs []GCESDConfigApplyConfiguration `json:"gceSDConfigs,omitempty"` - OpenStackSDConfigs []OpenStackSDConfigApplyConfiguration `json:"openstackSDConfigs,omitempty"` - DigitalOceanSDConfigs []DigitalOceanSDConfigApplyConfiguration `json:"digitalOceanSDConfigs,omitempty"` - KumaSDConfigs []KumaSDConfigApplyConfiguration `json:"kumaSDConfigs,omitempty"` - EurekaSDConfigs []EurekaSDConfigApplyConfiguration `json:"eurekaSDConfigs,omitempty"` - DockerSDConfigs []DockerSDConfigApplyConfiguration `json:"dockerSDConfigs,omitempty"` - LinodeSDConfigs []LinodeSDConfigApplyConfiguration `json:"linodeSDConfigs,omitempty"` - HetznerSDConfigs []HetznerSDConfigApplyConfiguration `json:"hetznerSDConfigs,omitempty"` - NomadSDConfigs []NomadSDConfigApplyConfiguration `json:"NomadSDConfigs,omitempty"` - DockerSwarmSDConfigs []DockerSwarmSDConfigApplyConfiguration `json:"dockerSwarmSDConfigs,omitempty"` - PuppetDBSDConfigs []PuppetDBSDConfigApplyConfiguration `json:"puppetDBSDConfigs,omitempty"` - LightSailSDConfigs []LightSailSDConfigApplyConfiguration `json:"lightSailSDConfigs,omitempty"` - OVHCloudSDConfigs []OVHCloudSDConfigApplyConfiguration `json:"ovhcloudSDConfigs,omitempty"` - RelabelConfigs []v1.RelabelConfigApplyConfiguration `json:"relabelings,omitempty"` - MetricsPath *string `json:"metricsPath,omitempty"` - ScrapeInterval *monitoringv1.Duration `json:"scrapeInterval,omitempty"` - ScrapeTimeout *monitoringv1.Duration `json:"scrapeTimeout,omitempty"` - ScrapeProtocols []monitoringv1.ScrapeProtocol `json:"scrapeProtocols,omitempty"` - HonorTimestamps *bool `json:"honorTimestamps,omitempty"` - TrackTimestampsStaleness *bool `json:"trackTimestampsStaleness,omitempty"` - HonorLabels *bool `json:"honorLabels,omitempty"` - Params map[string][]string `json:"params,omitempty"` - Scheme *string `json:"scheme,omitempty"` - EnableCompression *bool `json:"enableCompression,omitempty"` - BasicAuth *v1.BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` - Authorization *v1.SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` - TLSConfig *v1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` - SampleLimit *uint64 `json:"sampleLimit,omitempty"` - TargetLimit *uint64 `json:"targetLimit,omitempty"` - LabelLimit *uint64 `json:"labelLimit,omitempty"` - LabelNameLengthLimit *uint64 `json:"labelNameLengthLimit,omitempty"` - LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` - KeepDroppedTargets *uint64 `json:"keepDroppedTargets,omitempty"` - MetricRelabelConfigs []v1.RelabelConfigApplyConfiguration `json:"metricRelabelings,omitempty"` - v1.ProxyConfigApplyConfiguration `json:",inline"` - ScrapeClassName *string `json:"scrapeClass,omitempty"` -} - -// ScrapeConfigSpecApplyConfiguration constructs an declarative configuration of the ScrapeConfigSpec type for use with + JobName *string `json:"jobName,omitempty"` + StaticConfigs []StaticConfigApplyConfiguration `json:"staticConfigs,omitempty"` + FileSDConfigs []FileSDConfigApplyConfiguration `json:"fileSDConfigs,omitempty"` + HTTPSDConfigs []HTTPSDConfigApplyConfiguration `json:"httpSDConfigs,omitempty"` + KubernetesSDConfigs []KubernetesSDConfigApplyConfiguration `json:"kubernetesSDConfigs,omitempty"` + ConsulSDConfigs []ConsulSDConfigApplyConfiguration `json:"consulSDConfigs,omitempty"` + DNSSDConfigs []DNSSDConfigApplyConfiguration `json:"dnsSDConfigs,omitempty"` + EC2SDConfigs []EC2SDConfigApplyConfiguration `json:"ec2SDConfigs,omitempty"` + AzureSDConfigs []AzureSDConfigApplyConfiguration `json:"azureSDConfigs,omitempty"` + GCESDConfigs []GCESDConfigApplyConfiguration `json:"gceSDConfigs,omitempty"` + OpenStackSDConfigs []OpenStackSDConfigApplyConfiguration `json:"openstackSDConfigs,omitempty"` + DigitalOceanSDConfigs []DigitalOceanSDConfigApplyConfiguration `json:"digitalOceanSDConfigs,omitempty"` + KumaSDConfigs []KumaSDConfigApplyConfiguration `json:"kumaSDConfigs,omitempty"` + EurekaSDConfigs []EurekaSDConfigApplyConfiguration `json:"eurekaSDConfigs,omitempty"` + DockerSDConfigs []DockerSDConfigApplyConfiguration `json:"dockerSDConfigs,omitempty"` + LinodeSDConfigs []LinodeSDConfigApplyConfiguration `json:"linodeSDConfigs,omitempty"` + HetznerSDConfigs []HetznerSDConfigApplyConfiguration `json:"hetznerSDConfigs,omitempty"` + NomadSDConfigs []NomadSDConfigApplyConfiguration `json:"nomadSDConfigs,omitempty"` + DockerSwarmSDConfigs []DockerSwarmSDConfigApplyConfiguration `json:"dockerSwarmSDConfigs,omitempty"` + PuppetDBSDConfigs []PuppetDBSDConfigApplyConfiguration `json:"puppetDBSDConfigs,omitempty"` + LightSailSDConfigs []LightSailSDConfigApplyConfiguration `json:"lightSailSDConfigs,omitempty"` + OVHCloudSDConfigs []OVHCloudSDConfigApplyConfiguration `json:"ovhcloudSDConfigs,omitempty"` + ScalewaySDConfigs []ScalewaySDConfigApplyConfiguration `json:"scalewaySDConfigs,omitempty"` + IonosSDConfigs []IonosSDConfigApplyConfiguration `json:"ionosSDConfigs,omitempty"` + RelabelConfigs []v1.RelabelConfigApplyConfiguration `json:"relabelings,omitempty"` + MetricsPath *string `json:"metricsPath,omitempty"` + ScrapeInterval *monitoringv1.Duration `json:"scrapeInterval,omitempty"` + ScrapeTimeout *monitoringv1.Duration `json:"scrapeTimeout,omitempty"` + ScrapeProtocols []monitoringv1.ScrapeProtocol `json:"scrapeProtocols,omitempty"` + HonorTimestamps *bool `json:"honorTimestamps,omitempty"` + TrackTimestampsStaleness *bool `json:"trackTimestampsStaleness,omitempty"` + HonorLabels *bool `json:"honorLabels,omitempty"` + Params map[string][]string `json:"params,omitempty"` + Scheme *string `json:"scheme,omitempty"` + EnableCompression *bool `json:"enableCompression,omitempty"` + BasicAuth *v1.BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` + Authorization *v1.SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` + OAuth2 *v1.OAuth2ApplyConfiguration `json:"oauth2,omitempty"` + TLSConfig *v1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` + SampleLimit *uint64 `json:"sampleLimit,omitempty"` + TargetLimit *uint64 `json:"targetLimit,omitempty"` + LabelLimit *uint64 `json:"labelLimit,omitempty"` + LabelNameLengthLimit *uint64 `json:"labelNameLengthLimit,omitempty"` + LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"` + v1.NativeHistogramConfigApplyConfiguration `json:",inline"` + KeepDroppedTargets *uint64 `json:"keepDroppedTargets,omitempty"` + MetricRelabelConfigs []v1.RelabelConfigApplyConfiguration `json:"metricRelabelings,omitempty"` + v1.ProxyConfigApplyConfiguration `json:",inline"` + ScrapeClassName *string `json:"scrapeClass,omitempty"` +} + +// ScrapeConfigSpecApplyConfiguration constructs a declarative configuration of the ScrapeConfigSpec type for use with // apply. func ScrapeConfigSpec() *ScrapeConfigSpecApplyConfiguration { return &ScrapeConfigSpecApplyConfiguration{} @@ -359,6 +364,32 @@ func (b *ScrapeConfigSpecApplyConfiguration) WithOVHCloudSDConfigs(values ...*OV return b } +// WithScalewaySDConfigs adds the given value to the ScalewaySDConfigs field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ScalewaySDConfigs field. +func (b *ScrapeConfigSpecApplyConfiguration) WithScalewaySDConfigs(values ...*ScalewaySDConfigApplyConfiguration) *ScrapeConfigSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithScalewaySDConfigs") + } + b.ScalewaySDConfigs = append(b.ScalewaySDConfigs, *values[i]) + } + return b +} + +// WithIonosSDConfigs adds the given value to the IonosSDConfigs field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the IonosSDConfigs field. +func (b *ScrapeConfigSpecApplyConfiguration) WithIonosSDConfigs(values ...*IonosSDConfigApplyConfiguration) *ScrapeConfigSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithIonosSDConfigs") + } + b.IonosSDConfigs = append(b.IonosSDConfigs, *values[i]) + } + return b +} + // WithRelabelConfigs adds the given value to the RelabelConfigs field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the RelabelConfigs field. @@ -476,6 +507,14 @@ func (b *ScrapeConfigSpecApplyConfiguration) WithAuthorization(value *v1.SafeAut return b } +// WithOAuth2 sets the OAuth2 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OAuth2 field is set to the value of the last call. +func (b *ScrapeConfigSpecApplyConfiguration) WithOAuth2(value *v1.OAuth2ApplyConfiguration) *ScrapeConfigSpecApplyConfiguration { + b.OAuth2 = value + return b +} + // WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the TLSConfig field is set to the value of the last call. @@ -524,6 +563,30 @@ func (b *ScrapeConfigSpecApplyConfiguration) WithLabelValueLengthLimit(value uin return b } +// WithScrapeClassicHistograms sets the ScrapeClassicHistograms field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ScrapeClassicHistograms field is set to the value of the last call. +func (b *ScrapeConfigSpecApplyConfiguration) WithScrapeClassicHistograms(value bool) *ScrapeConfigSpecApplyConfiguration { + b.ScrapeClassicHistograms = &value + return b +} + +// WithNativeHistogramBucketLimit sets the NativeHistogramBucketLimit field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NativeHistogramBucketLimit field is set to the value of the last call. +func (b *ScrapeConfigSpecApplyConfiguration) WithNativeHistogramBucketLimit(value uint64) *ScrapeConfigSpecApplyConfiguration { + b.NativeHistogramBucketLimit = &value + return b +} + +// WithNativeHistogramMinBucketFactor sets the NativeHistogramMinBucketFactor field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NativeHistogramMinBucketFactor field is set to the value of the last call. +func (b *ScrapeConfigSpecApplyConfiguration) WithNativeHistogramMinBucketFactor(value resource.Quantity) *ScrapeConfigSpecApplyConfiguration { + b.NativeHistogramMinBucketFactor = &value + return b +} + // WithKeepDroppedTargets sets the KeepDroppedTargets field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the KeepDroppedTargets field is set to the value of the last call. diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/slackaction.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/slackaction.go index bc536ddcb51..39878c54a6b 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/slackaction.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/slackaction.go @@ -16,7 +16,7 @@ package v1alpha1 -// SlackActionApplyConfiguration represents an declarative configuration of the SlackAction type for use +// SlackActionApplyConfiguration represents a declarative configuration of the SlackAction type for use // with apply. type SlackActionApplyConfiguration struct { Type *string `json:"type,omitempty"` @@ -28,7 +28,7 @@ type SlackActionApplyConfiguration struct { ConfirmField *SlackConfirmationFieldApplyConfiguration `json:"confirm,omitempty"` } -// SlackActionApplyConfiguration constructs an declarative configuration of the SlackAction type for use with +// SlackActionApplyConfiguration constructs a declarative configuration of the SlackAction type for use with // apply. func SlackAction() *SlackActionApplyConfiguration { return &SlackActionApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/slackconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/slackconfig.go index 72b66d34d86..d0c9904f15a 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/slackconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/slackconfig.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// SlackConfigApplyConfiguration represents an declarative configuration of the SlackConfig type for use +// SlackConfigApplyConfiguration represents a declarative configuration of the SlackConfig type for use // with apply. type SlackConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -47,7 +47,7 @@ type SlackConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// SlackConfigApplyConfiguration constructs an declarative configuration of the SlackConfig type for use with +// SlackConfigApplyConfiguration constructs a declarative configuration of the SlackConfig type for use with // apply. func SlackConfig() *SlackConfigApplyConfiguration { return &SlackConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/slackconfirmationfield.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/slackconfirmationfield.go index d2cdf26918e..3af8545a877 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/slackconfirmationfield.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/slackconfirmationfield.go @@ -16,7 +16,7 @@ package v1alpha1 -// SlackConfirmationFieldApplyConfiguration represents an declarative configuration of the SlackConfirmationField type for use +// SlackConfirmationFieldApplyConfiguration represents a declarative configuration of the SlackConfirmationField type for use // with apply. type SlackConfirmationFieldApplyConfiguration struct { Text *string `json:"text,omitempty"` @@ -25,7 +25,7 @@ type SlackConfirmationFieldApplyConfiguration struct { DismissText *string `json:"dismissText,omitempty"` } -// SlackConfirmationFieldApplyConfiguration constructs an declarative configuration of the SlackConfirmationField type for use with +// SlackConfirmationFieldApplyConfiguration constructs a declarative configuration of the SlackConfirmationField type for use with // apply. func SlackConfirmationField() *SlackConfirmationFieldApplyConfiguration { return &SlackConfirmationFieldApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/slackfield.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/slackfield.go index 3aad90eb7e1..e4cef84de62 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/slackfield.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/slackfield.go @@ -16,7 +16,7 @@ package v1alpha1 -// SlackFieldApplyConfiguration represents an declarative configuration of the SlackField type for use +// SlackFieldApplyConfiguration represents a declarative configuration of the SlackField type for use // with apply. type SlackFieldApplyConfiguration struct { Title *string `json:"title,omitempty"` @@ -24,7 +24,7 @@ type SlackFieldApplyConfiguration struct { Short *bool `json:"short,omitempty"` } -// SlackFieldApplyConfiguration constructs an declarative configuration of the SlackField type for use with +// SlackFieldApplyConfiguration constructs a declarative configuration of the SlackField type for use with // apply. func SlackField() *SlackFieldApplyConfiguration { return &SlackFieldApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/snsconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/snsconfig.go index 00616e002b1..ec078b0221b 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/snsconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/snsconfig.go @@ -20,7 +20,7 @@ import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" ) -// SNSConfigApplyConfiguration represents an declarative configuration of the SNSConfig type for use +// SNSConfigApplyConfiguration represents a declarative configuration of the SNSConfig type for use // with apply. type SNSConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -35,7 +35,7 @@ type SNSConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// SNSConfigApplyConfiguration constructs an declarative configuration of the SNSConfig type for use with +// SNSConfigApplyConfiguration constructs a declarative configuration of the SNSConfig type for use with // apply. func SNSConfig() *SNSConfigApplyConfiguration { return &SNSConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/staticconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/staticconfig.go index 896cbba9b1a..da1900f7bd9 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/staticconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/staticconfig.go @@ -17,18 +17,17 @@ package v1alpha1 import ( - v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" ) -// StaticConfigApplyConfiguration represents an declarative configuration of the StaticConfig type for use +// StaticConfigApplyConfiguration represents a declarative configuration of the StaticConfig type for use // with apply. type StaticConfigApplyConfiguration struct { - Targets []v1alpha1.Target `json:"targets,omitempty"` - Labels map[v1.LabelName]string `json:"labels,omitempty"` + Targets []v1alpha1.Target `json:"targets,omitempty"` + Labels map[string]string `json:"labels,omitempty"` } -// StaticConfigApplyConfiguration constructs an declarative configuration of the StaticConfig type for use with +// StaticConfigApplyConfiguration constructs a declarative configuration of the StaticConfig type for use with // apply. func StaticConfig() *StaticConfigApplyConfiguration { return &StaticConfigApplyConfiguration{} @@ -48,9 +47,9 @@ func (b *StaticConfigApplyConfiguration) WithTargets(values ...v1alpha1.Target) // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, the entries provided by each call will be put on the Labels field, // overwriting an existing map entries in Labels field with the same key. -func (b *StaticConfigApplyConfiguration) WithLabels(entries map[v1.LabelName]string) *StaticConfigApplyConfiguration { +func (b *StaticConfigApplyConfiguration) WithLabels(entries map[string]string) *StaticConfigApplyConfiguration { if b.Labels == nil && len(entries) > 0 { - b.Labels = make(map[v1.LabelName]string, len(entries)) + b.Labels = make(map[string]string, len(entries)) } for k, v := range entries { b.Labels[k] = v diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/telegramconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/telegramconfig.go index 44cd5812455..d53396c4863 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/telegramconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/telegramconfig.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// TelegramConfigApplyConfiguration represents an declarative configuration of the TelegramConfig type for use +// TelegramConfigApplyConfiguration represents a declarative configuration of the TelegramConfig type for use // with apply. type TelegramConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -34,7 +34,7 @@ type TelegramConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// TelegramConfigApplyConfiguration constructs an declarative configuration of the TelegramConfig type for use with +// TelegramConfigApplyConfiguration constructs a declarative configuration of the TelegramConfig type for use with // apply. func TelegramConfig() *TelegramConfigApplyConfiguration { return &TelegramConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/timeinterval.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/timeinterval.go index cc0eaa78092..97f93923f4a 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/timeinterval.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/timeinterval.go @@ -20,7 +20,7 @@ import ( monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" ) -// TimeIntervalApplyConfiguration represents an declarative configuration of the TimeInterval type for use +// TimeIntervalApplyConfiguration represents a declarative configuration of the TimeInterval type for use // with apply. type TimeIntervalApplyConfiguration struct { Times []TimeRangeApplyConfiguration `json:"times,omitempty"` @@ -30,7 +30,7 @@ type TimeIntervalApplyConfiguration struct { Years []monitoringv1alpha1.YearRange `json:"years,omitempty"` } -// TimeIntervalApplyConfiguration constructs an declarative configuration of the TimeInterval type for use with +// TimeIntervalApplyConfiguration constructs a declarative configuration of the TimeInterval type for use with // apply. func TimeInterval() *TimeIntervalApplyConfiguration { return &TimeIntervalApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/timerange.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/timerange.go index 0fb7a155f9a..bf9810e4b8a 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/timerange.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/timerange.go @@ -20,14 +20,14 @@ import ( v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" ) -// TimeRangeApplyConfiguration represents an declarative configuration of the TimeRange type for use +// TimeRangeApplyConfiguration represents a declarative configuration of the TimeRange type for use // with apply. type TimeRangeApplyConfiguration struct { StartTime *v1alpha1.Time `json:"startTime,omitempty"` EndTime *v1alpha1.Time `json:"endTime,omitempty"` } -// TimeRangeApplyConfiguration constructs an declarative configuration of the TimeRange type for use with +// TimeRangeApplyConfiguration constructs a declarative configuration of the TimeRange type for use with // apply. func TimeRange() *TimeRangeApplyConfiguration { return &TimeRangeApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/victoropsconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/victoropsconfig.go index 0007d853125..b1632d5f4ff 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/victoropsconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/victoropsconfig.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// VictorOpsConfigApplyConfiguration represents an declarative configuration of the VictorOpsConfig type for use +// VictorOpsConfigApplyConfiguration represents a declarative configuration of the VictorOpsConfig type for use // with apply. type VictorOpsConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -35,7 +35,7 @@ type VictorOpsConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// VictorOpsConfigApplyConfiguration constructs an declarative configuration of the VictorOpsConfig type for use with +// VictorOpsConfigApplyConfiguration constructs a declarative configuration of the VictorOpsConfig type for use with // apply. func VictorOpsConfig() *VictorOpsConfigApplyConfiguration { return &VictorOpsConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/webexconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/webexconfig.go index 85689a14e1a..8aff62337a6 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/webexconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/webexconfig.go @@ -20,7 +20,7 @@ import ( v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" ) -// WebexConfigApplyConfiguration represents an declarative configuration of the WebexConfig type for use +// WebexConfigApplyConfiguration represents a declarative configuration of the WebexConfig type for use // with apply. type WebexConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -30,7 +30,7 @@ type WebexConfigApplyConfiguration struct { RoomID *string `json:"roomID,omitempty"` } -// WebexConfigApplyConfiguration constructs an declarative configuration of the WebexConfig type for use with +// WebexConfigApplyConfiguration constructs a declarative configuration of the WebexConfig type for use with // apply. func WebexConfig() *WebexConfigApplyConfiguration { return &WebexConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/webhookconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/webhookconfig.go index cc404e67f00..388588ee043 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/webhookconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/webhookconfig.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// WebhookConfigApplyConfiguration represents an declarative configuration of the WebhookConfig type for use +// WebhookConfigApplyConfiguration represents a declarative configuration of the WebhookConfig type for use // with apply. type WebhookConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -30,7 +30,7 @@ type WebhookConfigApplyConfiguration struct { MaxAlerts *int32 `json:"maxAlerts,omitempty"` } -// WebhookConfigApplyConfiguration constructs an declarative configuration of the WebhookConfig type for use with +// WebhookConfigApplyConfiguration constructs a declarative configuration of the WebhookConfig type for use with // apply. func WebhookConfig() *WebhookConfigApplyConfiguration { return &WebhookConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/wechatconfig.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/wechatconfig.go index 40dc0317575..de747f63391 100644 --- a/pkg/client/applyconfiguration/monitoring/v1alpha1/wechatconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/wechatconfig.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// WeChatConfigApplyConfiguration represents an declarative configuration of the WeChatConfig type for use +// WeChatConfigApplyConfiguration represents a declarative configuration of the WeChatConfig type for use // with apply. type WeChatConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -36,7 +36,7 @@ type WeChatConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// WeChatConfigApplyConfiguration constructs an declarative configuration of the WeChatConfig type for use with +// WeChatConfigApplyConfiguration constructs a declarative configuration of the WeChatConfig type for use with // apply. func WeChatConfig() *WeChatConfigApplyConfiguration { return &WeChatConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/alertmanagerconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/alertmanagerconfig.go index c0c240326ae..89927be9a64 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/alertmanagerconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/alertmanagerconfig.go @@ -22,7 +22,7 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// AlertmanagerConfigApplyConfiguration represents an declarative configuration of the AlertmanagerConfig type for use +// AlertmanagerConfigApplyConfiguration represents a declarative configuration of the AlertmanagerConfig type for use // with apply. type AlertmanagerConfigApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` @@ -30,7 +30,7 @@ type AlertmanagerConfigApplyConfiguration struct { Spec *AlertmanagerConfigSpecApplyConfiguration `json:"spec,omitempty"` } -// AlertmanagerConfig constructs an declarative configuration of the AlertmanagerConfig type for use with +// AlertmanagerConfig constructs a declarative configuration of the AlertmanagerConfig type for use with // apply. func AlertmanagerConfig(name, namespace string) *AlertmanagerConfigApplyConfiguration { b := &AlertmanagerConfigApplyConfiguration{} @@ -206,3 +206,9 @@ func (b *AlertmanagerConfigApplyConfiguration) WithSpec(value *AlertmanagerConfi b.Spec = value return b } + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *AlertmanagerConfigApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.Name +} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/alertmanagerconfigspec.go b/pkg/client/applyconfiguration/monitoring/v1beta1/alertmanagerconfigspec.go index 372a9ec13fe..7a35020e200 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/alertmanagerconfigspec.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/alertmanagerconfigspec.go @@ -16,7 +16,7 @@ package v1beta1 -// AlertmanagerConfigSpecApplyConfiguration represents an declarative configuration of the AlertmanagerConfigSpec type for use +// AlertmanagerConfigSpecApplyConfiguration represents a declarative configuration of the AlertmanagerConfigSpec type for use // with apply. type AlertmanagerConfigSpecApplyConfiguration struct { Route *RouteApplyConfiguration `json:"route,omitempty"` @@ -25,7 +25,7 @@ type AlertmanagerConfigSpecApplyConfiguration struct { TimeIntervals []TimeIntervalApplyConfiguration `json:"timeIntervals,omitempty"` } -// AlertmanagerConfigSpecApplyConfiguration constructs an declarative configuration of the AlertmanagerConfigSpec type for use with +// AlertmanagerConfigSpecApplyConfiguration constructs a declarative configuration of the AlertmanagerConfigSpec type for use with // apply. func AlertmanagerConfigSpec() *AlertmanagerConfigSpecApplyConfiguration { return &AlertmanagerConfigSpecApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/dayofmonthrange.go b/pkg/client/applyconfiguration/monitoring/v1beta1/dayofmonthrange.go index b622ba3a284..3ccc92eee83 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/dayofmonthrange.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/dayofmonthrange.go @@ -16,14 +16,14 @@ package v1beta1 -// DayOfMonthRangeApplyConfiguration represents an declarative configuration of the DayOfMonthRange type for use +// DayOfMonthRangeApplyConfiguration represents a declarative configuration of the DayOfMonthRange type for use // with apply. type DayOfMonthRangeApplyConfiguration struct { Start *int `json:"start,omitempty"` End *int `json:"end,omitempty"` } -// DayOfMonthRangeApplyConfiguration constructs an declarative configuration of the DayOfMonthRange type for use with +// DayOfMonthRangeApplyConfiguration constructs a declarative configuration of the DayOfMonthRange type for use with // apply. func DayOfMonthRange() *DayOfMonthRangeApplyConfiguration { return &DayOfMonthRangeApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/discordconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/discordconfig.go index 5e068a527ea..ab8eaa86d9b 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/discordconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/discordconfig.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// DiscordConfigApplyConfiguration represents an declarative configuration of the DiscordConfig type for use +// DiscordConfigApplyConfiguration represents a declarative configuration of the DiscordConfig type for use // with apply. type DiscordConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -30,7 +30,7 @@ type DiscordConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// DiscordConfigApplyConfiguration constructs an declarative configuration of the DiscordConfig type for use with +// DiscordConfigApplyConfiguration constructs a declarative configuration of the DiscordConfig type for use with // apply. func DiscordConfig() *DiscordConfigApplyConfiguration { return &DiscordConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/emailconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/emailconfig.go index 8b5964bdd1e..c9243d9b073 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/emailconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/emailconfig.go @@ -20,7 +20,7 @@ import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" ) -// EmailConfigApplyConfiguration represents an declarative configuration of the EmailConfig type for use +// EmailConfigApplyConfiguration represents a declarative configuration of the EmailConfig type for use // with apply. type EmailConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -39,7 +39,7 @@ type EmailConfigApplyConfiguration struct { TLSConfig *v1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` } -// EmailConfigApplyConfiguration constructs an declarative configuration of the EmailConfig type for use with +// EmailConfigApplyConfiguration constructs a declarative configuration of the EmailConfig type for use with // apply. func EmailConfig() *EmailConfigApplyConfiguration { return &EmailConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/httpconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/httpconfig.go index 581a7a0dc1d..8a70cd3a4dd 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/httpconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/httpconfig.go @@ -18,21 +18,23 @@ package v1beta1 import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" + corev1 "k8s.io/api/core/v1" ) -// HTTPConfigApplyConfiguration represents an declarative configuration of the HTTPConfig type for use +// HTTPConfigApplyConfiguration represents a declarative configuration of the HTTPConfig type for use // with apply. type HTTPConfigApplyConfiguration struct { - Authorization *v1.SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` - BasicAuth *v1.BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` - OAuth2 *v1.OAuth2ApplyConfiguration `json:"oauth2,omitempty"` - BearerTokenSecret *SecretKeySelectorApplyConfiguration `json:"bearerTokenSecret,omitempty"` - TLSConfig *v1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` - ProxyURL *string `json:"proxyURL,omitempty"` - FollowRedirects *bool `json:"followRedirects,omitempty"` + Authorization *v1.SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` + BasicAuth *v1.BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` + OAuth2 *v1.OAuth2ApplyConfiguration `json:"oauth2,omitempty"` + BearerTokenSecret *SecretKeySelectorApplyConfiguration `json:"bearerTokenSecret,omitempty"` + TLSConfig *v1.SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` + ProxyURLOriginal *string `json:"proxyURL,omitempty"` + v1.ProxyConfigApplyConfiguration `json:",inline"` + FollowRedirects *bool `json:"followRedirects,omitempty"` } -// HTTPConfigApplyConfiguration constructs an declarative configuration of the HTTPConfig type for use with +// HTTPConfigApplyConfiguration constructs a declarative configuration of the HTTPConfig type for use with // apply. func HTTPConfig() *HTTPConfigApplyConfiguration { return &HTTPConfigApplyConfiguration{} @@ -78,6 +80,14 @@ func (b *HTTPConfigApplyConfiguration) WithTLSConfig(value *v1.SafeTLSConfigAppl return b } +// WithProxyURLOriginal sets the ProxyURLOriginal field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyURLOriginal field is set to the value of the last call. +func (b *HTTPConfigApplyConfiguration) WithProxyURLOriginal(value string) *HTTPConfigApplyConfiguration { + b.ProxyURLOriginal = &value + return b +} + // WithProxyURL sets the ProxyURL field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the ProxyURL field is set to the value of the last call. @@ -86,6 +96,36 @@ func (b *HTTPConfigApplyConfiguration) WithProxyURL(value string) *HTTPConfigApp return b } +// WithNoProxy sets the NoProxy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NoProxy field is set to the value of the last call. +func (b *HTTPConfigApplyConfiguration) WithNoProxy(value string) *HTTPConfigApplyConfiguration { + b.NoProxy = &value + return b +} + +// WithProxyFromEnvironment sets the ProxyFromEnvironment field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyFromEnvironment field is set to the value of the last call. +func (b *HTTPConfigApplyConfiguration) WithProxyFromEnvironment(value bool) *HTTPConfigApplyConfiguration { + b.ProxyFromEnvironment = &value + return b +} + +// WithProxyConnectHeader puts the entries into the ProxyConnectHeader field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the ProxyConnectHeader field, +// overwriting an existing map entries in ProxyConnectHeader field with the same key. +func (b *HTTPConfigApplyConfiguration) WithProxyConnectHeader(entries map[string][]corev1.SecretKeySelector) *HTTPConfigApplyConfiguration { + if b.ProxyConnectHeader == nil && len(entries) > 0 { + b.ProxyConnectHeader = make(map[string][]corev1.SecretKeySelector, len(entries)) + } + for k, v := range entries { + b.ProxyConnectHeader[k] = v + } + return b +} + // WithFollowRedirects sets the FollowRedirects field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the FollowRedirects field is set to the value of the last call. diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/inhibitrule.go b/pkg/client/applyconfiguration/monitoring/v1beta1/inhibitrule.go index a2c5b80415d..1bbf5b51374 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/inhibitrule.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/inhibitrule.go @@ -16,7 +16,7 @@ package v1beta1 -// InhibitRuleApplyConfiguration represents an declarative configuration of the InhibitRule type for use +// InhibitRuleApplyConfiguration represents a declarative configuration of the InhibitRule type for use // with apply. type InhibitRuleApplyConfiguration struct { TargetMatch []MatcherApplyConfiguration `json:"targetMatch,omitempty"` @@ -24,7 +24,7 @@ type InhibitRuleApplyConfiguration struct { Equal []string `json:"equal,omitempty"` } -// InhibitRuleApplyConfiguration constructs an declarative configuration of the InhibitRule type for use with +// InhibitRuleApplyConfiguration constructs a declarative configuration of the InhibitRule type for use with // apply. func InhibitRule() *InhibitRuleApplyConfiguration { return &InhibitRuleApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/keyvalue.go b/pkg/client/applyconfiguration/monitoring/v1beta1/keyvalue.go index 036912f17c0..751f7272bbc 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/keyvalue.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/keyvalue.go @@ -16,14 +16,14 @@ package v1beta1 -// KeyValueApplyConfiguration represents an declarative configuration of the KeyValue type for use +// KeyValueApplyConfiguration represents a declarative configuration of the KeyValue type for use // with apply. type KeyValueApplyConfiguration struct { Key *string `json:"key,omitempty"` Value *string `json:"value,omitempty"` } -// KeyValueApplyConfiguration constructs an declarative configuration of the KeyValue type for use with +// KeyValueApplyConfiguration constructs a declarative configuration of the KeyValue type for use with // apply. func KeyValue() *KeyValueApplyConfiguration { return &KeyValueApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/matcher.go b/pkg/client/applyconfiguration/monitoring/v1beta1/matcher.go index 9f6fb7fb8df..82f2f674f0e 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/matcher.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/matcher.go @@ -20,7 +20,7 @@ import ( v1beta1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1beta1" ) -// MatcherApplyConfiguration represents an declarative configuration of the Matcher type for use +// MatcherApplyConfiguration represents a declarative configuration of the Matcher type for use // with apply. type MatcherApplyConfiguration struct { Name *string `json:"name,omitempty"` @@ -28,7 +28,7 @@ type MatcherApplyConfiguration struct { MatchType *v1beta1.MatchType `json:"matchType,omitempty"` } -// MatcherApplyConfiguration constructs an declarative configuration of the Matcher type for use with +// MatcherApplyConfiguration constructs a declarative configuration of the Matcher type for use with // apply. func Matcher() *MatcherApplyConfiguration { return &MatcherApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/msteamsconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/msteamsconfig.go index 9c92eecabf9..9bbe152b5dd 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/msteamsconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/msteamsconfig.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/api/core/v1" ) -// MSTeamsConfigApplyConfiguration represents an declarative configuration of the MSTeamsConfig type for use +// MSTeamsConfigApplyConfiguration represents a declarative configuration of the MSTeamsConfig type for use // with apply. type MSTeamsConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -31,7 +31,7 @@ type MSTeamsConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// MSTeamsConfigApplyConfiguration constructs an declarative configuration of the MSTeamsConfig type for use with +// MSTeamsConfigApplyConfiguration constructs a declarative configuration of the MSTeamsConfig type for use with // apply. func MSTeamsConfig() *MSTeamsConfigApplyConfiguration { return &MSTeamsConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/opsgenieconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/opsgenieconfig.go index 4a278d9f659..9fafd3b4658 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/opsgenieconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/opsgenieconfig.go @@ -16,7 +16,7 @@ package v1beta1 -// OpsGenieConfigApplyConfiguration represents an declarative configuration of the OpsGenieConfig type for use +// OpsGenieConfigApplyConfiguration represents a declarative configuration of the OpsGenieConfig type for use // with apply. type OpsGenieConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -35,7 +35,7 @@ type OpsGenieConfigApplyConfiguration struct { Actions *string `json:"actions,omitempty"` } -// OpsGenieConfigApplyConfiguration constructs an declarative configuration of the OpsGenieConfig type for use with +// OpsGenieConfigApplyConfiguration constructs a declarative configuration of the OpsGenieConfig type for use with // apply. func OpsGenieConfig() *OpsGenieConfigApplyConfiguration { return &OpsGenieConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/opsgenieconfigresponder.go b/pkg/client/applyconfiguration/monitoring/v1beta1/opsgenieconfigresponder.go index a790765fc25..298b634a2b5 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/opsgenieconfigresponder.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/opsgenieconfigresponder.go @@ -16,7 +16,7 @@ package v1beta1 -// OpsGenieConfigResponderApplyConfiguration represents an declarative configuration of the OpsGenieConfigResponder type for use +// OpsGenieConfigResponderApplyConfiguration represents a declarative configuration of the OpsGenieConfigResponder type for use // with apply. type OpsGenieConfigResponderApplyConfiguration struct { ID *string `json:"id,omitempty"` @@ -25,7 +25,7 @@ type OpsGenieConfigResponderApplyConfiguration struct { Type *string `json:"type,omitempty"` } -// OpsGenieConfigResponderApplyConfiguration constructs an declarative configuration of the OpsGenieConfigResponder type for use with +// OpsGenieConfigResponderApplyConfiguration constructs a declarative configuration of the OpsGenieConfigResponder type for use with // apply. func OpsGenieConfigResponder() *OpsGenieConfigResponderApplyConfiguration { return &OpsGenieConfigResponderApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/pagerdutyconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/pagerdutyconfig.go index e53295d5a18..653e53ebbf4 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/pagerdutyconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/pagerdutyconfig.go @@ -16,7 +16,7 @@ package v1beta1 -// PagerDutyConfigApplyConfiguration represents an declarative configuration of the PagerDutyConfig type for use +// PagerDutyConfigApplyConfiguration represents a declarative configuration of the PagerDutyConfig type for use // with apply. type PagerDutyConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -37,7 +37,7 @@ type PagerDutyConfigApplyConfiguration struct { Source *string `json:"source,omitempty"` } -// PagerDutyConfigApplyConfiguration constructs an declarative configuration of the PagerDutyConfig type for use with +// PagerDutyConfigApplyConfiguration constructs a declarative configuration of the PagerDutyConfig type for use with // apply. func PagerDutyConfig() *PagerDutyConfigApplyConfiguration { return &PagerDutyConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/pagerdutyimageconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/pagerdutyimageconfig.go index 9dfdae58b5e..d49bc2442cd 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/pagerdutyimageconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/pagerdutyimageconfig.go @@ -16,7 +16,7 @@ package v1beta1 -// PagerDutyImageConfigApplyConfiguration represents an declarative configuration of the PagerDutyImageConfig type for use +// PagerDutyImageConfigApplyConfiguration represents a declarative configuration of the PagerDutyImageConfig type for use // with apply. type PagerDutyImageConfigApplyConfiguration struct { Src *string `json:"src,omitempty"` @@ -24,7 +24,7 @@ type PagerDutyImageConfigApplyConfiguration struct { Alt *string `json:"alt,omitempty"` } -// PagerDutyImageConfigApplyConfiguration constructs an declarative configuration of the PagerDutyImageConfig type for use with +// PagerDutyImageConfigApplyConfiguration constructs a declarative configuration of the PagerDutyImageConfig type for use with // apply. func PagerDutyImageConfig() *PagerDutyImageConfigApplyConfiguration { return &PagerDutyImageConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/pagerdutylinkconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/pagerdutylinkconfig.go index 25b77ccaac5..b4f12a652b4 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/pagerdutylinkconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/pagerdutylinkconfig.go @@ -16,14 +16,14 @@ package v1beta1 -// PagerDutyLinkConfigApplyConfiguration represents an declarative configuration of the PagerDutyLinkConfig type for use +// PagerDutyLinkConfigApplyConfiguration represents a declarative configuration of the PagerDutyLinkConfig type for use // with apply. type PagerDutyLinkConfigApplyConfiguration struct { Href *string `json:"href,omitempty"` Text *string `json:"alt,omitempty"` } -// PagerDutyLinkConfigApplyConfiguration constructs an declarative configuration of the PagerDutyLinkConfig type for use with +// PagerDutyLinkConfigApplyConfiguration constructs a declarative configuration of the PagerDutyLinkConfig type for use with // apply. func PagerDutyLinkConfig() *PagerDutyLinkConfigApplyConfiguration { return &PagerDutyLinkConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/pushoverconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/pushoverconfig.go index b670b4933fc..f9c93f26a86 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/pushoverconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/pushoverconfig.go @@ -20,7 +20,7 @@ import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" ) -// PushoverConfigApplyConfiguration represents an declarative configuration of the PushoverConfig type for use +// PushoverConfigApplyConfiguration represents a declarative configuration of the PushoverConfig type for use // with apply. type PushoverConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -42,7 +42,7 @@ type PushoverConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// PushoverConfigApplyConfiguration constructs an declarative configuration of the PushoverConfig type for use with +// PushoverConfigApplyConfiguration constructs a declarative configuration of the PushoverConfig type for use with // apply. func PushoverConfig() *PushoverConfigApplyConfiguration { return &PushoverConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/receiver.go b/pkg/client/applyconfiguration/monitoring/v1beta1/receiver.go index b952896a860..65c9bf331ae 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/receiver.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/receiver.go @@ -16,7 +16,7 @@ package v1beta1 -// ReceiverApplyConfiguration represents an declarative configuration of the Receiver type for use +// ReceiverApplyConfiguration represents a declarative configuration of the Receiver type for use // with apply. type ReceiverApplyConfiguration struct { Name *string `json:"name,omitempty"` @@ -35,7 +35,7 @@ type ReceiverApplyConfiguration struct { MSTeamsConfigs []MSTeamsConfigApplyConfiguration `json:"msteamsConfigs,omitempty"` } -// ReceiverApplyConfiguration constructs an declarative configuration of the Receiver type for use with +// ReceiverApplyConfiguration constructs a declarative configuration of the Receiver type for use with // apply. func Receiver() *ReceiverApplyConfiguration { return &ReceiverApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/route.go b/pkg/client/applyconfiguration/monitoring/v1beta1/route.go index 659dddceb53..ff77ed87b49 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/route.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/route.go @@ -20,7 +20,7 @@ import ( v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" ) -// RouteApplyConfiguration represents an declarative configuration of the Route type for use +// RouteApplyConfiguration represents a declarative configuration of the Route type for use // with apply. type RouteApplyConfiguration struct { Receiver *string `json:"receiver,omitempty"` @@ -35,7 +35,7 @@ type RouteApplyConfiguration struct { ActiveTimeIntervals []string `json:"activeTimeIntervals,omitempty"` } -// RouteApplyConfiguration constructs an declarative configuration of the Route type for use with +// RouteApplyConfiguration constructs a declarative configuration of the Route type for use with // apply. func Route() *RouteApplyConfiguration { return &RouteApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/secretkeyselector.go b/pkg/client/applyconfiguration/monitoring/v1beta1/secretkeyselector.go index eceffc17fec..ff78d61d3de 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/secretkeyselector.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/secretkeyselector.go @@ -16,14 +16,14 @@ package v1beta1 -// SecretKeySelectorApplyConfiguration represents an declarative configuration of the SecretKeySelector type for use +// SecretKeySelectorApplyConfiguration represents a declarative configuration of the SecretKeySelector type for use // with apply. type SecretKeySelectorApplyConfiguration struct { Name *string `json:"name,omitempty"` Key *string `json:"key,omitempty"` } -// SecretKeySelectorApplyConfiguration constructs an declarative configuration of the SecretKeySelector type for use with +// SecretKeySelectorApplyConfiguration constructs a declarative configuration of the SecretKeySelector type for use with // apply. func SecretKeySelector() *SecretKeySelectorApplyConfiguration { return &SecretKeySelectorApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/slackaction.go b/pkg/client/applyconfiguration/monitoring/v1beta1/slackaction.go index 6515391f014..45511920100 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/slackaction.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/slackaction.go @@ -16,7 +16,7 @@ package v1beta1 -// SlackActionApplyConfiguration represents an declarative configuration of the SlackAction type for use +// SlackActionApplyConfiguration represents a declarative configuration of the SlackAction type for use // with apply. type SlackActionApplyConfiguration struct { Type *string `json:"type,omitempty"` @@ -28,7 +28,7 @@ type SlackActionApplyConfiguration struct { ConfirmField *SlackConfirmationFieldApplyConfiguration `json:"confirm,omitempty"` } -// SlackActionApplyConfiguration constructs an declarative configuration of the SlackAction type for use with +// SlackActionApplyConfiguration constructs a declarative configuration of the SlackAction type for use with // apply. func SlackAction() *SlackActionApplyConfiguration { return &SlackActionApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/slackconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/slackconfig.go index bf4b03d90c9..4c86d5287d3 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/slackconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/slackconfig.go @@ -16,7 +16,7 @@ package v1beta1 -// SlackConfigApplyConfiguration represents an declarative configuration of the SlackConfig type for use +// SlackConfigApplyConfiguration represents a declarative configuration of the SlackConfig type for use // with apply. type SlackConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -43,7 +43,7 @@ type SlackConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// SlackConfigApplyConfiguration constructs an declarative configuration of the SlackConfig type for use with +// SlackConfigApplyConfiguration constructs a declarative configuration of the SlackConfig type for use with // apply. func SlackConfig() *SlackConfigApplyConfiguration { return &SlackConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/slackconfirmationfield.go b/pkg/client/applyconfiguration/monitoring/v1beta1/slackconfirmationfield.go index d9dbdafba99..d3016b6c5a8 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/slackconfirmationfield.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/slackconfirmationfield.go @@ -16,7 +16,7 @@ package v1beta1 -// SlackConfirmationFieldApplyConfiguration represents an declarative configuration of the SlackConfirmationField type for use +// SlackConfirmationFieldApplyConfiguration represents a declarative configuration of the SlackConfirmationField type for use // with apply. type SlackConfirmationFieldApplyConfiguration struct { Text *string `json:"text,omitempty"` @@ -25,7 +25,7 @@ type SlackConfirmationFieldApplyConfiguration struct { DismissText *string `json:"dismissText,omitempty"` } -// SlackConfirmationFieldApplyConfiguration constructs an declarative configuration of the SlackConfirmationField type for use with +// SlackConfirmationFieldApplyConfiguration constructs a declarative configuration of the SlackConfirmationField type for use with // apply. func SlackConfirmationField() *SlackConfirmationFieldApplyConfiguration { return &SlackConfirmationFieldApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/slackfield.go b/pkg/client/applyconfiguration/monitoring/v1beta1/slackfield.go index a32a9ad2180..f7abf63197f 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/slackfield.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/slackfield.go @@ -16,7 +16,7 @@ package v1beta1 -// SlackFieldApplyConfiguration represents an declarative configuration of the SlackField type for use +// SlackFieldApplyConfiguration represents a declarative configuration of the SlackField type for use // with apply. type SlackFieldApplyConfiguration struct { Title *string `json:"title,omitempty"` @@ -24,7 +24,7 @@ type SlackFieldApplyConfiguration struct { Short *bool `json:"short,omitempty"` } -// SlackFieldApplyConfiguration constructs an declarative configuration of the SlackField type for use with +// SlackFieldApplyConfiguration constructs a declarative configuration of the SlackField type for use with // apply. func SlackField() *SlackFieldApplyConfiguration { return &SlackFieldApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/snsconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/snsconfig.go index 71c7e5fe31f..dece1067cfc 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/snsconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/snsconfig.go @@ -20,7 +20,7 @@ import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" ) -// SNSConfigApplyConfiguration represents an declarative configuration of the SNSConfig type for use +// SNSConfigApplyConfiguration represents a declarative configuration of the SNSConfig type for use // with apply. type SNSConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -35,7 +35,7 @@ type SNSConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// SNSConfigApplyConfiguration constructs an declarative configuration of the SNSConfig type for use with +// SNSConfigApplyConfiguration constructs a declarative configuration of the SNSConfig type for use with // apply. func SNSConfig() *SNSConfigApplyConfiguration { return &SNSConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/telegramconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/telegramconfig.go index 7cbf3237c91..aa36f84a017 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/telegramconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/telegramconfig.go @@ -16,7 +16,7 @@ package v1beta1 -// TelegramConfigApplyConfiguration represents an declarative configuration of the TelegramConfig type for use +// TelegramConfigApplyConfiguration represents a declarative configuration of the TelegramConfig type for use // with apply. type TelegramConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -30,7 +30,7 @@ type TelegramConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// TelegramConfigApplyConfiguration constructs an declarative configuration of the TelegramConfig type for use with +// TelegramConfigApplyConfiguration constructs a declarative configuration of the TelegramConfig type for use with // apply. func TelegramConfig() *TelegramConfigApplyConfiguration { return &TelegramConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/timeinterval.go b/pkg/client/applyconfiguration/monitoring/v1beta1/timeinterval.go index a87e4c98c1f..b11c6fea2a0 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/timeinterval.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/timeinterval.go @@ -16,14 +16,14 @@ package v1beta1 -// TimeIntervalApplyConfiguration represents an declarative configuration of the TimeInterval type for use +// TimeIntervalApplyConfiguration represents a declarative configuration of the TimeInterval type for use // with apply. type TimeIntervalApplyConfiguration struct { Name *string `json:"name,omitempty"` TimeIntervals []TimePeriodApplyConfiguration `json:"timeIntervals,omitempty"` } -// TimeIntervalApplyConfiguration constructs an declarative configuration of the TimeInterval type for use with +// TimeIntervalApplyConfiguration constructs a declarative configuration of the TimeInterval type for use with // apply. func TimeInterval() *TimeIntervalApplyConfiguration { return &TimeIntervalApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/timeperiod.go b/pkg/client/applyconfiguration/monitoring/v1beta1/timeperiod.go index b373615afc3..52a35f7800a 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/timeperiod.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/timeperiod.go @@ -20,7 +20,7 @@ import ( monitoringv1beta1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1beta1" ) -// TimePeriodApplyConfiguration represents an declarative configuration of the TimePeriod type for use +// TimePeriodApplyConfiguration represents a declarative configuration of the TimePeriod type for use // with apply. type TimePeriodApplyConfiguration struct { Times []TimeRangeApplyConfiguration `json:"times,omitempty"` @@ -30,7 +30,7 @@ type TimePeriodApplyConfiguration struct { Years []monitoringv1beta1.YearRange `json:"years,omitempty"` } -// TimePeriodApplyConfiguration constructs an declarative configuration of the TimePeriod type for use with +// TimePeriodApplyConfiguration constructs a declarative configuration of the TimePeriod type for use with // apply. func TimePeriod() *TimePeriodApplyConfiguration { return &TimePeriodApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/timerange.go b/pkg/client/applyconfiguration/monitoring/v1beta1/timerange.go index 1f453ea8a43..03931515283 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/timerange.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/timerange.go @@ -20,14 +20,14 @@ import ( v1beta1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1beta1" ) -// TimeRangeApplyConfiguration represents an declarative configuration of the TimeRange type for use +// TimeRangeApplyConfiguration represents a declarative configuration of the TimeRange type for use // with apply. type TimeRangeApplyConfiguration struct { StartTime *v1beta1.Time `json:"startTime,omitempty"` EndTime *v1beta1.Time `json:"endTime,omitempty"` } -// TimeRangeApplyConfiguration constructs an declarative configuration of the TimeRange type for use with +// TimeRangeApplyConfiguration constructs a declarative configuration of the TimeRange type for use with // apply. func TimeRange() *TimeRangeApplyConfiguration { return &TimeRangeApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/victoropsconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/victoropsconfig.go index 4eb8b18c1dd..ffd1be84957 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/victoropsconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/victoropsconfig.go @@ -16,7 +16,7 @@ package v1beta1 -// VictorOpsConfigApplyConfiguration represents an declarative configuration of the VictorOpsConfig type for use +// VictorOpsConfigApplyConfiguration represents a declarative configuration of the VictorOpsConfig type for use // with apply. type VictorOpsConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -31,7 +31,7 @@ type VictorOpsConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// VictorOpsConfigApplyConfiguration constructs an declarative configuration of the VictorOpsConfig type for use with +// VictorOpsConfigApplyConfiguration constructs a declarative configuration of the VictorOpsConfig type for use with // apply. func VictorOpsConfig() *VictorOpsConfigApplyConfiguration { return &VictorOpsConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/webexconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/webexconfig.go index 05c02041908..9209fa2abab 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/webexconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/webexconfig.go @@ -20,7 +20,7 @@ import ( v1beta1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1beta1" ) -// WebexConfigApplyConfiguration represents an declarative configuration of the WebexConfig type for use +// WebexConfigApplyConfiguration represents a declarative configuration of the WebexConfig type for use // with apply. type WebexConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -30,7 +30,7 @@ type WebexConfigApplyConfiguration struct { RoomID *string `json:"roomID,omitempty"` } -// WebexConfigApplyConfiguration constructs an declarative configuration of the WebexConfig type for use with +// WebexConfigApplyConfiguration constructs a declarative configuration of the WebexConfig type for use with // apply. func WebexConfig() *WebexConfigApplyConfiguration { return &WebexConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/webhookconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/webhookconfig.go index d879353422e..38c838de39e 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/webhookconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/webhookconfig.go @@ -16,7 +16,7 @@ package v1beta1 -// WebhookConfigApplyConfiguration represents an declarative configuration of the WebhookConfig type for use +// WebhookConfigApplyConfiguration represents a declarative configuration of the WebhookConfig type for use // with apply. type WebhookConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -26,7 +26,7 @@ type WebhookConfigApplyConfiguration struct { MaxAlerts *int32 `json:"maxAlerts,omitempty"` } -// WebhookConfigApplyConfiguration constructs an declarative configuration of the WebhookConfig type for use with +// WebhookConfigApplyConfiguration constructs a declarative configuration of the WebhookConfig type for use with // apply. func WebhookConfig() *WebhookConfigApplyConfiguration { return &WebhookConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/monitoring/v1beta1/wechatconfig.go b/pkg/client/applyconfiguration/monitoring/v1beta1/wechatconfig.go index 5eaccca2b3b..8ce8441b918 100644 --- a/pkg/client/applyconfiguration/monitoring/v1beta1/wechatconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1beta1/wechatconfig.go @@ -16,7 +16,7 @@ package v1beta1 -// WeChatConfigApplyConfiguration represents an declarative configuration of the WeChatConfig type for use +// WeChatConfigApplyConfiguration represents a declarative configuration of the WeChatConfig type for use // with apply. type WeChatConfigApplyConfiguration struct { SendResolved *bool `json:"sendResolved,omitempty"` @@ -32,7 +32,7 @@ type WeChatConfigApplyConfiguration struct { HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` } -// WeChatConfigApplyConfiguration constructs an declarative configuration of the WeChatConfig type for use with +// WeChatConfigApplyConfiguration constructs a declarative configuration of the WeChatConfig type for use with // apply. func WeChatConfig() *WeChatConfigApplyConfiguration { return &WeChatConfigApplyConfiguration{} diff --git a/pkg/client/applyconfiguration/utils.go b/pkg/client/applyconfiguration/utils.go index 75f404f62d5..759c1a67c84 100644 --- a/pkg/client/applyconfiguration/utils.go +++ b/pkg/client/applyconfiguration/utils.go @@ -20,10 +20,13 @@ import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" v1beta1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1beta1" + internal "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/internal" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1alpha1" monitoringv1beta1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1beta1" + runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" + testing "k8s.io/client-go/testing" ) // ForKind returns an apply configuration type for the given GroupVersionKind, or nil if no @@ -95,10 +98,18 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &monitoringv1.MetadataConfigApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("NamespaceSelector"): return &monitoringv1.NamespaceSelectorApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("NativeHistogramConfig"): + return &monitoringv1.NativeHistogramConfigApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("OAuth2"): return &monitoringv1.OAuth2ApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ObjectReference"): return &monitoringv1.ObjectReferenceApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("OTLPConfig"): + return &monitoringv1.OTLPConfigApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("PodDNSConfig"): + return &monitoringv1.PodDNSConfigApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("PodDNSConfigOption"): + return &monitoringv1.PodDNSConfigOptionApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("PodMetricsEndpoint"): return &monitoringv1.PodMetricsEndpointApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("PodMonitor"): @@ -153,6 +164,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &monitoringv1.RulesApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("RulesAlert"): return &monitoringv1.RulesAlertApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("RuntimeConfig"): + return &monitoringv1.RuntimeConfigApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("SafeAuthorization"): return &monitoringv1.SafeAuthorizationApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("SafeTLSConfig"): @@ -215,16 +228,10 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &monitoringv1alpha1.DiscordConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("DNSSDConfig"): return &monitoringv1alpha1.DNSSDConfigApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("DockerFilter"): - return &monitoringv1alpha1.DockerFilterApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("DockerSDConfig"): return &monitoringv1alpha1.DockerSDConfigApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("DockerSwarmFilter"): - return &monitoringv1alpha1.DockerSwarmFilterApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("DockerSwarmSDConfig"): return &monitoringv1alpha1.DockerSwarmSDConfigApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("EC2Filter"): - return &monitoringv1alpha1.EC2FilterApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("EC2SDConfig"): return &monitoringv1alpha1.EC2SDConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("EmailConfig"): @@ -233,6 +240,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &monitoringv1alpha1.EurekaSDConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("FileSDConfig"): return &monitoringv1alpha1.FileSDConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("Filter"): + return &monitoringv1alpha1.FilterApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("GCESDConfig"): return &monitoringv1alpha1.GCESDConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("HetznerSDConfig"): @@ -243,6 +252,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &monitoringv1alpha1.HTTPSDConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("InhibitRule"): return &monitoringv1alpha1.InhibitRuleApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("IonosSDConfig"): + return &monitoringv1alpha1.IonosSDConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("K8SSelectorConfig"): return &monitoringv1alpha1.K8SSelectorConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("KeyValue"): @@ -291,6 +302,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &monitoringv1alpha1.ReceiverApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("Route"): return &monitoringv1alpha1.RouteApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ScalewaySDConfig"): + return &monitoringv1alpha1.ScalewaySDConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ScrapeConfig"): return &monitoringv1alpha1.ScrapeConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ScrapeConfigSpec"): @@ -391,3 +404,7 @@ func ForKind(kind schema.GroupVersionKind) interface{} { } return nil } + +func NewTypeConverter(scheme *runtime.Scheme) *testing.TypeConverter { + return &testing.TypeConverter{Scheme: scheme, TypeResolver: internal.Parser()} +} diff --git a/pkg/client/go.mod b/pkg/client/go.mod index 9d4980309dd..09fc881eba3 100644 --- a/pkg/client/go.mod +++ b/pkg/client/go.mod @@ -1,22 +1,22 @@ module github.com/prometheus-operator/prometheus-operator/pkg/client -go 1.22.0 +go 1.23 -toolchain go1.22.2 +toolchain go1.23.1 require ( - github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.75.2 - k8s.io/api v0.30.2 - k8s.io/apiextensions-apiserver v0.30.2 - k8s.io/apimachinery v0.30.2 - k8s.io/client-go v0.30.2 + github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.78.2 + k8s.io/api v0.31.2 + k8s.io/apiextensions-apiserver v0.31.2 + k8s.io/apimachinery v0.31.2 + k8s.io/client-go v0.31.2 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 ) require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect - github.com/evanphx/json-patch v5.9.0+incompatible // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect @@ -34,20 +34,22 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect - golang.org/x/net v0.26.0 // indirect - golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/term v0.21.0 // indirect - golang.org/x/text v0.16.0 // indirect - golang.org/x/time v0.5.0 // indirect + github.com/x448/float16 v0.8.4 // indirect + golang.org/x/net v0.29.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/term v0.24.0 // indirect + golang.org/x/text v0.18.0 // indirect + golang.org/x/time v0.6.0 // indirect google.golang.org/protobuf v1.34.2 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b // indirect - k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect - sigs.k8s.io/controller-runtime v0.18.4 // indirect + k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 // indirect + k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 // indirect + sigs.k8s.io/controller-runtime v0.19.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/pkg/client/go.sum b/pkg/client/go.sum index 07b3aaa8384..21b5cb9534b 100644 --- a/pkg/client/go.sum +++ b/pkg/client/go.sum @@ -4,8 +4,8 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= -github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= @@ -14,7 +14,6 @@ github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -29,8 +28,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -52,8 +51,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= -github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -61,14 +60,16 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -80,32 +81,32 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= +golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -115,6 +116,8 @@ google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWn gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -122,22 +125,22 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= -k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= -k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE= -k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw= -k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= -k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= -k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= +k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0= +k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= +k8s.io/apiextensions-apiserver v0.31.2 h1:W8EwUb8+WXBLu56ser5IudT2cOho0gAKeTOnywBLxd0= +k8s.io/apiextensions-apiserver v0.31.2/go.mod h1:i+Geh+nGCJEGiCGR3MlBDkS7koHIIKWVfWeRFiOsUcM= +k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw= +k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc= +k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b h1:Q9xmGWBvOGd8UJyccgpYlLosk/JlfP3xQLNkQlHJeXw= -k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= -sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= +k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 h1:1dWzkmJrrprYvjGwh9kEUxmcUV/CtNU8QM7h1FLWQOo= +k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= +k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 h1:b2FmK8YH+QEwq/Sy2uAEhmqL5nPfGYbJOcaqjeYYZoA= +k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= +sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/pkg/client/informers/externalversions/factory.go b/pkg/client/informers/externalversions/factory.go index 867e40fdfec..6dd8d1a4309 100644 --- a/pkg/client/informers/externalversions/factory.go +++ b/pkg/client/informers/externalversions/factory.go @@ -226,6 +226,7 @@ type SharedInformerFactory interface { // Start initializes all requested informers. They are handled in goroutines // which run until the stop channel gets closed. + // Warning: Start does not block. When run in a go-routine, it will race with a later WaitForCacheSync. Start(stopCh <-chan struct{}) // Shutdown marks a factory as shutting down. At that point no new diff --git a/pkg/client/listers/monitoring/v1/alertmanager.go b/pkg/client/listers/monitoring/v1/alertmanager.go index 6b46f31147c..4b93920622e 100644 --- a/pkg/client/listers/monitoring/v1/alertmanager.go +++ b/pkg/client/listers/monitoring/v1/alertmanager.go @@ -18,8 +18,8 @@ package v1 import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -36,25 +36,17 @@ type AlertmanagerLister interface { // alertmanagerLister implements the AlertmanagerLister interface. type alertmanagerLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1.Alertmanager] } // NewAlertmanagerLister returns a new AlertmanagerLister. func NewAlertmanagerLister(indexer cache.Indexer) AlertmanagerLister { - return &alertmanagerLister{indexer: indexer} -} - -// List lists all Alertmanagers in the indexer. -func (s *alertmanagerLister) List(selector labels.Selector) (ret []*v1.Alertmanager, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Alertmanager)) - }) - return ret, err + return &alertmanagerLister{listers.New[*v1.Alertmanager](indexer, v1.Resource("alertmanager"))} } // Alertmanagers returns an object that can list and get Alertmanagers. func (s *alertmanagerLister) Alertmanagers(namespace string) AlertmanagerNamespaceLister { - return alertmanagerNamespaceLister{indexer: s.indexer, namespace: namespace} + return alertmanagerNamespaceLister{listers.NewNamespaced[*v1.Alertmanager](s.ResourceIndexer, namespace)} } // AlertmanagerNamespaceLister helps list and get Alertmanagers. @@ -72,26 +64,5 @@ type AlertmanagerNamespaceLister interface { // alertmanagerNamespaceLister implements the AlertmanagerNamespaceLister // interface. type alertmanagerNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Alertmanagers in the indexer for a given namespace. -func (s alertmanagerNamespaceLister) List(selector labels.Selector) (ret []*v1.Alertmanager, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Alertmanager)) - }) - return ret, err -} - -// Get retrieves the Alertmanager from the indexer for a given namespace and name. -func (s alertmanagerNamespaceLister) Get(name string) (*v1.Alertmanager, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("alertmanager"), name) - } - return obj.(*v1.Alertmanager), nil + listers.ResourceIndexer[*v1.Alertmanager] } diff --git a/pkg/client/listers/monitoring/v1/podmonitor.go b/pkg/client/listers/monitoring/v1/podmonitor.go index 101e86f6c90..83152d26185 100644 --- a/pkg/client/listers/monitoring/v1/podmonitor.go +++ b/pkg/client/listers/monitoring/v1/podmonitor.go @@ -18,8 +18,8 @@ package v1 import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -36,25 +36,17 @@ type PodMonitorLister interface { // podMonitorLister implements the PodMonitorLister interface. type podMonitorLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1.PodMonitor] } // NewPodMonitorLister returns a new PodMonitorLister. func NewPodMonitorLister(indexer cache.Indexer) PodMonitorLister { - return &podMonitorLister{indexer: indexer} -} - -// List lists all PodMonitors in the indexer. -func (s *podMonitorLister) List(selector labels.Selector) (ret []*v1.PodMonitor, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PodMonitor)) - }) - return ret, err + return &podMonitorLister{listers.New[*v1.PodMonitor](indexer, v1.Resource("podmonitor"))} } // PodMonitors returns an object that can list and get PodMonitors. func (s *podMonitorLister) PodMonitors(namespace string) PodMonitorNamespaceLister { - return podMonitorNamespaceLister{indexer: s.indexer, namespace: namespace} + return podMonitorNamespaceLister{listers.NewNamespaced[*v1.PodMonitor](s.ResourceIndexer, namespace)} } // PodMonitorNamespaceLister helps list and get PodMonitors. @@ -72,26 +64,5 @@ type PodMonitorNamespaceLister interface { // podMonitorNamespaceLister implements the PodMonitorNamespaceLister // interface. type podMonitorNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PodMonitors in the indexer for a given namespace. -func (s podMonitorNamespaceLister) List(selector labels.Selector) (ret []*v1.PodMonitor, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PodMonitor)) - }) - return ret, err -} - -// Get retrieves the PodMonitor from the indexer for a given namespace and name. -func (s podMonitorNamespaceLister) Get(name string) (*v1.PodMonitor, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("podmonitor"), name) - } - return obj.(*v1.PodMonitor), nil + listers.ResourceIndexer[*v1.PodMonitor] } diff --git a/pkg/client/listers/monitoring/v1/probe.go b/pkg/client/listers/monitoring/v1/probe.go index 44f8ccbbad8..31153953983 100644 --- a/pkg/client/listers/monitoring/v1/probe.go +++ b/pkg/client/listers/monitoring/v1/probe.go @@ -18,8 +18,8 @@ package v1 import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -36,25 +36,17 @@ type ProbeLister interface { // probeLister implements the ProbeLister interface. type probeLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1.Probe] } // NewProbeLister returns a new ProbeLister. func NewProbeLister(indexer cache.Indexer) ProbeLister { - return &probeLister{indexer: indexer} -} - -// List lists all Probes in the indexer. -func (s *probeLister) List(selector labels.Selector) (ret []*v1.Probe, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Probe)) - }) - return ret, err + return &probeLister{listers.New[*v1.Probe](indexer, v1.Resource("probe"))} } // Probes returns an object that can list and get Probes. func (s *probeLister) Probes(namespace string) ProbeNamespaceLister { - return probeNamespaceLister{indexer: s.indexer, namespace: namespace} + return probeNamespaceLister{listers.NewNamespaced[*v1.Probe](s.ResourceIndexer, namespace)} } // ProbeNamespaceLister helps list and get Probes. @@ -72,26 +64,5 @@ type ProbeNamespaceLister interface { // probeNamespaceLister implements the ProbeNamespaceLister // interface. type probeNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Probes in the indexer for a given namespace. -func (s probeNamespaceLister) List(selector labels.Selector) (ret []*v1.Probe, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Probe)) - }) - return ret, err -} - -// Get retrieves the Probe from the indexer for a given namespace and name. -func (s probeNamespaceLister) Get(name string) (*v1.Probe, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("probe"), name) - } - return obj.(*v1.Probe), nil + listers.ResourceIndexer[*v1.Probe] } diff --git a/pkg/client/listers/monitoring/v1/prometheus.go b/pkg/client/listers/monitoring/v1/prometheus.go index 43456834094..6069fffd0e9 100644 --- a/pkg/client/listers/monitoring/v1/prometheus.go +++ b/pkg/client/listers/monitoring/v1/prometheus.go @@ -18,8 +18,8 @@ package v1 import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -36,25 +36,17 @@ type PrometheusLister interface { // prometheusLister implements the PrometheusLister interface. type prometheusLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1.Prometheus] } // NewPrometheusLister returns a new PrometheusLister. func NewPrometheusLister(indexer cache.Indexer) PrometheusLister { - return &prometheusLister{indexer: indexer} -} - -// List lists all Prometheuses in the indexer. -func (s *prometheusLister) List(selector labels.Selector) (ret []*v1.Prometheus, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Prometheus)) - }) - return ret, err + return &prometheusLister{listers.New[*v1.Prometheus](indexer, v1.Resource("prometheus"))} } // Prometheuses returns an object that can list and get Prometheuses. func (s *prometheusLister) Prometheuses(namespace string) PrometheusNamespaceLister { - return prometheusNamespaceLister{indexer: s.indexer, namespace: namespace} + return prometheusNamespaceLister{listers.NewNamespaced[*v1.Prometheus](s.ResourceIndexer, namespace)} } // PrometheusNamespaceLister helps list and get Prometheuses. @@ -72,26 +64,5 @@ type PrometheusNamespaceLister interface { // prometheusNamespaceLister implements the PrometheusNamespaceLister // interface. type prometheusNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Prometheuses in the indexer for a given namespace. -func (s prometheusNamespaceLister) List(selector labels.Selector) (ret []*v1.Prometheus, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Prometheus)) - }) - return ret, err -} - -// Get retrieves the Prometheus from the indexer for a given namespace and name. -func (s prometheusNamespaceLister) Get(name string) (*v1.Prometheus, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("prometheus"), name) - } - return obj.(*v1.Prometheus), nil + listers.ResourceIndexer[*v1.Prometheus] } diff --git a/pkg/client/listers/monitoring/v1/prometheusrule.go b/pkg/client/listers/monitoring/v1/prometheusrule.go index 403565d346d..f18debc98ae 100644 --- a/pkg/client/listers/monitoring/v1/prometheusrule.go +++ b/pkg/client/listers/monitoring/v1/prometheusrule.go @@ -18,8 +18,8 @@ package v1 import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -36,25 +36,17 @@ type PrometheusRuleLister interface { // prometheusRuleLister implements the PrometheusRuleLister interface. type prometheusRuleLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1.PrometheusRule] } // NewPrometheusRuleLister returns a new PrometheusRuleLister. func NewPrometheusRuleLister(indexer cache.Indexer) PrometheusRuleLister { - return &prometheusRuleLister{indexer: indexer} -} - -// List lists all PrometheusRules in the indexer. -func (s *prometheusRuleLister) List(selector labels.Selector) (ret []*v1.PrometheusRule, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PrometheusRule)) - }) - return ret, err + return &prometheusRuleLister{listers.New[*v1.PrometheusRule](indexer, v1.Resource("prometheusrule"))} } // PrometheusRules returns an object that can list and get PrometheusRules. func (s *prometheusRuleLister) PrometheusRules(namespace string) PrometheusRuleNamespaceLister { - return prometheusRuleNamespaceLister{indexer: s.indexer, namespace: namespace} + return prometheusRuleNamespaceLister{listers.NewNamespaced[*v1.PrometheusRule](s.ResourceIndexer, namespace)} } // PrometheusRuleNamespaceLister helps list and get PrometheusRules. @@ -72,26 +64,5 @@ type PrometheusRuleNamespaceLister interface { // prometheusRuleNamespaceLister implements the PrometheusRuleNamespaceLister // interface. type prometheusRuleNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PrometheusRules in the indexer for a given namespace. -func (s prometheusRuleNamespaceLister) List(selector labels.Selector) (ret []*v1.PrometheusRule, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PrometheusRule)) - }) - return ret, err -} - -// Get retrieves the PrometheusRule from the indexer for a given namespace and name. -func (s prometheusRuleNamespaceLister) Get(name string) (*v1.PrometheusRule, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("prometheusrule"), name) - } - return obj.(*v1.PrometheusRule), nil + listers.ResourceIndexer[*v1.PrometheusRule] } diff --git a/pkg/client/listers/monitoring/v1/servicemonitor.go b/pkg/client/listers/monitoring/v1/servicemonitor.go index 3f97dcc4d1f..3a8b6a66230 100644 --- a/pkg/client/listers/monitoring/v1/servicemonitor.go +++ b/pkg/client/listers/monitoring/v1/servicemonitor.go @@ -18,8 +18,8 @@ package v1 import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -36,25 +36,17 @@ type ServiceMonitorLister interface { // serviceMonitorLister implements the ServiceMonitorLister interface. type serviceMonitorLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1.ServiceMonitor] } // NewServiceMonitorLister returns a new ServiceMonitorLister. func NewServiceMonitorLister(indexer cache.Indexer) ServiceMonitorLister { - return &serviceMonitorLister{indexer: indexer} -} - -// List lists all ServiceMonitors in the indexer. -func (s *serviceMonitorLister) List(selector labels.Selector) (ret []*v1.ServiceMonitor, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ServiceMonitor)) - }) - return ret, err + return &serviceMonitorLister{listers.New[*v1.ServiceMonitor](indexer, v1.Resource("servicemonitor"))} } // ServiceMonitors returns an object that can list and get ServiceMonitors. func (s *serviceMonitorLister) ServiceMonitors(namespace string) ServiceMonitorNamespaceLister { - return serviceMonitorNamespaceLister{indexer: s.indexer, namespace: namespace} + return serviceMonitorNamespaceLister{listers.NewNamespaced[*v1.ServiceMonitor](s.ResourceIndexer, namespace)} } // ServiceMonitorNamespaceLister helps list and get ServiceMonitors. @@ -72,26 +64,5 @@ type ServiceMonitorNamespaceLister interface { // serviceMonitorNamespaceLister implements the ServiceMonitorNamespaceLister // interface. type serviceMonitorNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ServiceMonitors in the indexer for a given namespace. -func (s serviceMonitorNamespaceLister) List(selector labels.Selector) (ret []*v1.ServiceMonitor, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ServiceMonitor)) - }) - return ret, err -} - -// Get retrieves the ServiceMonitor from the indexer for a given namespace and name. -func (s serviceMonitorNamespaceLister) Get(name string) (*v1.ServiceMonitor, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("servicemonitor"), name) - } - return obj.(*v1.ServiceMonitor), nil + listers.ResourceIndexer[*v1.ServiceMonitor] } diff --git a/pkg/client/listers/monitoring/v1/thanosruler.go b/pkg/client/listers/monitoring/v1/thanosruler.go index 1cd3f31dd6d..d9f88cbfc08 100644 --- a/pkg/client/listers/monitoring/v1/thanosruler.go +++ b/pkg/client/listers/monitoring/v1/thanosruler.go @@ -18,8 +18,8 @@ package v1 import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -36,25 +36,17 @@ type ThanosRulerLister interface { // thanosRulerLister implements the ThanosRulerLister interface. type thanosRulerLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1.ThanosRuler] } // NewThanosRulerLister returns a new ThanosRulerLister. func NewThanosRulerLister(indexer cache.Indexer) ThanosRulerLister { - return &thanosRulerLister{indexer: indexer} -} - -// List lists all ThanosRulers in the indexer. -func (s *thanosRulerLister) List(selector labels.Selector) (ret []*v1.ThanosRuler, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ThanosRuler)) - }) - return ret, err + return &thanosRulerLister{listers.New[*v1.ThanosRuler](indexer, v1.Resource("thanosruler"))} } // ThanosRulers returns an object that can list and get ThanosRulers. func (s *thanosRulerLister) ThanosRulers(namespace string) ThanosRulerNamespaceLister { - return thanosRulerNamespaceLister{indexer: s.indexer, namespace: namespace} + return thanosRulerNamespaceLister{listers.NewNamespaced[*v1.ThanosRuler](s.ResourceIndexer, namespace)} } // ThanosRulerNamespaceLister helps list and get ThanosRulers. @@ -72,26 +64,5 @@ type ThanosRulerNamespaceLister interface { // thanosRulerNamespaceLister implements the ThanosRulerNamespaceLister // interface. type thanosRulerNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ThanosRulers in the indexer for a given namespace. -func (s thanosRulerNamespaceLister) List(selector labels.Selector) (ret []*v1.ThanosRuler, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ThanosRuler)) - }) - return ret, err -} - -// Get retrieves the ThanosRuler from the indexer for a given namespace and name. -func (s thanosRulerNamespaceLister) Get(name string) (*v1.ThanosRuler, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("thanosruler"), name) - } - return obj.(*v1.ThanosRuler), nil + listers.ResourceIndexer[*v1.ThanosRuler] } diff --git a/pkg/client/listers/monitoring/v1alpha1/alertmanagerconfig.go b/pkg/client/listers/monitoring/v1alpha1/alertmanagerconfig.go index bd1ee147abf..91793859da5 100644 --- a/pkg/client/listers/monitoring/v1alpha1/alertmanagerconfig.go +++ b/pkg/client/listers/monitoring/v1alpha1/alertmanagerconfig.go @@ -18,8 +18,8 @@ package v1alpha1 import ( v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -36,25 +36,17 @@ type AlertmanagerConfigLister interface { // alertmanagerConfigLister implements the AlertmanagerConfigLister interface. type alertmanagerConfigLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.AlertmanagerConfig] } // NewAlertmanagerConfigLister returns a new AlertmanagerConfigLister. func NewAlertmanagerConfigLister(indexer cache.Indexer) AlertmanagerConfigLister { - return &alertmanagerConfigLister{indexer: indexer} -} - -// List lists all AlertmanagerConfigs in the indexer. -func (s *alertmanagerConfigLister) List(selector labels.Selector) (ret []*v1alpha1.AlertmanagerConfig, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.AlertmanagerConfig)) - }) - return ret, err + return &alertmanagerConfigLister{listers.New[*v1alpha1.AlertmanagerConfig](indexer, v1alpha1.Resource("alertmanagerconfig"))} } // AlertmanagerConfigs returns an object that can list and get AlertmanagerConfigs. func (s *alertmanagerConfigLister) AlertmanagerConfigs(namespace string) AlertmanagerConfigNamespaceLister { - return alertmanagerConfigNamespaceLister{indexer: s.indexer, namespace: namespace} + return alertmanagerConfigNamespaceLister{listers.NewNamespaced[*v1alpha1.AlertmanagerConfig](s.ResourceIndexer, namespace)} } // AlertmanagerConfigNamespaceLister helps list and get AlertmanagerConfigs. @@ -72,26 +64,5 @@ type AlertmanagerConfigNamespaceLister interface { // alertmanagerConfigNamespaceLister implements the AlertmanagerConfigNamespaceLister // interface. type alertmanagerConfigNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all AlertmanagerConfigs in the indexer for a given namespace. -func (s alertmanagerConfigNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.AlertmanagerConfig, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.AlertmanagerConfig)) - }) - return ret, err -} - -// Get retrieves the AlertmanagerConfig from the indexer for a given namespace and name. -func (s alertmanagerConfigNamespaceLister) Get(name string) (*v1alpha1.AlertmanagerConfig, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("alertmanagerconfig"), name) - } - return obj.(*v1alpha1.AlertmanagerConfig), nil + listers.ResourceIndexer[*v1alpha1.AlertmanagerConfig] } diff --git a/pkg/client/listers/monitoring/v1alpha1/prometheusagent.go b/pkg/client/listers/monitoring/v1alpha1/prometheusagent.go index e0ae30d62c1..e61072ecb72 100644 --- a/pkg/client/listers/monitoring/v1alpha1/prometheusagent.go +++ b/pkg/client/listers/monitoring/v1alpha1/prometheusagent.go @@ -18,8 +18,8 @@ package v1alpha1 import ( v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -36,25 +36,17 @@ type PrometheusAgentLister interface { // prometheusAgentLister implements the PrometheusAgentLister interface. type prometheusAgentLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.PrometheusAgent] } // NewPrometheusAgentLister returns a new PrometheusAgentLister. func NewPrometheusAgentLister(indexer cache.Indexer) PrometheusAgentLister { - return &prometheusAgentLister{indexer: indexer} -} - -// List lists all PrometheusAgents in the indexer. -func (s *prometheusAgentLister) List(selector labels.Selector) (ret []*v1alpha1.PrometheusAgent, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PrometheusAgent)) - }) - return ret, err + return &prometheusAgentLister{listers.New[*v1alpha1.PrometheusAgent](indexer, v1alpha1.Resource("prometheusagent"))} } // PrometheusAgents returns an object that can list and get PrometheusAgents. func (s *prometheusAgentLister) PrometheusAgents(namespace string) PrometheusAgentNamespaceLister { - return prometheusAgentNamespaceLister{indexer: s.indexer, namespace: namespace} + return prometheusAgentNamespaceLister{listers.NewNamespaced[*v1alpha1.PrometheusAgent](s.ResourceIndexer, namespace)} } // PrometheusAgentNamespaceLister helps list and get PrometheusAgents. @@ -72,26 +64,5 @@ type PrometheusAgentNamespaceLister interface { // prometheusAgentNamespaceLister implements the PrometheusAgentNamespaceLister // interface. type prometheusAgentNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PrometheusAgents in the indexer for a given namespace. -func (s prometheusAgentNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.PrometheusAgent, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PrometheusAgent)) - }) - return ret, err -} - -// Get retrieves the PrometheusAgent from the indexer for a given namespace and name. -func (s prometheusAgentNamespaceLister) Get(name string) (*v1alpha1.PrometheusAgent, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("prometheusagent"), name) - } - return obj.(*v1alpha1.PrometheusAgent), nil + listers.ResourceIndexer[*v1alpha1.PrometheusAgent] } diff --git a/pkg/client/listers/monitoring/v1alpha1/scrapeconfig.go b/pkg/client/listers/monitoring/v1alpha1/scrapeconfig.go index fe3ad861e9c..eca505ab4a4 100644 --- a/pkg/client/listers/monitoring/v1alpha1/scrapeconfig.go +++ b/pkg/client/listers/monitoring/v1alpha1/scrapeconfig.go @@ -18,8 +18,8 @@ package v1alpha1 import ( v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -36,25 +36,17 @@ type ScrapeConfigLister interface { // scrapeConfigLister implements the ScrapeConfigLister interface. type scrapeConfigLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.ScrapeConfig] } // NewScrapeConfigLister returns a new ScrapeConfigLister. func NewScrapeConfigLister(indexer cache.Indexer) ScrapeConfigLister { - return &scrapeConfigLister{indexer: indexer} -} - -// List lists all ScrapeConfigs in the indexer. -func (s *scrapeConfigLister) List(selector labels.Selector) (ret []*v1alpha1.ScrapeConfig, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.ScrapeConfig)) - }) - return ret, err + return &scrapeConfigLister{listers.New[*v1alpha1.ScrapeConfig](indexer, v1alpha1.Resource("scrapeconfig"))} } // ScrapeConfigs returns an object that can list and get ScrapeConfigs. func (s *scrapeConfigLister) ScrapeConfigs(namespace string) ScrapeConfigNamespaceLister { - return scrapeConfigNamespaceLister{indexer: s.indexer, namespace: namespace} + return scrapeConfigNamespaceLister{listers.NewNamespaced[*v1alpha1.ScrapeConfig](s.ResourceIndexer, namespace)} } // ScrapeConfigNamespaceLister helps list and get ScrapeConfigs. @@ -72,26 +64,5 @@ type ScrapeConfigNamespaceLister interface { // scrapeConfigNamespaceLister implements the ScrapeConfigNamespaceLister // interface. type scrapeConfigNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ScrapeConfigs in the indexer for a given namespace. -func (s scrapeConfigNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.ScrapeConfig, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.ScrapeConfig)) - }) - return ret, err -} - -// Get retrieves the ScrapeConfig from the indexer for a given namespace and name. -func (s scrapeConfigNamespaceLister) Get(name string) (*v1alpha1.ScrapeConfig, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("scrapeconfig"), name) - } - return obj.(*v1alpha1.ScrapeConfig), nil + listers.ResourceIndexer[*v1alpha1.ScrapeConfig] } diff --git a/pkg/client/listers/monitoring/v1beta1/alertmanagerconfig.go b/pkg/client/listers/monitoring/v1beta1/alertmanagerconfig.go index b446010a5f2..0d544d377c6 100644 --- a/pkg/client/listers/monitoring/v1beta1/alertmanagerconfig.go +++ b/pkg/client/listers/monitoring/v1beta1/alertmanagerconfig.go @@ -18,8 +18,8 @@ package v1beta1 import ( v1beta1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -36,25 +36,17 @@ type AlertmanagerConfigLister interface { // alertmanagerConfigLister implements the AlertmanagerConfigLister interface. type alertmanagerConfigLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1beta1.AlertmanagerConfig] } // NewAlertmanagerConfigLister returns a new AlertmanagerConfigLister. func NewAlertmanagerConfigLister(indexer cache.Indexer) AlertmanagerConfigLister { - return &alertmanagerConfigLister{indexer: indexer} -} - -// List lists all AlertmanagerConfigs in the indexer. -func (s *alertmanagerConfigLister) List(selector labels.Selector) (ret []*v1beta1.AlertmanagerConfig, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.AlertmanagerConfig)) - }) - return ret, err + return &alertmanagerConfigLister{listers.New[*v1beta1.AlertmanagerConfig](indexer, v1beta1.Resource("alertmanagerconfig"))} } // AlertmanagerConfigs returns an object that can list and get AlertmanagerConfigs. func (s *alertmanagerConfigLister) AlertmanagerConfigs(namespace string) AlertmanagerConfigNamespaceLister { - return alertmanagerConfigNamespaceLister{indexer: s.indexer, namespace: namespace} + return alertmanagerConfigNamespaceLister{listers.NewNamespaced[*v1beta1.AlertmanagerConfig](s.ResourceIndexer, namespace)} } // AlertmanagerConfigNamespaceLister helps list and get AlertmanagerConfigs. @@ -72,26 +64,5 @@ type AlertmanagerConfigNamespaceLister interface { // alertmanagerConfigNamespaceLister implements the AlertmanagerConfigNamespaceLister // interface. type alertmanagerConfigNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all AlertmanagerConfigs in the indexer for a given namespace. -func (s alertmanagerConfigNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.AlertmanagerConfig, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.AlertmanagerConfig)) - }) - return ret, err -} - -// Get retrieves the AlertmanagerConfig from the indexer for a given namespace and name. -func (s alertmanagerConfigNamespaceLister) Get(name string) (*v1beta1.AlertmanagerConfig, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("alertmanagerconfig"), name) - } - return obj.(*v1beta1.AlertmanagerConfig), nil + listers.ResourceIndexer[*v1beta1.AlertmanagerConfig] } diff --git a/pkg/client/versioned/fake/clientset_generated.go b/pkg/client/versioned/fake/clientset_generated.go index 68c9c854236..6011e19e8be 100644 --- a/pkg/client/versioned/fake/clientset_generated.go +++ b/pkg/client/versioned/fake/clientset_generated.go @@ -17,6 +17,7 @@ package fake import ( + applyconfiguration "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration" clientset "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned/typed/monitoring/v1" fakemonitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned/typed/monitoring/v1/fake" @@ -33,8 +34,12 @@ import ( // NewSimpleClientset returns a clientset that will respond with the provided objects. // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, -// without applying any validations and/or defaults. It shouldn't be considered a replacement +// without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. +// +// DEPRECATED: NewClientset replaces this with support for field management, which significantly improves +// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. +// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { @@ -76,6 +81,38 @@ func (c *Clientset) Tracker() testing.ObjectTracker { return c.tracker } +// NewClientset returns a clientset that will respond with the provided objects. +// It's backed by a very simple object tracker that processes creates, updates and deletions as-is, +// without applying any validations and/or defaults. It shouldn't be considered a replacement +// for a real clientset and is mostly useful in simple unit tests. +func NewClientset(objects ...runtime.Object) *Clientset { + o := testing.NewFieldManagedObjectTracker( + scheme, + codecs.UniversalDecoder(), + applyconfiguration.NewTypeConverter(scheme), + ) + for _, obj := range objects { + if err := o.Add(obj); err != nil { + panic(err) + } + } + + cs := &Clientset{tracker: o} + cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake} + cs.AddReactor("*", "*", testing.ObjectReaction(o)) + cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) { + gvr := action.GetResource() + ns := action.GetNamespace() + watch, err := o.Watch(gvr, ns) + if err != nil { + return false, nil, err + } + return true, watch, nil + }) + + return cs +} + var ( _ clientset.Interface = &Clientset{} _ testing.FakeClient = &Clientset{} diff --git a/pkg/client/versioned/typed/monitoring/v1/alertmanager.go b/pkg/client/versioned/typed/monitoring/v1/alertmanager.go index 919b188f267..ae94a5cd272 100644 --- a/pkg/client/versioned/typed/monitoring/v1/alertmanager.go +++ b/pkg/client/versioned/typed/monitoring/v1/alertmanager.go @@ -18,17 +18,15 @@ package v1 import ( "context" - json "encoding/json" - "fmt" - "time" v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" scheme "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned/scheme" + autoscalingv1 "k8s.io/api/autoscaling/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // AlertmanagersGetter has a method to return a AlertmanagerInterface. @@ -41,6 +39,7 @@ type AlertmanagersGetter interface { type AlertmanagerInterface interface { Create(ctx context.Context, alertmanager *v1.Alertmanager, opts metav1.CreateOptions) (*v1.Alertmanager, error) Update(ctx context.Context, alertmanager *v1.Alertmanager, opts metav1.UpdateOptions) (*v1.Alertmanager, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). UpdateStatus(ctx context.Context, alertmanager *v1.Alertmanager, opts metav1.UpdateOptions) (*v1.Alertmanager, error) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error @@ -49,149 +48,56 @@ type AlertmanagerInterface interface { Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Alertmanager, err error) Apply(ctx context.Context, alertmanager *monitoringv1.AlertmanagerApplyConfiguration, opts metav1.ApplyOptions) (result *v1.Alertmanager, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). ApplyStatus(ctx context.Context, alertmanager *monitoringv1.AlertmanagerApplyConfiguration, opts metav1.ApplyOptions) (result *v1.Alertmanager, err error) + GetScale(ctx context.Context, alertmanagerName string, options metav1.GetOptions) (*autoscalingv1.Scale, error) + UpdateScale(ctx context.Context, alertmanagerName string, scale *autoscalingv1.Scale, opts metav1.UpdateOptions) (*autoscalingv1.Scale, error) + AlertmanagerExpansion } // alertmanagers implements AlertmanagerInterface type alertmanagers struct { - client rest.Interface - ns string + *gentype.ClientWithListAndApply[*v1.Alertmanager, *v1.AlertmanagerList, *monitoringv1.AlertmanagerApplyConfiguration] } // newAlertmanagers returns a Alertmanagers func newAlertmanagers(c *MonitoringV1Client, namespace string) *alertmanagers { return &alertmanagers{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithListAndApply[*v1.Alertmanager, *v1.AlertmanagerList, *monitoringv1.AlertmanagerApplyConfiguration]( + "alertmanagers", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1.Alertmanager { return &v1.Alertmanager{} }, + func() *v1.AlertmanagerList { return &v1.AlertmanagerList{} }), } } -// Get takes name of the alertmanager, and returns the corresponding alertmanager object, and an error if there is any. -func (c *alertmanagers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Alertmanager, err error) { - result = &v1.Alertmanager{} - err = c.client.Get(). - Namespace(c.ns). +// GetScale takes name of the alertmanager, and returns the corresponding autoscalingv1.Scale object, and an error if there is any. +func (c *alertmanagers) GetScale(ctx context.Context, alertmanagerName string, options metav1.GetOptions) (result *autoscalingv1.Scale, err error) { + result = &autoscalingv1.Scale{} + err = c.GetClient().Get(). + Namespace(c.GetNamespace()). Resource("alertmanagers"). - Name(name). + Name(alertmanagerName). + SubResource("scale"). VersionedParams(&options, scheme.ParameterCodec). Do(ctx). Into(result) return } -// List takes label and field selectors, and returns the list of Alertmanagers that match those selectors. -func (c *alertmanagers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.AlertmanagerList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1.AlertmanagerList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("alertmanagers"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested alertmanagers. -func (c *alertmanagers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("alertmanagers"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a alertmanager and creates it. Returns the server's representation of the alertmanager, and an error, if there is any. -func (c *alertmanagers) Create(ctx context.Context, alertmanager *v1.Alertmanager, opts metav1.CreateOptions) (result *v1.Alertmanager, err error) { - result = &v1.Alertmanager{} - err = c.client.Post(). - Namespace(c.ns). - Resource("alertmanagers"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(alertmanager). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a alertmanager and updates it. Returns the server's representation of the alertmanager, and an error, if there is any. -func (c *alertmanagers) Update(ctx context.Context, alertmanager *v1.Alertmanager, opts metav1.UpdateOptions) (result *v1.Alertmanager, err error) { - result = &v1.Alertmanager{} - err = c.client.Put(). - Namespace(c.ns). - Resource("alertmanagers"). - Name(alertmanager.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(alertmanager). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *alertmanagers) UpdateStatus(ctx context.Context, alertmanager *v1.Alertmanager, opts metav1.UpdateOptions) (result *v1.Alertmanager, err error) { - result = &v1.Alertmanager{} - err = c.client.Put(). - Namespace(c.ns). - Resource("alertmanagers"). - Name(alertmanager.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(alertmanager). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the alertmanager and deletes it. Returns an error if one occurs. -func (c *alertmanagers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("alertmanagers"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *alertmanagers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). +// UpdateScale takes the top resource name and the representation of a scale and updates it. Returns the server's representation of the scale, and an error, if there is any. +func (c *alertmanagers) UpdateScale(ctx context.Context, alertmanagerName string, scale *autoscalingv1.Scale, opts metav1.UpdateOptions) (result *autoscalingv1.Scale, err error) { + result = &autoscalingv1.Scale{} + err = c.GetClient().Put(). + Namespace(c.GetNamespace()). Resource("alertmanagers"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched alertmanager. -func (c *alertmanagers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Alertmanager, err error) { - result = &v1.Alertmanager{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("alertmanagers"). - Name(name). - SubResource(subresources...). + Name(alertmanagerName). + SubResource("scale"). VersionedParams(&opts, scheme.ParameterCodec). - Body(data). + Body(scale). Do(ctx). Into(result) return diff --git a/pkg/client/versioned/typed/monitoring/v1/fake/fake_alertmanager.go b/pkg/client/versioned/typed/monitoring/v1/fake/fake_alertmanager.go index 241da68cefe..443c07abce4 100644 --- a/pkg/client/versioned/typed/monitoring/v1/fake/fake_alertmanager.go +++ b/pkg/client/versioned/typed/monitoring/v1/fake/fake_alertmanager.go @@ -23,6 +23,7 @@ import ( v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" + autoscalingv1 "k8s.io/api/autoscaling/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" types "k8s.io/apimachinery/pkg/types" @@ -42,22 +43,24 @@ var alertmanagersKind = v1.SchemeGroupVersion.WithKind("Alertmanager") // Get takes name of the alertmanager, and returns the corresponding alertmanager object, and an error if there is any. func (c *FakeAlertmanagers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Alertmanager, err error) { + emptyResult := &v1.Alertmanager{} obj, err := c.Fake. - Invokes(testing.NewGetAction(alertmanagersResource, c.ns, name), &v1.Alertmanager{}) + Invokes(testing.NewGetActionWithOptions(alertmanagersResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Alertmanager), err } // List takes label and field selectors, and returns the list of Alertmanagers that match those selectors. func (c *FakeAlertmanagers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.AlertmanagerList, err error) { + emptyResult := &v1.AlertmanagerList{} obj, err := c.Fake. - Invokes(testing.NewListAction(alertmanagersResource, alertmanagersKind, c.ns, opts), &v1.AlertmanagerList{}) + Invokes(testing.NewListActionWithOptions(alertmanagersResource, alertmanagersKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -76,40 +79,43 @@ func (c *FakeAlertmanagers) List(ctx context.Context, opts metav1.ListOptions) ( // Watch returns a watch.Interface that watches the requested alertmanagers. func (c *FakeAlertmanagers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(alertmanagersResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(alertmanagersResource, c.ns, opts)) } // Create takes the representation of a alertmanager and creates it. Returns the server's representation of the alertmanager, and an error, if there is any. func (c *FakeAlertmanagers) Create(ctx context.Context, alertmanager *v1.Alertmanager, opts metav1.CreateOptions) (result *v1.Alertmanager, err error) { + emptyResult := &v1.Alertmanager{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(alertmanagersResource, c.ns, alertmanager), &v1.Alertmanager{}) + Invokes(testing.NewCreateActionWithOptions(alertmanagersResource, c.ns, alertmanager, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Alertmanager), err } // Update takes the representation of a alertmanager and updates it. Returns the server's representation of the alertmanager, and an error, if there is any. func (c *FakeAlertmanagers) Update(ctx context.Context, alertmanager *v1.Alertmanager, opts metav1.UpdateOptions) (result *v1.Alertmanager, err error) { + emptyResult := &v1.Alertmanager{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(alertmanagersResource, c.ns, alertmanager), &v1.Alertmanager{}) + Invokes(testing.NewUpdateActionWithOptions(alertmanagersResource, c.ns, alertmanager, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Alertmanager), err } // UpdateStatus was generated because the type contains a Status member. // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeAlertmanagers) UpdateStatus(ctx context.Context, alertmanager *v1.Alertmanager, opts metav1.UpdateOptions) (*v1.Alertmanager, error) { +func (c *FakeAlertmanagers) UpdateStatus(ctx context.Context, alertmanager *v1.Alertmanager, opts metav1.UpdateOptions) (result *v1.Alertmanager, err error) { + emptyResult := &v1.Alertmanager{} obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(alertmanagersResource, "status", c.ns, alertmanager), &v1.Alertmanager{}) + Invokes(testing.NewUpdateSubresourceActionWithOptions(alertmanagersResource, "status", c.ns, alertmanager, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Alertmanager), err } @@ -124,7 +130,7 @@ func (c *FakeAlertmanagers) Delete(ctx context.Context, name string, opts metav1 // DeleteCollection deletes a collection of objects. func (c *FakeAlertmanagers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - action := testing.NewDeleteCollectionAction(alertmanagersResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(alertmanagersResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1.AlertmanagerList{}) return err @@ -132,11 +138,12 @@ func (c *FakeAlertmanagers) DeleteCollection(ctx context.Context, opts metav1.De // Patch applies the patch and returns the patched alertmanager. func (c *FakeAlertmanagers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Alertmanager, err error) { + emptyResult := &v1.Alertmanager{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(alertmanagersResource, c.ns, name, pt, data, subresources...), &v1.Alertmanager{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(alertmanagersResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Alertmanager), err } @@ -154,11 +161,12 @@ func (c *FakeAlertmanagers) Apply(ctx context.Context, alertmanager *monitoringv if name == nil { return nil, fmt.Errorf("alertmanager.Name must be provided to Apply") } + emptyResult := &v1.Alertmanager{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(alertmanagersResource, c.ns, *name, types.ApplyPatchType, data), &v1.Alertmanager{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(alertmanagersResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions()), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Alertmanager), err } @@ -177,11 +185,36 @@ func (c *FakeAlertmanagers) ApplyStatus(ctx context.Context, alertmanager *monit if name == nil { return nil, fmt.Errorf("alertmanager.Name must be provided to Apply") } + emptyResult := &v1.Alertmanager{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(alertmanagersResource, c.ns, *name, types.ApplyPatchType, data, "status"), &v1.Alertmanager{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(alertmanagersResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions(), "status"), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Alertmanager), err } + +// GetScale takes name of the alertmanager, and returns the corresponding scale object, and an error if there is any. +func (c *FakeAlertmanagers) GetScale(ctx context.Context, alertmanagerName string, options metav1.GetOptions) (result *autoscalingv1.Scale, err error) { + emptyResult := &autoscalingv1.Scale{} + obj, err := c.Fake. + Invokes(testing.NewGetSubresourceActionWithOptions(alertmanagersResource, c.ns, "scale", alertmanagerName, options), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*autoscalingv1.Scale), err +} + +// UpdateScale takes the representation of a scale and updates it. Returns the server's representation of the scale, and an error, if there is any. +func (c *FakeAlertmanagers) UpdateScale(ctx context.Context, alertmanagerName string, scale *autoscalingv1.Scale, opts metav1.UpdateOptions) (result *autoscalingv1.Scale, err error) { + emptyResult := &autoscalingv1.Scale{} + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceActionWithOptions(alertmanagersResource, "scale", c.ns, scale, opts), &autoscalingv1.Scale{}) + + if obj == nil { + return emptyResult, err + } + return obj.(*autoscalingv1.Scale), err +} diff --git a/pkg/client/versioned/typed/monitoring/v1/fake/fake_podmonitor.go b/pkg/client/versioned/typed/monitoring/v1/fake/fake_podmonitor.go index edd7a2b71f1..9e32c899311 100644 --- a/pkg/client/versioned/typed/monitoring/v1/fake/fake_podmonitor.go +++ b/pkg/client/versioned/typed/monitoring/v1/fake/fake_podmonitor.go @@ -42,22 +42,24 @@ var podmonitorsKind = v1.SchemeGroupVersion.WithKind("PodMonitor") // Get takes name of the podMonitor, and returns the corresponding podMonitor object, and an error if there is any. func (c *FakePodMonitors) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.PodMonitor, err error) { + emptyResult := &v1.PodMonitor{} obj, err := c.Fake. - Invokes(testing.NewGetAction(podmonitorsResource, c.ns, name), &v1.PodMonitor{}) + Invokes(testing.NewGetActionWithOptions(podmonitorsResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.PodMonitor), err } // List takes label and field selectors, and returns the list of PodMonitors that match those selectors. func (c *FakePodMonitors) List(ctx context.Context, opts metav1.ListOptions) (result *v1.PodMonitorList, err error) { + emptyResult := &v1.PodMonitorList{} obj, err := c.Fake. - Invokes(testing.NewListAction(podmonitorsResource, podmonitorsKind, c.ns, opts), &v1.PodMonitorList{}) + Invokes(testing.NewListActionWithOptions(podmonitorsResource, podmonitorsKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -76,28 +78,30 @@ func (c *FakePodMonitors) List(ctx context.Context, opts metav1.ListOptions) (re // Watch returns a watch.Interface that watches the requested podMonitors. func (c *FakePodMonitors) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(podmonitorsResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(podmonitorsResource, c.ns, opts)) } // Create takes the representation of a podMonitor and creates it. Returns the server's representation of the podMonitor, and an error, if there is any. func (c *FakePodMonitors) Create(ctx context.Context, podMonitor *v1.PodMonitor, opts metav1.CreateOptions) (result *v1.PodMonitor, err error) { + emptyResult := &v1.PodMonitor{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(podmonitorsResource, c.ns, podMonitor), &v1.PodMonitor{}) + Invokes(testing.NewCreateActionWithOptions(podmonitorsResource, c.ns, podMonitor, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.PodMonitor), err } // Update takes the representation of a podMonitor and updates it. Returns the server's representation of the podMonitor, and an error, if there is any. func (c *FakePodMonitors) Update(ctx context.Context, podMonitor *v1.PodMonitor, opts metav1.UpdateOptions) (result *v1.PodMonitor, err error) { + emptyResult := &v1.PodMonitor{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(podmonitorsResource, c.ns, podMonitor), &v1.PodMonitor{}) + Invokes(testing.NewUpdateActionWithOptions(podmonitorsResource, c.ns, podMonitor, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.PodMonitor), err } @@ -112,7 +116,7 @@ func (c *FakePodMonitors) Delete(ctx context.Context, name string, opts metav1.D // DeleteCollection deletes a collection of objects. func (c *FakePodMonitors) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - action := testing.NewDeleteCollectionAction(podmonitorsResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(podmonitorsResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1.PodMonitorList{}) return err @@ -120,11 +124,12 @@ func (c *FakePodMonitors) DeleteCollection(ctx context.Context, opts metav1.Dele // Patch applies the patch and returns the patched podMonitor. func (c *FakePodMonitors) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.PodMonitor, err error) { + emptyResult := &v1.PodMonitor{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(podmonitorsResource, c.ns, name, pt, data, subresources...), &v1.PodMonitor{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(podmonitorsResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.PodMonitor), err } @@ -142,11 +147,12 @@ func (c *FakePodMonitors) Apply(ctx context.Context, podMonitor *monitoringv1.Po if name == nil { return nil, fmt.Errorf("podMonitor.Name must be provided to Apply") } + emptyResult := &v1.PodMonitor{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(podmonitorsResource, c.ns, *name, types.ApplyPatchType, data), &v1.PodMonitor{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(podmonitorsResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions()), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.PodMonitor), err } diff --git a/pkg/client/versioned/typed/monitoring/v1/fake/fake_probe.go b/pkg/client/versioned/typed/monitoring/v1/fake/fake_probe.go index 449e81ce1bc..e9ac050032c 100644 --- a/pkg/client/versioned/typed/monitoring/v1/fake/fake_probe.go +++ b/pkg/client/versioned/typed/monitoring/v1/fake/fake_probe.go @@ -42,22 +42,24 @@ var probesKind = v1.SchemeGroupVersion.WithKind("Probe") // Get takes name of the probe, and returns the corresponding probe object, and an error if there is any. func (c *FakeProbes) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Probe, err error) { + emptyResult := &v1.Probe{} obj, err := c.Fake. - Invokes(testing.NewGetAction(probesResource, c.ns, name), &v1.Probe{}) + Invokes(testing.NewGetActionWithOptions(probesResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Probe), err } // List takes label and field selectors, and returns the list of Probes that match those selectors. func (c *FakeProbes) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ProbeList, err error) { + emptyResult := &v1.ProbeList{} obj, err := c.Fake. - Invokes(testing.NewListAction(probesResource, probesKind, c.ns, opts), &v1.ProbeList{}) + Invokes(testing.NewListActionWithOptions(probesResource, probesKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -76,28 +78,30 @@ func (c *FakeProbes) List(ctx context.Context, opts metav1.ListOptions) (result // Watch returns a watch.Interface that watches the requested probes. func (c *FakeProbes) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(probesResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(probesResource, c.ns, opts)) } // Create takes the representation of a probe and creates it. Returns the server's representation of the probe, and an error, if there is any. func (c *FakeProbes) Create(ctx context.Context, probe *v1.Probe, opts metav1.CreateOptions) (result *v1.Probe, err error) { + emptyResult := &v1.Probe{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(probesResource, c.ns, probe), &v1.Probe{}) + Invokes(testing.NewCreateActionWithOptions(probesResource, c.ns, probe, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Probe), err } // Update takes the representation of a probe and updates it. Returns the server's representation of the probe, and an error, if there is any. func (c *FakeProbes) Update(ctx context.Context, probe *v1.Probe, opts metav1.UpdateOptions) (result *v1.Probe, err error) { + emptyResult := &v1.Probe{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(probesResource, c.ns, probe), &v1.Probe{}) + Invokes(testing.NewUpdateActionWithOptions(probesResource, c.ns, probe, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Probe), err } @@ -112,7 +116,7 @@ func (c *FakeProbes) Delete(ctx context.Context, name string, opts metav1.Delete // DeleteCollection deletes a collection of objects. func (c *FakeProbes) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - action := testing.NewDeleteCollectionAction(probesResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(probesResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1.ProbeList{}) return err @@ -120,11 +124,12 @@ func (c *FakeProbes) DeleteCollection(ctx context.Context, opts metav1.DeleteOpt // Patch applies the patch and returns the patched probe. func (c *FakeProbes) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Probe, err error) { + emptyResult := &v1.Probe{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(probesResource, c.ns, name, pt, data, subresources...), &v1.Probe{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(probesResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Probe), err } @@ -142,11 +147,12 @@ func (c *FakeProbes) Apply(ctx context.Context, probe *monitoringv1.ProbeApplyCo if name == nil { return nil, fmt.Errorf("probe.Name must be provided to Apply") } + emptyResult := &v1.Probe{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(probesResource, c.ns, *name, types.ApplyPatchType, data), &v1.Probe{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(probesResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions()), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Probe), err } diff --git a/pkg/client/versioned/typed/monitoring/v1/fake/fake_prometheus.go b/pkg/client/versioned/typed/monitoring/v1/fake/fake_prometheus.go index 5300d5731ba..2da8d37296f 100644 --- a/pkg/client/versioned/typed/monitoring/v1/fake/fake_prometheus.go +++ b/pkg/client/versioned/typed/monitoring/v1/fake/fake_prometheus.go @@ -43,22 +43,24 @@ var prometheusesKind = v1.SchemeGroupVersion.WithKind("Prometheus") // Get takes name of the prometheus, and returns the corresponding prometheus object, and an error if there is any. func (c *FakePrometheuses) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Prometheus, err error) { + emptyResult := &v1.Prometheus{} obj, err := c.Fake. - Invokes(testing.NewGetAction(prometheusesResource, c.ns, name), &v1.Prometheus{}) + Invokes(testing.NewGetActionWithOptions(prometheusesResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Prometheus), err } // List takes label and field selectors, and returns the list of Prometheuses that match those selectors. func (c *FakePrometheuses) List(ctx context.Context, opts metav1.ListOptions) (result *v1.PrometheusList, err error) { + emptyResult := &v1.PrometheusList{} obj, err := c.Fake. - Invokes(testing.NewListAction(prometheusesResource, prometheusesKind, c.ns, opts), &v1.PrometheusList{}) + Invokes(testing.NewListActionWithOptions(prometheusesResource, prometheusesKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -77,40 +79,43 @@ func (c *FakePrometheuses) List(ctx context.Context, opts metav1.ListOptions) (r // Watch returns a watch.Interface that watches the requested prometheuses. func (c *FakePrometheuses) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(prometheusesResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(prometheusesResource, c.ns, opts)) } // Create takes the representation of a prometheus and creates it. Returns the server's representation of the prometheus, and an error, if there is any. func (c *FakePrometheuses) Create(ctx context.Context, prometheus *v1.Prometheus, opts metav1.CreateOptions) (result *v1.Prometheus, err error) { + emptyResult := &v1.Prometheus{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(prometheusesResource, c.ns, prometheus), &v1.Prometheus{}) + Invokes(testing.NewCreateActionWithOptions(prometheusesResource, c.ns, prometheus, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Prometheus), err } // Update takes the representation of a prometheus and updates it. Returns the server's representation of the prometheus, and an error, if there is any. func (c *FakePrometheuses) Update(ctx context.Context, prometheus *v1.Prometheus, opts metav1.UpdateOptions) (result *v1.Prometheus, err error) { + emptyResult := &v1.Prometheus{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(prometheusesResource, c.ns, prometheus), &v1.Prometheus{}) + Invokes(testing.NewUpdateActionWithOptions(prometheusesResource, c.ns, prometheus, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Prometheus), err } // UpdateStatus was generated because the type contains a Status member. // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakePrometheuses) UpdateStatus(ctx context.Context, prometheus *v1.Prometheus, opts metav1.UpdateOptions) (*v1.Prometheus, error) { +func (c *FakePrometheuses) UpdateStatus(ctx context.Context, prometheus *v1.Prometheus, opts metav1.UpdateOptions) (result *v1.Prometheus, err error) { + emptyResult := &v1.Prometheus{} obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(prometheusesResource, "status", c.ns, prometheus), &v1.Prometheus{}) + Invokes(testing.NewUpdateSubresourceActionWithOptions(prometheusesResource, "status", c.ns, prometheus, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Prometheus), err } @@ -125,7 +130,7 @@ func (c *FakePrometheuses) Delete(ctx context.Context, name string, opts metav1. // DeleteCollection deletes a collection of objects. func (c *FakePrometheuses) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - action := testing.NewDeleteCollectionAction(prometheusesResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(prometheusesResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1.PrometheusList{}) return err @@ -133,11 +138,12 @@ func (c *FakePrometheuses) DeleteCollection(ctx context.Context, opts metav1.Del // Patch applies the patch and returns the patched prometheus. func (c *FakePrometheuses) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Prometheus, err error) { + emptyResult := &v1.Prometheus{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(prometheusesResource, c.ns, name, pt, data, subresources...), &v1.Prometheus{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(prometheusesResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Prometheus), err } @@ -155,11 +161,12 @@ func (c *FakePrometheuses) Apply(ctx context.Context, prometheus *monitoringv1.P if name == nil { return nil, fmt.Errorf("prometheus.Name must be provided to Apply") } + emptyResult := &v1.Prometheus{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(prometheusesResource, c.ns, *name, types.ApplyPatchType, data), &v1.Prometheus{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(prometheusesResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions()), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Prometheus), err } @@ -178,33 +185,36 @@ func (c *FakePrometheuses) ApplyStatus(ctx context.Context, prometheus *monitori if name == nil { return nil, fmt.Errorf("prometheus.Name must be provided to Apply") } + emptyResult := &v1.Prometheus{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(prometheusesResource, c.ns, *name, types.ApplyPatchType, data, "status"), &v1.Prometheus{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(prometheusesResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions(), "status"), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.Prometheus), err } // GetScale takes name of the prometheus, and returns the corresponding scale object, and an error if there is any. func (c *FakePrometheuses) GetScale(ctx context.Context, prometheusName string, options metav1.GetOptions) (result *autoscalingv1.Scale, err error) { + emptyResult := &autoscalingv1.Scale{} obj, err := c.Fake. - Invokes(testing.NewGetSubresourceAction(prometheusesResource, c.ns, "scale", prometheusName), &autoscalingv1.Scale{}) + Invokes(testing.NewGetSubresourceActionWithOptions(prometheusesResource, c.ns, "scale", prometheusName, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*autoscalingv1.Scale), err } // UpdateScale takes the representation of a scale and updates it. Returns the server's representation of the scale, and an error, if there is any. func (c *FakePrometheuses) UpdateScale(ctx context.Context, prometheusName string, scale *autoscalingv1.Scale, opts metav1.UpdateOptions) (result *autoscalingv1.Scale, err error) { + emptyResult := &autoscalingv1.Scale{} obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(prometheusesResource, "scale", c.ns, scale), &autoscalingv1.Scale{}) + Invokes(testing.NewUpdateSubresourceActionWithOptions(prometheusesResource, "scale", c.ns, scale, opts), &autoscalingv1.Scale{}) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*autoscalingv1.Scale), err } diff --git a/pkg/client/versioned/typed/monitoring/v1/fake/fake_prometheusrule.go b/pkg/client/versioned/typed/monitoring/v1/fake/fake_prometheusrule.go index 15ba1969a18..562cf48fdec 100644 --- a/pkg/client/versioned/typed/monitoring/v1/fake/fake_prometheusrule.go +++ b/pkg/client/versioned/typed/monitoring/v1/fake/fake_prometheusrule.go @@ -42,22 +42,24 @@ var prometheusrulesKind = v1.SchemeGroupVersion.WithKind("PrometheusRule") // Get takes name of the prometheusRule, and returns the corresponding prometheusRule object, and an error if there is any. func (c *FakePrometheusRules) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.PrometheusRule, err error) { + emptyResult := &v1.PrometheusRule{} obj, err := c.Fake. - Invokes(testing.NewGetAction(prometheusrulesResource, c.ns, name), &v1.PrometheusRule{}) + Invokes(testing.NewGetActionWithOptions(prometheusrulesResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.PrometheusRule), err } // List takes label and field selectors, and returns the list of PrometheusRules that match those selectors. func (c *FakePrometheusRules) List(ctx context.Context, opts metav1.ListOptions) (result *v1.PrometheusRuleList, err error) { + emptyResult := &v1.PrometheusRuleList{} obj, err := c.Fake. - Invokes(testing.NewListAction(prometheusrulesResource, prometheusrulesKind, c.ns, opts), &v1.PrometheusRuleList{}) + Invokes(testing.NewListActionWithOptions(prometheusrulesResource, prometheusrulesKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -76,28 +78,30 @@ func (c *FakePrometheusRules) List(ctx context.Context, opts metav1.ListOptions) // Watch returns a watch.Interface that watches the requested prometheusRules. func (c *FakePrometheusRules) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(prometheusrulesResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(prometheusrulesResource, c.ns, opts)) } // Create takes the representation of a prometheusRule and creates it. Returns the server's representation of the prometheusRule, and an error, if there is any. func (c *FakePrometheusRules) Create(ctx context.Context, prometheusRule *v1.PrometheusRule, opts metav1.CreateOptions) (result *v1.PrometheusRule, err error) { + emptyResult := &v1.PrometheusRule{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(prometheusrulesResource, c.ns, prometheusRule), &v1.PrometheusRule{}) + Invokes(testing.NewCreateActionWithOptions(prometheusrulesResource, c.ns, prometheusRule, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.PrometheusRule), err } // Update takes the representation of a prometheusRule and updates it. Returns the server's representation of the prometheusRule, and an error, if there is any. func (c *FakePrometheusRules) Update(ctx context.Context, prometheusRule *v1.PrometheusRule, opts metav1.UpdateOptions) (result *v1.PrometheusRule, err error) { + emptyResult := &v1.PrometheusRule{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(prometheusrulesResource, c.ns, prometheusRule), &v1.PrometheusRule{}) + Invokes(testing.NewUpdateActionWithOptions(prometheusrulesResource, c.ns, prometheusRule, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.PrometheusRule), err } @@ -112,7 +116,7 @@ func (c *FakePrometheusRules) Delete(ctx context.Context, name string, opts meta // DeleteCollection deletes a collection of objects. func (c *FakePrometheusRules) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - action := testing.NewDeleteCollectionAction(prometheusrulesResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(prometheusrulesResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1.PrometheusRuleList{}) return err @@ -120,11 +124,12 @@ func (c *FakePrometheusRules) DeleteCollection(ctx context.Context, opts metav1. // Patch applies the patch and returns the patched prometheusRule. func (c *FakePrometheusRules) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.PrometheusRule, err error) { + emptyResult := &v1.PrometheusRule{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(prometheusrulesResource, c.ns, name, pt, data, subresources...), &v1.PrometheusRule{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(prometheusrulesResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.PrometheusRule), err } @@ -142,11 +147,12 @@ func (c *FakePrometheusRules) Apply(ctx context.Context, prometheusRule *monitor if name == nil { return nil, fmt.Errorf("prometheusRule.Name must be provided to Apply") } + emptyResult := &v1.PrometheusRule{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(prometheusrulesResource, c.ns, *name, types.ApplyPatchType, data), &v1.PrometheusRule{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(prometheusrulesResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions()), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.PrometheusRule), err } diff --git a/pkg/client/versioned/typed/monitoring/v1/fake/fake_servicemonitor.go b/pkg/client/versioned/typed/monitoring/v1/fake/fake_servicemonitor.go index 9bfd47677bb..31ae26a6003 100644 --- a/pkg/client/versioned/typed/monitoring/v1/fake/fake_servicemonitor.go +++ b/pkg/client/versioned/typed/monitoring/v1/fake/fake_servicemonitor.go @@ -42,22 +42,24 @@ var servicemonitorsKind = v1.SchemeGroupVersion.WithKind("ServiceMonitor") // Get takes name of the serviceMonitor, and returns the corresponding serviceMonitor object, and an error if there is any. func (c *FakeServiceMonitors) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ServiceMonitor, err error) { + emptyResult := &v1.ServiceMonitor{} obj, err := c.Fake. - Invokes(testing.NewGetAction(servicemonitorsResource, c.ns, name), &v1.ServiceMonitor{}) + Invokes(testing.NewGetActionWithOptions(servicemonitorsResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.ServiceMonitor), err } // List takes label and field selectors, and returns the list of ServiceMonitors that match those selectors. func (c *FakeServiceMonitors) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ServiceMonitorList, err error) { + emptyResult := &v1.ServiceMonitorList{} obj, err := c.Fake. - Invokes(testing.NewListAction(servicemonitorsResource, servicemonitorsKind, c.ns, opts), &v1.ServiceMonitorList{}) + Invokes(testing.NewListActionWithOptions(servicemonitorsResource, servicemonitorsKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -76,28 +78,30 @@ func (c *FakeServiceMonitors) List(ctx context.Context, opts metav1.ListOptions) // Watch returns a watch.Interface that watches the requested serviceMonitors. func (c *FakeServiceMonitors) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(servicemonitorsResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(servicemonitorsResource, c.ns, opts)) } // Create takes the representation of a serviceMonitor and creates it. Returns the server's representation of the serviceMonitor, and an error, if there is any. func (c *FakeServiceMonitors) Create(ctx context.Context, serviceMonitor *v1.ServiceMonitor, opts metav1.CreateOptions) (result *v1.ServiceMonitor, err error) { + emptyResult := &v1.ServiceMonitor{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(servicemonitorsResource, c.ns, serviceMonitor), &v1.ServiceMonitor{}) + Invokes(testing.NewCreateActionWithOptions(servicemonitorsResource, c.ns, serviceMonitor, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.ServiceMonitor), err } // Update takes the representation of a serviceMonitor and updates it. Returns the server's representation of the serviceMonitor, and an error, if there is any. func (c *FakeServiceMonitors) Update(ctx context.Context, serviceMonitor *v1.ServiceMonitor, opts metav1.UpdateOptions) (result *v1.ServiceMonitor, err error) { + emptyResult := &v1.ServiceMonitor{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(servicemonitorsResource, c.ns, serviceMonitor), &v1.ServiceMonitor{}) + Invokes(testing.NewUpdateActionWithOptions(servicemonitorsResource, c.ns, serviceMonitor, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.ServiceMonitor), err } @@ -112,7 +116,7 @@ func (c *FakeServiceMonitors) Delete(ctx context.Context, name string, opts meta // DeleteCollection deletes a collection of objects. func (c *FakeServiceMonitors) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - action := testing.NewDeleteCollectionAction(servicemonitorsResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(servicemonitorsResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1.ServiceMonitorList{}) return err @@ -120,11 +124,12 @@ func (c *FakeServiceMonitors) DeleteCollection(ctx context.Context, opts metav1. // Patch applies the patch and returns the patched serviceMonitor. func (c *FakeServiceMonitors) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ServiceMonitor, err error) { + emptyResult := &v1.ServiceMonitor{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(servicemonitorsResource, c.ns, name, pt, data, subresources...), &v1.ServiceMonitor{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(servicemonitorsResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.ServiceMonitor), err } @@ -142,11 +147,12 @@ func (c *FakeServiceMonitors) Apply(ctx context.Context, serviceMonitor *monitor if name == nil { return nil, fmt.Errorf("serviceMonitor.Name must be provided to Apply") } + emptyResult := &v1.ServiceMonitor{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(servicemonitorsResource, c.ns, *name, types.ApplyPatchType, data), &v1.ServiceMonitor{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(servicemonitorsResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions()), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.ServiceMonitor), err } diff --git a/pkg/client/versioned/typed/monitoring/v1/fake/fake_thanosruler.go b/pkg/client/versioned/typed/monitoring/v1/fake/fake_thanosruler.go index aba5539cb09..dc7624a14d2 100644 --- a/pkg/client/versioned/typed/monitoring/v1/fake/fake_thanosruler.go +++ b/pkg/client/versioned/typed/monitoring/v1/fake/fake_thanosruler.go @@ -42,22 +42,24 @@ var thanosrulersKind = v1.SchemeGroupVersion.WithKind("ThanosRuler") // Get takes name of the thanosRuler, and returns the corresponding thanosRuler object, and an error if there is any. func (c *FakeThanosRulers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ThanosRuler, err error) { + emptyResult := &v1.ThanosRuler{} obj, err := c.Fake. - Invokes(testing.NewGetAction(thanosrulersResource, c.ns, name), &v1.ThanosRuler{}) + Invokes(testing.NewGetActionWithOptions(thanosrulersResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.ThanosRuler), err } // List takes label and field selectors, and returns the list of ThanosRulers that match those selectors. func (c *FakeThanosRulers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ThanosRulerList, err error) { + emptyResult := &v1.ThanosRulerList{} obj, err := c.Fake. - Invokes(testing.NewListAction(thanosrulersResource, thanosrulersKind, c.ns, opts), &v1.ThanosRulerList{}) + Invokes(testing.NewListActionWithOptions(thanosrulersResource, thanosrulersKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -76,40 +78,43 @@ func (c *FakeThanosRulers) List(ctx context.Context, opts metav1.ListOptions) (r // Watch returns a watch.Interface that watches the requested thanosRulers. func (c *FakeThanosRulers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(thanosrulersResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(thanosrulersResource, c.ns, opts)) } // Create takes the representation of a thanosRuler and creates it. Returns the server's representation of the thanosRuler, and an error, if there is any. func (c *FakeThanosRulers) Create(ctx context.Context, thanosRuler *v1.ThanosRuler, opts metav1.CreateOptions) (result *v1.ThanosRuler, err error) { + emptyResult := &v1.ThanosRuler{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(thanosrulersResource, c.ns, thanosRuler), &v1.ThanosRuler{}) + Invokes(testing.NewCreateActionWithOptions(thanosrulersResource, c.ns, thanosRuler, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.ThanosRuler), err } // Update takes the representation of a thanosRuler and updates it. Returns the server's representation of the thanosRuler, and an error, if there is any. func (c *FakeThanosRulers) Update(ctx context.Context, thanosRuler *v1.ThanosRuler, opts metav1.UpdateOptions) (result *v1.ThanosRuler, err error) { + emptyResult := &v1.ThanosRuler{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(thanosrulersResource, c.ns, thanosRuler), &v1.ThanosRuler{}) + Invokes(testing.NewUpdateActionWithOptions(thanosrulersResource, c.ns, thanosRuler, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.ThanosRuler), err } // UpdateStatus was generated because the type contains a Status member. // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeThanosRulers) UpdateStatus(ctx context.Context, thanosRuler *v1.ThanosRuler, opts metav1.UpdateOptions) (*v1.ThanosRuler, error) { +func (c *FakeThanosRulers) UpdateStatus(ctx context.Context, thanosRuler *v1.ThanosRuler, opts metav1.UpdateOptions) (result *v1.ThanosRuler, err error) { + emptyResult := &v1.ThanosRuler{} obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(thanosrulersResource, "status", c.ns, thanosRuler), &v1.ThanosRuler{}) + Invokes(testing.NewUpdateSubresourceActionWithOptions(thanosrulersResource, "status", c.ns, thanosRuler, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.ThanosRuler), err } @@ -124,7 +129,7 @@ func (c *FakeThanosRulers) Delete(ctx context.Context, name string, opts metav1. // DeleteCollection deletes a collection of objects. func (c *FakeThanosRulers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - action := testing.NewDeleteCollectionAction(thanosrulersResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(thanosrulersResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1.ThanosRulerList{}) return err @@ -132,11 +137,12 @@ func (c *FakeThanosRulers) DeleteCollection(ctx context.Context, opts metav1.Del // Patch applies the patch and returns the patched thanosRuler. func (c *FakeThanosRulers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ThanosRuler, err error) { + emptyResult := &v1.ThanosRuler{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(thanosrulersResource, c.ns, name, pt, data, subresources...), &v1.ThanosRuler{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(thanosrulersResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.ThanosRuler), err } @@ -154,11 +160,12 @@ func (c *FakeThanosRulers) Apply(ctx context.Context, thanosRuler *monitoringv1. if name == nil { return nil, fmt.Errorf("thanosRuler.Name must be provided to Apply") } + emptyResult := &v1.ThanosRuler{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(thanosrulersResource, c.ns, *name, types.ApplyPatchType, data), &v1.ThanosRuler{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(thanosrulersResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions()), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.ThanosRuler), err } @@ -177,11 +184,12 @@ func (c *FakeThanosRulers) ApplyStatus(ctx context.Context, thanosRuler *monitor if name == nil { return nil, fmt.Errorf("thanosRuler.Name must be provided to Apply") } + emptyResult := &v1.ThanosRuler{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(thanosrulersResource, c.ns, *name, types.ApplyPatchType, data, "status"), &v1.ThanosRuler{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(thanosrulersResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions(), "status"), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1.ThanosRuler), err } diff --git a/pkg/client/versioned/typed/monitoring/v1/podmonitor.go b/pkg/client/versioned/typed/monitoring/v1/podmonitor.go index 34a3fdc1132..a81f75c5772 100644 --- a/pkg/client/versioned/typed/monitoring/v1/podmonitor.go +++ b/pkg/client/versioned/typed/monitoring/v1/podmonitor.go @@ -18,9 +18,6 @@ package v1 import ( "context" - json "encoding/json" - "fmt" - "time" v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" @@ -28,7 +25,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // PodMonitorsGetter has a method to return a PodMonitorInterface. @@ -53,154 +50,18 @@ type PodMonitorInterface interface { // podMonitors implements PodMonitorInterface type podMonitors struct { - client rest.Interface - ns string + *gentype.ClientWithListAndApply[*v1.PodMonitor, *v1.PodMonitorList, *monitoringv1.PodMonitorApplyConfiguration] } // newPodMonitors returns a PodMonitors func newPodMonitors(c *MonitoringV1Client, namespace string) *podMonitors { return &podMonitors{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithListAndApply[*v1.PodMonitor, *v1.PodMonitorList, *monitoringv1.PodMonitorApplyConfiguration]( + "podmonitors", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1.PodMonitor { return &v1.PodMonitor{} }, + func() *v1.PodMonitorList { return &v1.PodMonitorList{} }), } } - -// Get takes name of the podMonitor, and returns the corresponding podMonitor object, and an error if there is any. -func (c *podMonitors) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.PodMonitor, err error) { - result = &v1.PodMonitor{} - err = c.client.Get(). - Namespace(c.ns). - Resource("podmonitors"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of PodMonitors that match those selectors. -func (c *podMonitors) List(ctx context.Context, opts metav1.ListOptions) (result *v1.PodMonitorList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1.PodMonitorList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("podmonitors"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested podMonitors. -func (c *podMonitors) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("podmonitors"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a podMonitor and creates it. Returns the server's representation of the podMonitor, and an error, if there is any. -func (c *podMonitors) Create(ctx context.Context, podMonitor *v1.PodMonitor, opts metav1.CreateOptions) (result *v1.PodMonitor, err error) { - result = &v1.PodMonitor{} - err = c.client.Post(). - Namespace(c.ns). - Resource("podmonitors"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podMonitor). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a podMonitor and updates it. Returns the server's representation of the podMonitor, and an error, if there is any. -func (c *podMonitors) Update(ctx context.Context, podMonitor *v1.PodMonitor, opts metav1.UpdateOptions) (result *v1.PodMonitor, err error) { - result = &v1.PodMonitor{} - err = c.client.Put(). - Namespace(c.ns). - Resource("podmonitors"). - Name(podMonitor.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podMonitor). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the podMonitor and deletes it. Returns an error if one occurs. -func (c *podMonitors) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("podmonitors"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *podMonitors) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("podmonitors"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched podMonitor. -func (c *podMonitors) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.PodMonitor, err error) { - result = &v1.PodMonitor{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("podmonitors"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - -// Apply takes the given apply declarative configuration, applies it and returns the applied podMonitor. -func (c *podMonitors) Apply(ctx context.Context, podMonitor *monitoringv1.PodMonitorApplyConfiguration, opts metav1.ApplyOptions) (result *v1.PodMonitor, err error) { - if podMonitor == nil { - return nil, fmt.Errorf("podMonitor provided to Apply must not be nil") - } - patchOpts := opts.ToPatchOptions() - data, err := json.Marshal(podMonitor) - if err != nil { - return nil, err - } - name := podMonitor.Name - if name == nil { - return nil, fmt.Errorf("podMonitor.Name must be provided to Apply") - } - result = &v1.PodMonitor{} - err = c.client.Patch(types.ApplyPatchType). - Namespace(c.ns). - Resource("podmonitors"). - Name(*name). - VersionedParams(&patchOpts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/client/versioned/typed/monitoring/v1/probe.go b/pkg/client/versioned/typed/monitoring/v1/probe.go index 96e0e434dee..f6a0303e7f3 100644 --- a/pkg/client/versioned/typed/monitoring/v1/probe.go +++ b/pkg/client/versioned/typed/monitoring/v1/probe.go @@ -18,9 +18,6 @@ package v1 import ( "context" - json "encoding/json" - "fmt" - "time" v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" @@ -28,7 +25,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // ProbesGetter has a method to return a ProbeInterface. @@ -53,154 +50,18 @@ type ProbeInterface interface { // probes implements ProbeInterface type probes struct { - client rest.Interface - ns string + *gentype.ClientWithListAndApply[*v1.Probe, *v1.ProbeList, *monitoringv1.ProbeApplyConfiguration] } // newProbes returns a Probes func newProbes(c *MonitoringV1Client, namespace string) *probes { return &probes{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithListAndApply[*v1.Probe, *v1.ProbeList, *monitoringv1.ProbeApplyConfiguration]( + "probes", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1.Probe { return &v1.Probe{} }, + func() *v1.ProbeList { return &v1.ProbeList{} }), } } - -// Get takes name of the probe, and returns the corresponding probe object, and an error if there is any. -func (c *probes) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Probe, err error) { - result = &v1.Probe{} - err = c.client.Get(). - Namespace(c.ns). - Resource("probes"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of Probes that match those selectors. -func (c *probes) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ProbeList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1.ProbeList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("probes"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested probes. -func (c *probes) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("probes"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a probe and creates it. Returns the server's representation of the probe, and an error, if there is any. -func (c *probes) Create(ctx context.Context, probe *v1.Probe, opts metav1.CreateOptions) (result *v1.Probe, err error) { - result = &v1.Probe{} - err = c.client.Post(). - Namespace(c.ns). - Resource("probes"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(probe). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a probe and updates it. Returns the server's representation of the probe, and an error, if there is any. -func (c *probes) Update(ctx context.Context, probe *v1.Probe, opts metav1.UpdateOptions) (result *v1.Probe, err error) { - result = &v1.Probe{} - err = c.client.Put(). - Namespace(c.ns). - Resource("probes"). - Name(probe.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(probe). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the probe and deletes it. Returns an error if one occurs. -func (c *probes) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("probes"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *probes) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("probes"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched probe. -func (c *probes) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Probe, err error) { - result = &v1.Probe{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("probes"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - -// Apply takes the given apply declarative configuration, applies it and returns the applied probe. -func (c *probes) Apply(ctx context.Context, probe *monitoringv1.ProbeApplyConfiguration, opts metav1.ApplyOptions) (result *v1.Probe, err error) { - if probe == nil { - return nil, fmt.Errorf("probe provided to Apply must not be nil") - } - patchOpts := opts.ToPatchOptions() - data, err := json.Marshal(probe) - if err != nil { - return nil, err - } - name := probe.Name - if name == nil { - return nil, fmt.Errorf("probe.Name must be provided to Apply") - } - result = &v1.Probe{} - err = c.client.Patch(types.ApplyPatchType). - Namespace(c.ns). - Resource("probes"). - Name(*name). - VersionedParams(&patchOpts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/client/versioned/typed/monitoring/v1/prometheus.go b/pkg/client/versioned/typed/monitoring/v1/prometheus.go index c1bdeb6bfe9..7901cc69f9a 100644 --- a/pkg/client/versioned/typed/monitoring/v1/prometheus.go +++ b/pkg/client/versioned/typed/monitoring/v1/prometheus.go @@ -18,9 +18,6 @@ package v1 import ( "context" - json "encoding/json" - "fmt" - "time" v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" @@ -29,7 +26,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // PrometheusesGetter has a method to return a PrometheusInterface. @@ -42,6 +39,7 @@ type PrometheusesGetter interface { type PrometheusInterface interface { Create(ctx context.Context, prometheus *v1.Prometheus, opts metav1.CreateOptions) (*v1.Prometheus, error) Update(ctx context.Context, prometheus *v1.Prometheus, opts metav1.UpdateOptions) (*v1.Prometheus, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). UpdateStatus(ctx context.Context, prometheus *v1.Prometheus, opts metav1.UpdateOptions) (*v1.Prometheus, error) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error @@ -50,6 +48,7 @@ type PrometheusInterface interface { Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Prometheus, err error) Apply(ctx context.Context, prometheus *monitoringv1.PrometheusApplyConfiguration, opts metav1.ApplyOptions) (result *v1.Prometheus, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). ApplyStatus(ctx context.Context, prometheus *monitoringv1.PrometheusApplyConfiguration, opts metav1.ApplyOptions) (result *v1.Prometheus, err error) GetScale(ctx context.Context, prometheusName string, options metav1.GetOptions) (*autoscalingv1.Scale, error) UpdateScale(ctx context.Context, prometheusName string, scale *autoscalingv1.Scale, opts metav1.UpdateOptions) (*autoscalingv1.Scale, error) @@ -59,143 +58,46 @@ type PrometheusInterface interface { // prometheuses implements PrometheusInterface type prometheuses struct { - client rest.Interface - ns string + *gentype.ClientWithListAndApply[*v1.Prometheus, *v1.PrometheusList, *monitoringv1.PrometheusApplyConfiguration] } // newPrometheuses returns a Prometheuses func newPrometheuses(c *MonitoringV1Client, namespace string) *prometheuses { return &prometheuses{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithListAndApply[*v1.Prometheus, *v1.PrometheusList, *monitoringv1.PrometheusApplyConfiguration]( + "prometheuses", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1.Prometheus { return &v1.Prometheus{} }, + func() *v1.PrometheusList { return &v1.PrometheusList{} }), } } -// Get takes name of the prometheus, and returns the corresponding prometheus object, and an error if there is any. -func (c *prometheuses) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Prometheus, err error) { - result = &v1.Prometheus{} - err = c.client.Get(). - Namespace(c.ns). +// GetScale takes name of the prometheus, and returns the corresponding autoscalingv1.Scale object, and an error if there is any. +func (c *prometheuses) GetScale(ctx context.Context, prometheusName string, options metav1.GetOptions) (result *autoscalingv1.Scale, err error) { + result = &autoscalingv1.Scale{} + err = c.GetClient().Get(). + Namespace(c.GetNamespace()). Resource("prometheuses"). - Name(name). + Name(prometheusName). + SubResource("scale"). VersionedParams(&options, scheme.ParameterCodec). Do(ctx). Into(result) return } -// List takes label and field selectors, and returns the list of Prometheuses that match those selectors. -func (c *prometheuses) List(ctx context.Context, opts metav1.ListOptions) (result *v1.PrometheusList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1.PrometheusList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("prometheuses"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested prometheuses. -func (c *prometheuses) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("prometheuses"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a prometheus and creates it. Returns the server's representation of the prometheus, and an error, if there is any. -func (c *prometheuses) Create(ctx context.Context, prometheus *v1.Prometheus, opts metav1.CreateOptions) (result *v1.Prometheus, err error) { - result = &v1.Prometheus{} - err = c.client.Post(). - Namespace(c.ns). - Resource("prometheuses"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(prometheus). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a prometheus and updates it. Returns the server's representation of the prometheus, and an error, if there is any. -func (c *prometheuses) Update(ctx context.Context, prometheus *v1.Prometheus, opts metav1.UpdateOptions) (result *v1.Prometheus, err error) { - result = &v1.Prometheus{} - err = c.client.Put(). - Namespace(c.ns). - Resource("prometheuses"). - Name(prometheus.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(prometheus). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *prometheuses) UpdateStatus(ctx context.Context, prometheus *v1.Prometheus, opts metav1.UpdateOptions) (result *v1.Prometheus, err error) { - result = &v1.Prometheus{} - err = c.client.Put(). - Namespace(c.ns). - Resource("prometheuses"). - Name(prometheus.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(prometheus). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the prometheus and deletes it. Returns an error if one occurs. -func (c *prometheuses) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("prometheuses"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *prometheuses) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("prometheuses"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched prometheus. -func (c *prometheuses) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Prometheus, err error) { - result = &v1.Prometheus{} - err = c.client.Patch(pt). - Namespace(c.ns). +// UpdateScale takes the top resource name and the representation of a scale and updates it. Returns the server's representation of the scale, and an error, if there is any. +func (c *prometheuses) UpdateScale(ctx context.Context, prometheusName string, scale *autoscalingv1.Scale, opts metav1.UpdateOptions) (result *autoscalingv1.Scale, err error) { + result = &autoscalingv1.Scale{} + err = c.GetClient().Put(). + Namespace(c.GetNamespace()). Resource("prometheuses"). - Name(name). - SubResource(subresources...). + Name(prometheusName). + SubResource("scale"). VersionedParams(&opts, scheme.ParameterCodec). - Body(data). + Body(scale). Do(ctx). Into(result) return diff --git a/pkg/client/versioned/typed/monitoring/v1/prometheusrule.go b/pkg/client/versioned/typed/monitoring/v1/prometheusrule.go index 69fbeffc5d4..6ae25d0d360 100644 --- a/pkg/client/versioned/typed/monitoring/v1/prometheusrule.go +++ b/pkg/client/versioned/typed/monitoring/v1/prometheusrule.go @@ -18,9 +18,6 @@ package v1 import ( "context" - json "encoding/json" - "fmt" - "time" v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" @@ -28,7 +25,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // PrometheusRulesGetter has a method to return a PrometheusRuleInterface. @@ -53,154 +50,18 @@ type PrometheusRuleInterface interface { // prometheusRules implements PrometheusRuleInterface type prometheusRules struct { - client rest.Interface - ns string + *gentype.ClientWithListAndApply[*v1.PrometheusRule, *v1.PrometheusRuleList, *monitoringv1.PrometheusRuleApplyConfiguration] } // newPrometheusRules returns a PrometheusRules func newPrometheusRules(c *MonitoringV1Client, namespace string) *prometheusRules { return &prometheusRules{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithListAndApply[*v1.PrometheusRule, *v1.PrometheusRuleList, *monitoringv1.PrometheusRuleApplyConfiguration]( + "prometheusrules", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1.PrometheusRule { return &v1.PrometheusRule{} }, + func() *v1.PrometheusRuleList { return &v1.PrometheusRuleList{} }), } } - -// Get takes name of the prometheusRule, and returns the corresponding prometheusRule object, and an error if there is any. -func (c *prometheusRules) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.PrometheusRule, err error) { - result = &v1.PrometheusRule{} - err = c.client.Get(). - Namespace(c.ns). - Resource("prometheusrules"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of PrometheusRules that match those selectors. -func (c *prometheusRules) List(ctx context.Context, opts metav1.ListOptions) (result *v1.PrometheusRuleList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1.PrometheusRuleList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("prometheusrules"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested prometheusRules. -func (c *prometheusRules) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("prometheusrules"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a prometheusRule and creates it. Returns the server's representation of the prometheusRule, and an error, if there is any. -func (c *prometheusRules) Create(ctx context.Context, prometheusRule *v1.PrometheusRule, opts metav1.CreateOptions) (result *v1.PrometheusRule, err error) { - result = &v1.PrometheusRule{} - err = c.client.Post(). - Namespace(c.ns). - Resource("prometheusrules"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(prometheusRule). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a prometheusRule and updates it. Returns the server's representation of the prometheusRule, and an error, if there is any. -func (c *prometheusRules) Update(ctx context.Context, prometheusRule *v1.PrometheusRule, opts metav1.UpdateOptions) (result *v1.PrometheusRule, err error) { - result = &v1.PrometheusRule{} - err = c.client.Put(). - Namespace(c.ns). - Resource("prometheusrules"). - Name(prometheusRule.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(prometheusRule). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the prometheusRule and deletes it. Returns an error if one occurs. -func (c *prometheusRules) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("prometheusrules"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *prometheusRules) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("prometheusrules"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched prometheusRule. -func (c *prometheusRules) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.PrometheusRule, err error) { - result = &v1.PrometheusRule{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("prometheusrules"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - -// Apply takes the given apply declarative configuration, applies it and returns the applied prometheusRule. -func (c *prometheusRules) Apply(ctx context.Context, prometheusRule *monitoringv1.PrometheusRuleApplyConfiguration, opts metav1.ApplyOptions) (result *v1.PrometheusRule, err error) { - if prometheusRule == nil { - return nil, fmt.Errorf("prometheusRule provided to Apply must not be nil") - } - patchOpts := opts.ToPatchOptions() - data, err := json.Marshal(prometheusRule) - if err != nil { - return nil, err - } - name := prometheusRule.Name - if name == nil { - return nil, fmt.Errorf("prometheusRule.Name must be provided to Apply") - } - result = &v1.PrometheusRule{} - err = c.client.Patch(types.ApplyPatchType). - Namespace(c.ns). - Resource("prometheusrules"). - Name(*name). - VersionedParams(&patchOpts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/client/versioned/typed/monitoring/v1/servicemonitor.go b/pkg/client/versioned/typed/monitoring/v1/servicemonitor.go index 02f5e5e4d84..a055a684a94 100644 --- a/pkg/client/versioned/typed/monitoring/v1/servicemonitor.go +++ b/pkg/client/versioned/typed/monitoring/v1/servicemonitor.go @@ -18,9 +18,6 @@ package v1 import ( "context" - json "encoding/json" - "fmt" - "time" v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" @@ -28,7 +25,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // ServiceMonitorsGetter has a method to return a ServiceMonitorInterface. @@ -53,154 +50,18 @@ type ServiceMonitorInterface interface { // serviceMonitors implements ServiceMonitorInterface type serviceMonitors struct { - client rest.Interface - ns string + *gentype.ClientWithListAndApply[*v1.ServiceMonitor, *v1.ServiceMonitorList, *monitoringv1.ServiceMonitorApplyConfiguration] } // newServiceMonitors returns a ServiceMonitors func newServiceMonitors(c *MonitoringV1Client, namespace string) *serviceMonitors { return &serviceMonitors{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithListAndApply[*v1.ServiceMonitor, *v1.ServiceMonitorList, *monitoringv1.ServiceMonitorApplyConfiguration]( + "servicemonitors", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1.ServiceMonitor { return &v1.ServiceMonitor{} }, + func() *v1.ServiceMonitorList { return &v1.ServiceMonitorList{} }), } } - -// Get takes name of the serviceMonitor, and returns the corresponding serviceMonitor object, and an error if there is any. -func (c *serviceMonitors) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ServiceMonitor, err error) { - result = &v1.ServiceMonitor{} - err = c.client.Get(). - Namespace(c.ns). - Resource("servicemonitors"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ServiceMonitors that match those selectors. -func (c *serviceMonitors) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ServiceMonitorList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1.ServiceMonitorList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("servicemonitors"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested serviceMonitors. -func (c *serviceMonitors) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("servicemonitors"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a serviceMonitor and creates it. Returns the server's representation of the serviceMonitor, and an error, if there is any. -func (c *serviceMonitors) Create(ctx context.Context, serviceMonitor *v1.ServiceMonitor, opts metav1.CreateOptions) (result *v1.ServiceMonitor, err error) { - result = &v1.ServiceMonitor{} - err = c.client.Post(). - Namespace(c.ns). - Resource("servicemonitors"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(serviceMonitor). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a serviceMonitor and updates it. Returns the server's representation of the serviceMonitor, and an error, if there is any. -func (c *serviceMonitors) Update(ctx context.Context, serviceMonitor *v1.ServiceMonitor, opts metav1.UpdateOptions) (result *v1.ServiceMonitor, err error) { - result = &v1.ServiceMonitor{} - err = c.client.Put(). - Namespace(c.ns). - Resource("servicemonitors"). - Name(serviceMonitor.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(serviceMonitor). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the serviceMonitor and deletes it. Returns an error if one occurs. -func (c *serviceMonitors) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("servicemonitors"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *serviceMonitors) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("servicemonitors"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched serviceMonitor. -func (c *serviceMonitors) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ServiceMonitor, err error) { - result = &v1.ServiceMonitor{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("servicemonitors"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - -// Apply takes the given apply declarative configuration, applies it and returns the applied serviceMonitor. -func (c *serviceMonitors) Apply(ctx context.Context, serviceMonitor *monitoringv1.ServiceMonitorApplyConfiguration, opts metav1.ApplyOptions) (result *v1.ServiceMonitor, err error) { - if serviceMonitor == nil { - return nil, fmt.Errorf("serviceMonitor provided to Apply must not be nil") - } - patchOpts := opts.ToPatchOptions() - data, err := json.Marshal(serviceMonitor) - if err != nil { - return nil, err - } - name := serviceMonitor.Name - if name == nil { - return nil, fmt.Errorf("serviceMonitor.Name must be provided to Apply") - } - result = &v1.ServiceMonitor{} - err = c.client.Patch(types.ApplyPatchType). - Namespace(c.ns). - Resource("servicemonitors"). - Name(*name). - VersionedParams(&patchOpts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/client/versioned/typed/monitoring/v1/thanosruler.go b/pkg/client/versioned/typed/monitoring/v1/thanosruler.go index af077f47030..fa1489ed945 100644 --- a/pkg/client/versioned/typed/monitoring/v1/thanosruler.go +++ b/pkg/client/versioned/typed/monitoring/v1/thanosruler.go @@ -18,9 +18,6 @@ package v1 import ( "context" - json "encoding/json" - "fmt" - "time" v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1" @@ -28,7 +25,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // ThanosRulersGetter has a method to return a ThanosRulerInterface. @@ -41,6 +38,7 @@ type ThanosRulersGetter interface { type ThanosRulerInterface interface { Create(ctx context.Context, thanosRuler *v1.ThanosRuler, opts metav1.CreateOptions) (*v1.ThanosRuler, error) Update(ctx context.Context, thanosRuler *v1.ThanosRuler, opts metav1.UpdateOptions) (*v1.ThanosRuler, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). UpdateStatus(ctx context.Context, thanosRuler *v1.ThanosRuler, opts metav1.UpdateOptions) (*v1.ThanosRuler, error) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error @@ -49,206 +47,25 @@ type ThanosRulerInterface interface { Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ThanosRuler, err error) Apply(ctx context.Context, thanosRuler *monitoringv1.ThanosRulerApplyConfiguration, opts metav1.ApplyOptions) (result *v1.ThanosRuler, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). ApplyStatus(ctx context.Context, thanosRuler *monitoringv1.ThanosRulerApplyConfiguration, opts metav1.ApplyOptions) (result *v1.ThanosRuler, err error) ThanosRulerExpansion } // thanosRulers implements ThanosRulerInterface type thanosRulers struct { - client rest.Interface - ns string + *gentype.ClientWithListAndApply[*v1.ThanosRuler, *v1.ThanosRulerList, *monitoringv1.ThanosRulerApplyConfiguration] } // newThanosRulers returns a ThanosRulers func newThanosRulers(c *MonitoringV1Client, namespace string) *thanosRulers { return &thanosRulers{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithListAndApply[*v1.ThanosRuler, *v1.ThanosRulerList, *monitoringv1.ThanosRulerApplyConfiguration]( + "thanosrulers", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1.ThanosRuler { return &v1.ThanosRuler{} }, + func() *v1.ThanosRulerList { return &v1.ThanosRulerList{} }), } } - -// Get takes name of the thanosRuler, and returns the corresponding thanosRuler object, and an error if there is any. -func (c *thanosRulers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ThanosRuler, err error) { - result = &v1.ThanosRuler{} - err = c.client.Get(). - Namespace(c.ns). - Resource("thanosrulers"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ThanosRulers that match those selectors. -func (c *thanosRulers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ThanosRulerList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1.ThanosRulerList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("thanosrulers"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested thanosRulers. -func (c *thanosRulers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("thanosrulers"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a thanosRuler and creates it. Returns the server's representation of the thanosRuler, and an error, if there is any. -func (c *thanosRulers) Create(ctx context.Context, thanosRuler *v1.ThanosRuler, opts metav1.CreateOptions) (result *v1.ThanosRuler, err error) { - result = &v1.ThanosRuler{} - err = c.client.Post(). - Namespace(c.ns). - Resource("thanosrulers"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(thanosRuler). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a thanosRuler and updates it. Returns the server's representation of the thanosRuler, and an error, if there is any. -func (c *thanosRulers) Update(ctx context.Context, thanosRuler *v1.ThanosRuler, opts metav1.UpdateOptions) (result *v1.ThanosRuler, err error) { - result = &v1.ThanosRuler{} - err = c.client.Put(). - Namespace(c.ns). - Resource("thanosrulers"). - Name(thanosRuler.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(thanosRuler). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *thanosRulers) UpdateStatus(ctx context.Context, thanosRuler *v1.ThanosRuler, opts metav1.UpdateOptions) (result *v1.ThanosRuler, err error) { - result = &v1.ThanosRuler{} - err = c.client.Put(). - Namespace(c.ns). - Resource("thanosrulers"). - Name(thanosRuler.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(thanosRuler). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the thanosRuler and deletes it. Returns an error if one occurs. -func (c *thanosRulers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("thanosrulers"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *thanosRulers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("thanosrulers"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched thanosRuler. -func (c *thanosRulers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ThanosRuler, err error) { - result = &v1.ThanosRuler{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("thanosrulers"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - -// Apply takes the given apply declarative configuration, applies it and returns the applied thanosRuler. -func (c *thanosRulers) Apply(ctx context.Context, thanosRuler *monitoringv1.ThanosRulerApplyConfiguration, opts metav1.ApplyOptions) (result *v1.ThanosRuler, err error) { - if thanosRuler == nil { - return nil, fmt.Errorf("thanosRuler provided to Apply must not be nil") - } - patchOpts := opts.ToPatchOptions() - data, err := json.Marshal(thanosRuler) - if err != nil { - return nil, err - } - name := thanosRuler.Name - if name == nil { - return nil, fmt.Errorf("thanosRuler.Name must be provided to Apply") - } - result = &v1.ThanosRuler{} - err = c.client.Patch(types.ApplyPatchType). - Namespace(c.ns). - Resource("thanosrulers"). - Name(*name). - VersionedParams(&patchOpts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - -// ApplyStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). -func (c *thanosRulers) ApplyStatus(ctx context.Context, thanosRuler *monitoringv1.ThanosRulerApplyConfiguration, opts metav1.ApplyOptions) (result *v1.ThanosRuler, err error) { - if thanosRuler == nil { - return nil, fmt.Errorf("thanosRuler provided to Apply must not be nil") - } - patchOpts := opts.ToPatchOptions() - data, err := json.Marshal(thanosRuler) - if err != nil { - return nil, err - } - - name := thanosRuler.Name - if name == nil { - return nil, fmt.Errorf("thanosRuler.Name must be provided to Apply") - } - - result = &v1.ThanosRuler{} - err = c.client.Patch(types.ApplyPatchType). - Namespace(c.ns). - Resource("thanosrulers"). - Name(*name). - SubResource("status"). - VersionedParams(&patchOpts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/client/versioned/typed/monitoring/v1alpha1/alertmanagerconfig.go b/pkg/client/versioned/typed/monitoring/v1alpha1/alertmanagerconfig.go index f8415594032..fc79ae14d61 100644 --- a/pkg/client/versioned/typed/monitoring/v1alpha1/alertmanagerconfig.go +++ b/pkg/client/versioned/typed/monitoring/v1alpha1/alertmanagerconfig.go @@ -18,9 +18,6 @@ package v1alpha1 import ( "context" - json "encoding/json" - "fmt" - "time" v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1alpha1" @@ -28,7 +25,7 @@ import ( v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // AlertmanagerConfigsGetter has a method to return a AlertmanagerConfigInterface. @@ -53,154 +50,18 @@ type AlertmanagerConfigInterface interface { // alertmanagerConfigs implements AlertmanagerConfigInterface type alertmanagerConfigs struct { - client rest.Interface - ns string + *gentype.ClientWithListAndApply[*v1alpha1.AlertmanagerConfig, *v1alpha1.AlertmanagerConfigList, *monitoringv1alpha1.AlertmanagerConfigApplyConfiguration] } // newAlertmanagerConfigs returns a AlertmanagerConfigs func newAlertmanagerConfigs(c *MonitoringV1alpha1Client, namespace string) *alertmanagerConfigs { return &alertmanagerConfigs{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithListAndApply[*v1alpha1.AlertmanagerConfig, *v1alpha1.AlertmanagerConfigList, *monitoringv1alpha1.AlertmanagerConfigApplyConfiguration]( + "alertmanagerconfigs", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.AlertmanagerConfig { return &v1alpha1.AlertmanagerConfig{} }, + func() *v1alpha1.AlertmanagerConfigList { return &v1alpha1.AlertmanagerConfigList{} }), } } - -// Get takes name of the alertmanagerConfig, and returns the corresponding alertmanagerConfig object, and an error if there is any. -func (c *alertmanagerConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.AlertmanagerConfig, err error) { - result = &v1alpha1.AlertmanagerConfig{} - err = c.client.Get(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of AlertmanagerConfigs that match those selectors. -func (c *alertmanagerConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.AlertmanagerConfigList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.AlertmanagerConfigList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested alertmanagerConfigs. -func (c *alertmanagerConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a alertmanagerConfig and creates it. Returns the server's representation of the alertmanagerConfig, and an error, if there is any. -func (c *alertmanagerConfigs) Create(ctx context.Context, alertmanagerConfig *v1alpha1.AlertmanagerConfig, opts v1.CreateOptions) (result *v1alpha1.AlertmanagerConfig, err error) { - result = &v1alpha1.AlertmanagerConfig{} - err = c.client.Post(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(alertmanagerConfig). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a alertmanagerConfig and updates it. Returns the server's representation of the alertmanagerConfig, and an error, if there is any. -func (c *alertmanagerConfigs) Update(ctx context.Context, alertmanagerConfig *v1alpha1.AlertmanagerConfig, opts v1.UpdateOptions) (result *v1alpha1.AlertmanagerConfig, err error) { - result = &v1alpha1.AlertmanagerConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - Name(alertmanagerConfig.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(alertmanagerConfig). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the alertmanagerConfig and deletes it. Returns an error if one occurs. -func (c *alertmanagerConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *alertmanagerConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched alertmanagerConfig. -func (c *alertmanagerConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.AlertmanagerConfig, err error) { - result = &v1alpha1.AlertmanagerConfig{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - -// Apply takes the given apply declarative configuration, applies it and returns the applied alertmanagerConfig. -func (c *alertmanagerConfigs) Apply(ctx context.Context, alertmanagerConfig *monitoringv1alpha1.AlertmanagerConfigApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.AlertmanagerConfig, err error) { - if alertmanagerConfig == nil { - return nil, fmt.Errorf("alertmanagerConfig provided to Apply must not be nil") - } - patchOpts := opts.ToPatchOptions() - data, err := json.Marshal(alertmanagerConfig) - if err != nil { - return nil, err - } - name := alertmanagerConfig.Name - if name == nil { - return nil, fmt.Errorf("alertmanagerConfig.Name must be provided to Apply") - } - result = &v1alpha1.AlertmanagerConfig{} - err = c.client.Patch(types.ApplyPatchType). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - Name(*name). - VersionedParams(&patchOpts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/client/versioned/typed/monitoring/v1alpha1/fake/fake_alertmanagerconfig.go b/pkg/client/versioned/typed/monitoring/v1alpha1/fake/fake_alertmanagerconfig.go index 8b6f742a7c6..888bad45499 100644 --- a/pkg/client/versioned/typed/monitoring/v1alpha1/fake/fake_alertmanagerconfig.go +++ b/pkg/client/versioned/typed/monitoring/v1alpha1/fake/fake_alertmanagerconfig.go @@ -42,22 +42,24 @@ var alertmanagerconfigsKind = v1alpha1.SchemeGroupVersion.WithKind("Alertmanager // Get takes name of the alertmanagerConfig, and returns the corresponding alertmanagerConfig object, and an error if there is any. func (c *FakeAlertmanagerConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.AlertmanagerConfig, err error) { + emptyResult := &v1alpha1.AlertmanagerConfig{} obj, err := c.Fake. - Invokes(testing.NewGetAction(alertmanagerconfigsResource, c.ns, name), &v1alpha1.AlertmanagerConfig{}) + Invokes(testing.NewGetActionWithOptions(alertmanagerconfigsResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.AlertmanagerConfig), err } // List takes label and field selectors, and returns the list of AlertmanagerConfigs that match those selectors. func (c *FakeAlertmanagerConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.AlertmanagerConfigList, err error) { + emptyResult := &v1alpha1.AlertmanagerConfigList{} obj, err := c.Fake. - Invokes(testing.NewListAction(alertmanagerconfigsResource, alertmanagerconfigsKind, c.ns, opts), &v1alpha1.AlertmanagerConfigList{}) + Invokes(testing.NewListActionWithOptions(alertmanagerconfigsResource, alertmanagerconfigsKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -76,28 +78,30 @@ func (c *FakeAlertmanagerConfigs) List(ctx context.Context, opts v1.ListOptions) // Watch returns a watch.Interface that watches the requested alertmanagerConfigs. func (c *FakeAlertmanagerConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(alertmanagerconfigsResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(alertmanagerconfigsResource, c.ns, opts)) } // Create takes the representation of a alertmanagerConfig and creates it. Returns the server's representation of the alertmanagerConfig, and an error, if there is any. func (c *FakeAlertmanagerConfigs) Create(ctx context.Context, alertmanagerConfig *v1alpha1.AlertmanagerConfig, opts v1.CreateOptions) (result *v1alpha1.AlertmanagerConfig, err error) { + emptyResult := &v1alpha1.AlertmanagerConfig{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(alertmanagerconfigsResource, c.ns, alertmanagerConfig), &v1alpha1.AlertmanagerConfig{}) + Invokes(testing.NewCreateActionWithOptions(alertmanagerconfigsResource, c.ns, alertmanagerConfig, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.AlertmanagerConfig), err } // Update takes the representation of a alertmanagerConfig and updates it. Returns the server's representation of the alertmanagerConfig, and an error, if there is any. func (c *FakeAlertmanagerConfigs) Update(ctx context.Context, alertmanagerConfig *v1alpha1.AlertmanagerConfig, opts v1.UpdateOptions) (result *v1alpha1.AlertmanagerConfig, err error) { + emptyResult := &v1alpha1.AlertmanagerConfig{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(alertmanagerconfigsResource, c.ns, alertmanagerConfig), &v1alpha1.AlertmanagerConfig{}) + Invokes(testing.NewUpdateActionWithOptions(alertmanagerconfigsResource, c.ns, alertmanagerConfig, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.AlertmanagerConfig), err } @@ -112,7 +116,7 @@ func (c *FakeAlertmanagerConfigs) Delete(ctx context.Context, name string, opts // DeleteCollection deletes a collection of objects. func (c *FakeAlertmanagerConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(alertmanagerconfigsResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(alertmanagerconfigsResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1alpha1.AlertmanagerConfigList{}) return err @@ -120,12 +124,36 @@ func (c *FakeAlertmanagerConfigs) DeleteCollection(ctx context.Context, opts v1. // Patch applies the patch and returns the patched alertmanagerConfig. func (c *FakeAlertmanagerConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.AlertmanagerConfig, err error) { + emptyResult := &v1alpha1.AlertmanagerConfig{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(alertmanagerconfigsResource, c.ns, name, pt, data, subresources...), &v1alpha1.AlertmanagerConfig{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(alertmanagerconfigsResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.AlertmanagerConfig), err +} + +// Apply takes the given apply declarative configuration, applies it and returns the applied alertmanagerConfig. +func (c *FakeAlertmanagerConfigs) Apply(ctx context.Context, alertmanagerConfig *monitoringv1alpha1.AlertmanagerConfigApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.AlertmanagerConfig, err error) { + if alertmanagerConfig == nil { + return nil, fmt.Errorf("alertmanagerConfig provided to Apply must not be nil") + } + data, err := json.Marshal(alertmanagerConfig) + if err != nil { return nil, err } + name := alertmanagerConfig.Name + if name == nil { + return nil, fmt.Errorf("alertmanagerConfig.Name must be provided to Apply") + } + emptyResult := &v1alpha1.AlertmanagerConfig{} + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceActionWithOptions(alertmanagerconfigsResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions()), emptyResult) + + if obj == nil { + return emptyResult, err + } return obj.(*v1alpha1.AlertmanagerConfig), err } diff --git a/pkg/client/versioned/typed/monitoring/v1alpha1/fake/fake_prometheusagent.go b/pkg/client/versioned/typed/monitoring/v1alpha1/fake/fake_prometheusagent.go index 5fe6917fee7..736c16b2c26 100644 --- a/pkg/client/versioned/typed/monitoring/v1alpha1/fake/fake_prometheusagent.go +++ b/pkg/client/versioned/typed/monitoring/v1alpha1/fake/fake_prometheusagent.go @@ -43,22 +43,24 @@ var prometheusagentsKind = v1alpha1.SchemeGroupVersion.WithKind("PrometheusAgent // Get takes name of the prometheusAgent, and returns the corresponding prometheusAgent object, and an error if there is any. func (c *FakePrometheusAgents) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PrometheusAgent, err error) { + emptyResult := &v1alpha1.PrometheusAgent{} obj, err := c.Fake. - Invokes(testing.NewGetAction(prometheusagentsResource, c.ns, name), &v1alpha1.PrometheusAgent{}) + Invokes(testing.NewGetActionWithOptions(prometheusagentsResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PrometheusAgent), err } // List takes label and field selectors, and returns the list of PrometheusAgents that match those selectors. func (c *FakePrometheusAgents) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PrometheusAgentList, err error) { + emptyResult := &v1alpha1.PrometheusAgentList{} obj, err := c.Fake. - Invokes(testing.NewListAction(prometheusagentsResource, prometheusagentsKind, c.ns, opts), &v1alpha1.PrometheusAgentList{}) + Invokes(testing.NewListActionWithOptions(prometheusagentsResource, prometheusagentsKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -77,40 +79,43 @@ func (c *FakePrometheusAgents) List(ctx context.Context, opts v1.ListOptions) (r // Watch returns a watch.Interface that watches the requested prometheusAgents. func (c *FakePrometheusAgents) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(prometheusagentsResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(prometheusagentsResource, c.ns, opts)) } // Create takes the representation of a prometheusAgent and creates it. Returns the server's representation of the prometheusAgent, and an error, if there is any. func (c *FakePrometheusAgents) Create(ctx context.Context, prometheusAgent *v1alpha1.PrometheusAgent, opts v1.CreateOptions) (result *v1alpha1.PrometheusAgent, err error) { + emptyResult := &v1alpha1.PrometheusAgent{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(prometheusagentsResource, c.ns, prometheusAgent), &v1alpha1.PrometheusAgent{}) + Invokes(testing.NewCreateActionWithOptions(prometheusagentsResource, c.ns, prometheusAgent, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PrometheusAgent), err } // Update takes the representation of a prometheusAgent and updates it. Returns the server's representation of the prometheusAgent, and an error, if there is any. func (c *FakePrometheusAgents) Update(ctx context.Context, prometheusAgent *v1alpha1.PrometheusAgent, opts v1.UpdateOptions) (result *v1alpha1.PrometheusAgent, err error) { + emptyResult := &v1alpha1.PrometheusAgent{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(prometheusagentsResource, c.ns, prometheusAgent), &v1alpha1.PrometheusAgent{}) + Invokes(testing.NewUpdateActionWithOptions(prometheusagentsResource, c.ns, prometheusAgent, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PrometheusAgent), err } // UpdateStatus was generated because the type contains a Status member. // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakePrometheusAgents) UpdateStatus(ctx context.Context, prometheusAgent *v1alpha1.PrometheusAgent, opts v1.UpdateOptions) (*v1alpha1.PrometheusAgent, error) { +func (c *FakePrometheusAgents) UpdateStatus(ctx context.Context, prometheusAgent *v1alpha1.PrometheusAgent, opts v1.UpdateOptions) (result *v1alpha1.PrometheusAgent, err error) { + emptyResult := &v1alpha1.PrometheusAgent{} obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(prometheusagentsResource, "status", c.ns, prometheusAgent), &v1alpha1.PrometheusAgent{}) + Invokes(testing.NewUpdateSubresourceActionWithOptions(prometheusagentsResource, "status", c.ns, prometheusAgent, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PrometheusAgent), err } @@ -125,7 +130,7 @@ func (c *FakePrometheusAgents) Delete(ctx context.Context, name string, opts v1. // DeleteCollection deletes a collection of objects. func (c *FakePrometheusAgents) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(prometheusagentsResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(prometheusagentsResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1alpha1.PrometheusAgentList{}) return err @@ -133,11 +138,12 @@ func (c *FakePrometheusAgents) DeleteCollection(ctx context.Context, opts v1.Del // Patch applies the patch and returns the patched prometheusAgent. func (c *FakePrometheusAgents) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PrometheusAgent, err error) { + emptyResult := &v1alpha1.PrometheusAgent{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(prometheusagentsResource, c.ns, name, pt, data, subresources...), &v1alpha1.PrometheusAgent{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(prometheusagentsResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PrometheusAgent), err } @@ -155,11 +161,12 @@ func (c *FakePrometheusAgents) Apply(ctx context.Context, prometheusAgent *monit if name == nil { return nil, fmt.Errorf("prometheusAgent.Name must be provided to Apply") } + emptyResult := &v1alpha1.PrometheusAgent{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(prometheusagentsResource, c.ns, *name, types.ApplyPatchType, data), &v1alpha1.PrometheusAgent{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(prometheusagentsResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions()), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PrometheusAgent), err } @@ -178,33 +185,36 @@ func (c *FakePrometheusAgents) ApplyStatus(ctx context.Context, prometheusAgent if name == nil { return nil, fmt.Errorf("prometheusAgent.Name must be provided to Apply") } + emptyResult := &v1alpha1.PrometheusAgent{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(prometheusagentsResource, c.ns, *name, types.ApplyPatchType, data, "status"), &v1alpha1.PrometheusAgent{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(prometheusagentsResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions(), "status"), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PrometheusAgent), err } // GetScale takes name of the prometheusAgent, and returns the corresponding scale object, and an error if there is any. func (c *FakePrometheusAgents) GetScale(ctx context.Context, prometheusAgentName string, options v1.GetOptions) (result *autoscalingv1.Scale, err error) { + emptyResult := &autoscalingv1.Scale{} obj, err := c.Fake. - Invokes(testing.NewGetSubresourceAction(prometheusagentsResource, c.ns, "scale", prometheusAgentName), &autoscalingv1.Scale{}) + Invokes(testing.NewGetSubresourceActionWithOptions(prometheusagentsResource, c.ns, "scale", prometheusAgentName, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*autoscalingv1.Scale), err } // UpdateScale takes the representation of a scale and updates it. Returns the server's representation of the scale, and an error, if there is any. func (c *FakePrometheusAgents) UpdateScale(ctx context.Context, prometheusAgentName string, scale *autoscalingv1.Scale, opts v1.UpdateOptions) (result *autoscalingv1.Scale, err error) { + emptyResult := &autoscalingv1.Scale{} obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(prometheusagentsResource, "scale", c.ns, scale), &autoscalingv1.Scale{}) + Invokes(testing.NewUpdateSubresourceActionWithOptions(prometheusagentsResource, "scale", c.ns, scale, opts), &autoscalingv1.Scale{}) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*autoscalingv1.Scale), err } diff --git a/pkg/client/versioned/typed/monitoring/v1alpha1/fake/fake_scrapeconfig.go b/pkg/client/versioned/typed/monitoring/v1alpha1/fake/fake_scrapeconfig.go index 3827a90d12a..d3c18bc86dc 100644 --- a/pkg/client/versioned/typed/monitoring/v1alpha1/fake/fake_scrapeconfig.go +++ b/pkg/client/versioned/typed/monitoring/v1alpha1/fake/fake_scrapeconfig.go @@ -42,22 +42,24 @@ var scrapeconfigsKind = v1alpha1.SchemeGroupVersion.WithKind("ScrapeConfig") // Get takes name of the scrapeConfig, and returns the corresponding scrapeConfig object, and an error if there is any. func (c *FakeScrapeConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ScrapeConfig, err error) { + emptyResult := &v1alpha1.ScrapeConfig{} obj, err := c.Fake. - Invokes(testing.NewGetAction(scrapeconfigsResource, c.ns, name), &v1alpha1.ScrapeConfig{}) + Invokes(testing.NewGetActionWithOptions(scrapeconfigsResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.ScrapeConfig), err } // List takes label and field selectors, and returns the list of ScrapeConfigs that match those selectors. func (c *FakeScrapeConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ScrapeConfigList, err error) { + emptyResult := &v1alpha1.ScrapeConfigList{} obj, err := c.Fake. - Invokes(testing.NewListAction(scrapeconfigsResource, scrapeconfigsKind, c.ns, opts), &v1alpha1.ScrapeConfigList{}) + Invokes(testing.NewListActionWithOptions(scrapeconfigsResource, scrapeconfigsKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -76,28 +78,30 @@ func (c *FakeScrapeConfigs) List(ctx context.Context, opts v1.ListOptions) (resu // Watch returns a watch.Interface that watches the requested scrapeConfigs. func (c *FakeScrapeConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(scrapeconfigsResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(scrapeconfigsResource, c.ns, opts)) } // Create takes the representation of a scrapeConfig and creates it. Returns the server's representation of the scrapeConfig, and an error, if there is any. func (c *FakeScrapeConfigs) Create(ctx context.Context, scrapeConfig *v1alpha1.ScrapeConfig, opts v1.CreateOptions) (result *v1alpha1.ScrapeConfig, err error) { + emptyResult := &v1alpha1.ScrapeConfig{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(scrapeconfigsResource, c.ns, scrapeConfig), &v1alpha1.ScrapeConfig{}) + Invokes(testing.NewCreateActionWithOptions(scrapeconfigsResource, c.ns, scrapeConfig, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.ScrapeConfig), err } // Update takes the representation of a scrapeConfig and updates it. Returns the server's representation of the scrapeConfig, and an error, if there is any. func (c *FakeScrapeConfigs) Update(ctx context.Context, scrapeConfig *v1alpha1.ScrapeConfig, opts v1.UpdateOptions) (result *v1alpha1.ScrapeConfig, err error) { + emptyResult := &v1alpha1.ScrapeConfig{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(scrapeconfigsResource, c.ns, scrapeConfig), &v1alpha1.ScrapeConfig{}) + Invokes(testing.NewUpdateActionWithOptions(scrapeconfigsResource, c.ns, scrapeConfig, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.ScrapeConfig), err } @@ -112,7 +116,7 @@ func (c *FakeScrapeConfigs) Delete(ctx context.Context, name string, opts v1.Del // DeleteCollection deletes a collection of objects. func (c *FakeScrapeConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(scrapeconfigsResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(scrapeconfigsResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1alpha1.ScrapeConfigList{}) return err @@ -120,11 +124,12 @@ func (c *FakeScrapeConfigs) DeleteCollection(ctx context.Context, opts v1.Delete // Patch applies the patch and returns the patched scrapeConfig. func (c *FakeScrapeConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ScrapeConfig, err error) { + emptyResult := &v1alpha1.ScrapeConfig{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(scrapeconfigsResource, c.ns, name, pt, data, subresources...), &v1alpha1.ScrapeConfig{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(scrapeconfigsResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.ScrapeConfig), err } @@ -142,11 +147,12 @@ func (c *FakeScrapeConfigs) Apply(ctx context.Context, scrapeConfig *monitoringv if name == nil { return nil, fmt.Errorf("scrapeConfig.Name must be provided to Apply") } + emptyResult := &v1alpha1.ScrapeConfig{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(scrapeconfigsResource, c.ns, *name, types.ApplyPatchType, data), &v1alpha1.ScrapeConfig{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(scrapeconfigsResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions()), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.ScrapeConfig), err } diff --git a/pkg/client/versioned/typed/monitoring/v1alpha1/prometheusagent.go b/pkg/client/versioned/typed/monitoring/v1alpha1/prometheusagent.go index 16c2c934393..1156069a071 100644 --- a/pkg/client/versioned/typed/monitoring/v1alpha1/prometheusagent.go +++ b/pkg/client/versioned/typed/monitoring/v1alpha1/prometheusagent.go @@ -18,9 +18,6 @@ package v1alpha1 import ( "context" - json "encoding/json" - "fmt" - "time" v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1alpha1" @@ -29,7 +26,7 @@ import ( v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // PrometheusAgentsGetter has a method to return a PrometheusAgentInterface. @@ -42,6 +39,7 @@ type PrometheusAgentsGetter interface { type PrometheusAgentInterface interface { Create(ctx context.Context, prometheusAgent *v1alpha1.PrometheusAgent, opts v1.CreateOptions) (*v1alpha1.PrometheusAgent, error) Update(ctx context.Context, prometheusAgent *v1alpha1.PrometheusAgent, opts v1.UpdateOptions) (*v1alpha1.PrometheusAgent, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). UpdateStatus(ctx context.Context, prometheusAgent *v1alpha1.PrometheusAgent, opts v1.UpdateOptions) (*v1alpha1.PrometheusAgent, error) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error @@ -50,6 +48,7 @@ type PrometheusAgentInterface interface { Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PrometheusAgent, err error) Apply(ctx context.Context, prometheusAgent *monitoringv1alpha1.PrometheusAgentApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.PrometheusAgent, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). ApplyStatus(ctx context.Context, prometheusAgent *monitoringv1alpha1.PrometheusAgentApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.PrometheusAgent, err error) GetScale(ctx context.Context, prometheusAgentName string, options v1.GetOptions) (*autoscalingv1.Scale, error) UpdateScale(ctx context.Context, prometheusAgentName string, scale *autoscalingv1.Scale, opts v1.UpdateOptions) (*autoscalingv1.Scale, error) @@ -59,209 +58,27 @@ type PrometheusAgentInterface interface { // prometheusAgents implements PrometheusAgentInterface type prometheusAgents struct { - client rest.Interface - ns string + *gentype.ClientWithListAndApply[*v1alpha1.PrometheusAgent, *v1alpha1.PrometheusAgentList, *monitoringv1alpha1.PrometheusAgentApplyConfiguration] } // newPrometheusAgents returns a PrometheusAgents func newPrometheusAgents(c *MonitoringV1alpha1Client, namespace string) *prometheusAgents { return &prometheusAgents{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithListAndApply[*v1alpha1.PrometheusAgent, *v1alpha1.PrometheusAgentList, *monitoringv1alpha1.PrometheusAgentApplyConfiguration]( + "prometheusagents", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.PrometheusAgent { return &v1alpha1.PrometheusAgent{} }, + func() *v1alpha1.PrometheusAgentList { return &v1alpha1.PrometheusAgentList{} }), } } -// Get takes name of the prometheusAgent, and returns the corresponding prometheusAgent object, and an error if there is any. -func (c *prometheusAgents) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PrometheusAgent, err error) { - result = &v1alpha1.PrometheusAgent{} - err = c.client.Get(). - Namespace(c.ns). - Resource("prometheusagents"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of PrometheusAgents that match those selectors. -func (c *prometheusAgents) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PrometheusAgentList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.PrometheusAgentList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("prometheusagents"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested prometheusAgents. -func (c *prometheusAgents) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("prometheusagents"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a prometheusAgent and creates it. Returns the server's representation of the prometheusAgent, and an error, if there is any. -func (c *prometheusAgents) Create(ctx context.Context, prometheusAgent *v1alpha1.PrometheusAgent, opts v1.CreateOptions) (result *v1alpha1.PrometheusAgent, err error) { - result = &v1alpha1.PrometheusAgent{} - err = c.client.Post(). - Namespace(c.ns). - Resource("prometheusagents"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(prometheusAgent). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a prometheusAgent and updates it. Returns the server's representation of the prometheusAgent, and an error, if there is any. -func (c *prometheusAgents) Update(ctx context.Context, prometheusAgent *v1alpha1.PrometheusAgent, opts v1.UpdateOptions) (result *v1alpha1.PrometheusAgent, err error) { - result = &v1alpha1.PrometheusAgent{} - err = c.client.Put(). - Namespace(c.ns). - Resource("prometheusagents"). - Name(prometheusAgent.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(prometheusAgent). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *prometheusAgents) UpdateStatus(ctx context.Context, prometheusAgent *v1alpha1.PrometheusAgent, opts v1.UpdateOptions) (result *v1alpha1.PrometheusAgent, err error) { - result = &v1alpha1.PrometheusAgent{} - err = c.client.Put(). - Namespace(c.ns). - Resource("prometheusagents"). - Name(prometheusAgent.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(prometheusAgent). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the prometheusAgent and deletes it. Returns an error if one occurs. -func (c *prometheusAgents) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("prometheusagents"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *prometheusAgents) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("prometheusagents"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched prometheusAgent. -func (c *prometheusAgents) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PrometheusAgent, err error) { - result = &v1alpha1.PrometheusAgent{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("prometheusagents"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - -// Apply takes the given apply declarative configuration, applies it and returns the applied prometheusAgent. -func (c *prometheusAgents) Apply(ctx context.Context, prometheusAgent *monitoringv1alpha1.PrometheusAgentApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.PrometheusAgent, err error) { - if prometheusAgent == nil { - return nil, fmt.Errorf("prometheusAgent provided to Apply must not be nil") - } - patchOpts := opts.ToPatchOptions() - data, err := json.Marshal(prometheusAgent) - if err != nil { - return nil, err - } - name := prometheusAgent.Name - if name == nil { - return nil, fmt.Errorf("prometheusAgent.Name must be provided to Apply") - } - result = &v1alpha1.PrometheusAgent{} - err = c.client.Patch(types.ApplyPatchType). - Namespace(c.ns). - Resource("prometheusagents"). - Name(*name). - VersionedParams(&patchOpts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - -// ApplyStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). -func (c *prometheusAgents) ApplyStatus(ctx context.Context, prometheusAgent *monitoringv1alpha1.PrometheusAgentApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.PrometheusAgent, err error) { - if prometheusAgent == nil { - return nil, fmt.Errorf("prometheusAgent provided to Apply must not be nil") - } - patchOpts := opts.ToPatchOptions() - data, err := json.Marshal(prometheusAgent) - if err != nil { - return nil, err - } - - name := prometheusAgent.Name - if name == nil { - return nil, fmt.Errorf("prometheusAgent.Name must be provided to Apply") - } - - result = &v1alpha1.PrometheusAgent{} - err = c.client.Patch(types.ApplyPatchType). - Namespace(c.ns). - Resource("prometheusagents"). - Name(*name). - SubResource("status"). - VersionedParams(&patchOpts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - // GetScale takes name of the prometheusAgent, and returns the corresponding autoscalingv1.Scale object, and an error if there is any. func (c *prometheusAgents) GetScale(ctx context.Context, prometheusAgentName string, options v1.GetOptions) (result *autoscalingv1.Scale, err error) { result = &autoscalingv1.Scale{} - err = c.client.Get(). - Namespace(c.ns). + err = c.GetClient().Get(). + Namespace(c.GetNamespace()). Resource("prometheusagents"). Name(prometheusAgentName). SubResource("scale"). @@ -274,8 +91,8 @@ func (c *prometheusAgents) GetScale(ctx context.Context, prometheusAgentName str // UpdateScale takes the top resource name and the representation of a scale and updates it. Returns the server's representation of the scale, and an error, if there is any. func (c *prometheusAgents) UpdateScale(ctx context.Context, prometheusAgentName string, scale *autoscalingv1.Scale, opts v1.UpdateOptions) (result *autoscalingv1.Scale, err error) { result = &autoscalingv1.Scale{} - err = c.client.Put(). - Namespace(c.ns). + err = c.GetClient().Put(). + Namespace(c.GetNamespace()). Resource("prometheusagents"). Name(prometheusAgentName). SubResource("scale"). diff --git a/pkg/client/versioned/typed/monitoring/v1alpha1/scrapeconfig.go b/pkg/client/versioned/typed/monitoring/v1alpha1/scrapeconfig.go index 64e5d432085..9595d00ac63 100644 --- a/pkg/client/versioned/typed/monitoring/v1alpha1/scrapeconfig.go +++ b/pkg/client/versioned/typed/monitoring/v1alpha1/scrapeconfig.go @@ -18,9 +18,6 @@ package v1alpha1 import ( "context" - json "encoding/json" - "fmt" - "time" v1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1alpha1" @@ -28,7 +25,7 @@ import ( v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // ScrapeConfigsGetter has a method to return a ScrapeConfigInterface. @@ -53,154 +50,18 @@ type ScrapeConfigInterface interface { // scrapeConfigs implements ScrapeConfigInterface type scrapeConfigs struct { - client rest.Interface - ns string + *gentype.ClientWithListAndApply[*v1alpha1.ScrapeConfig, *v1alpha1.ScrapeConfigList, *monitoringv1alpha1.ScrapeConfigApplyConfiguration] } // newScrapeConfigs returns a ScrapeConfigs func newScrapeConfigs(c *MonitoringV1alpha1Client, namespace string) *scrapeConfigs { return &scrapeConfigs{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithListAndApply[*v1alpha1.ScrapeConfig, *v1alpha1.ScrapeConfigList, *monitoringv1alpha1.ScrapeConfigApplyConfiguration]( + "scrapeconfigs", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.ScrapeConfig { return &v1alpha1.ScrapeConfig{} }, + func() *v1alpha1.ScrapeConfigList { return &v1alpha1.ScrapeConfigList{} }), } } - -// Get takes name of the scrapeConfig, and returns the corresponding scrapeConfig object, and an error if there is any. -func (c *scrapeConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ScrapeConfig, err error) { - result = &v1alpha1.ScrapeConfig{} - err = c.client.Get(). - Namespace(c.ns). - Resource("scrapeconfigs"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of ScrapeConfigs that match those selectors. -func (c *scrapeConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ScrapeConfigList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.ScrapeConfigList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("scrapeconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested scrapeConfigs. -func (c *scrapeConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("scrapeconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a scrapeConfig and creates it. Returns the server's representation of the scrapeConfig, and an error, if there is any. -func (c *scrapeConfigs) Create(ctx context.Context, scrapeConfig *v1alpha1.ScrapeConfig, opts v1.CreateOptions) (result *v1alpha1.ScrapeConfig, err error) { - result = &v1alpha1.ScrapeConfig{} - err = c.client.Post(). - Namespace(c.ns). - Resource("scrapeconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(scrapeConfig). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a scrapeConfig and updates it. Returns the server's representation of the scrapeConfig, and an error, if there is any. -func (c *scrapeConfigs) Update(ctx context.Context, scrapeConfig *v1alpha1.ScrapeConfig, opts v1.UpdateOptions) (result *v1alpha1.ScrapeConfig, err error) { - result = &v1alpha1.ScrapeConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("scrapeconfigs"). - Name(scrapeConfig.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(scrapeConfig). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the scrapeConfig and deletes it. Returns an error if one occurs. -func (c *scrapeConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("scrapeconfigs"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *scrapeConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("scrapeconfigs"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched scrapeConfig. -func (c *scrapeConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ScrapeConfig, err error) { - result = &v1alpha1.ScrapeConfig{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("scrapeconfigs"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - -// Apply takes the given apply declarative configuration, applies it and returns the applied scrapeConfig. -func (c *scrapeConfigs) Apply(ctx context.Context, scrapeConfig *monitoringv1alpha1.ScrapeConfigApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.ScrapeConfig, err error) { - if scrapeConfig == nil { - return nil, fmt.Errorf("scrapeConfig provided to Apply must not be nil") - } - patchOpts := opts.ToPatchOptions() - data, err := json.Marshal(scrapeConfig) - if err != nil { - return nil, err - } - name := scrapeConfig.Name - if name == nil { - return nil, fmt.Errorf("scrapeConfig.Name must be provided to Apply") - } - result = &v1alpha1.ScrapeConfig{} - err = c.client.Patch(types.ApplyPatchType). - Namespace(c.ns). - Resource("scrapeconfigs"). - Name(*name). - VersionedParams(&patchOpts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/client/versioned/typed/monitoring/v1beta1/alertmanagerconfig.go b/pkg/client/versioned/typed/monitoring/v1beta1/alertmanagerconfig.go index c807dfb3e87..086a70d8649 100644 --- a/pkg/client/versioned/typed/monitoring/v1beta1/alertmanagerconfig.go +++ b/pkg/client/versioned/typed/monitoring/v1beta1/alertmanagerconfig.go @@ -18,9 +18,6 @@ package v1beta1 import ( "context" - json "encoding/json" - "fmt" - "time" v1beta1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1beta1" monitoringv1beta1 "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1beta1" @@ -28,7 +25,7 @@ import ( v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // AlertmanagerConfigsGetter has a method to return a AlertmanagerConfigInterface. @@ -53,154 +50,18 @@ type AlertmanagerConfigInterface interface { // alertmanagerConfigs implements AlertmanagerConfigInterface type alertmanagerConfigs struct { - client rest.Interface - ns string + *gentype.ClientWithListAndApply[*v1beta1.AlertmanagerConfig, *v1beta1.AlertmanagerConfigList, *monitoringv1beta1.AlertmanagerConfigApplyConfiguration] } // newAlertmanagerConfigs returns a AlertmanagerConfigs func newAlertmanagerConfigs(c *MonitoringV1beta1Client, namespace string) *alertmanagerConfigs { return &alertmanagerConfigs{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithListAndApply[*v1beta1.AlertmanagerConfig, *v1beta1.AlertmanagerConfigList, *monitoringv1beta1.AlertmanagerConfigApplyConfiguration]( + "alertmanagerconfigs", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1beta1.AlertmanagerConfig { return &v1beta1.AlertmanagerConfig{} }, + func() *v1beta1.AlertmanagerConfigList { return &v1beta1.AlertmanagerConfigList{} }), } } - -// Get takes name of the alertmanagerConfig, and returns the corresponding alertmanagerConfig object, and an error if there is any. -func (c *alertmanagerConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.AlertmanagerConfig, err error) { - result = &v1beta1.AlertmanagerConfig{} - err = c.client.Get(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of AlertmanagerConfigs that match those selectors. -func (c *alertmanagerConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.AlertmanagerConfigList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1beta1.AlertmanagerConfigList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested alertmanagerConfigs. -func (c *alertmanagerConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a alertmanagerConfig and creates it. Returns the server's representation of the alertmanagerConfig, and an error, if there is any. -func (c *alertmanagerConfigs) Create(ctx context.Context, alertmanagerConfig *v1beta1.AlertmanagerConfig, opts v1.CreateOptions) (result *v1beta1.AlertmanagerConfig, err error) { - result = &v1beta1.AlertmanagerConfig{} - err = c.client.Post(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(alertmanagerConfig). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a alertmanagerConfig and updates it. Returns the server's representation of the alertmanagerConfig, and an error, if there is any. -func (c *alertmanagerConfigs) Update(ctx context.Context, alertmanagerConfig *v1beta1.AlertmanagerConfig, opts v1.UpdateOptions) (result *v1beta1.AlertmanagerConfig, err error) { - result = &v1beta1.AlertmanagerConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - Name(alertmanagerConfig.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(alertmanagerConfig). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the alertmanagerConfig and deletes it. Returns an error if one occurs. -func (c *alertmanagerConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *alertmanagerConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched alertmanagerConfig. -func (c *alertmanagerConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.AlertmanagerConfig, err error) { - result = &v1beta1.AlertmanagerConfig{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} - -// Apply takes the given apply declarative configuration, applies it and returns the applied alertmanagerConfig. -func (c *alertmanagerConfigs) Apply(ctx context.Context, alertmanagerConfig *monitoringv1beta1.AlertmanagerConfigApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.AlertmanagerConfig, err error) { - if alertmanagerConfig == nil { - return nil, fmt.Errorf("alertmanagerConfig provided to Apply must not be nil") - } - patchOpts := opts.ToPatchOptions() - data, err := json.Marshal(alertmanagerConfig) - if err != nil { - return nil, err - } - name := alertmanagerConfig.Name - if name == nil { - return nil, fmt.Errorf("alertmanagerConfig.Name must be provided to Apply") - } - result = &v1beta1.AlertmanagerConfig{} - err = c.client.Patch(types.ApplyPatchType). - Namespace(c.ns). - Resource("alertmanagerconfigs"). - Name(*name). - VersionedParams(&patchOpts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/client/versioned/typed/monitoring/v1beta1/fake/fake_alertmanagerconfig.go b/pkg/client/versioned/typed/monitoring/v1beta1/fake/fake_alertmanagerconfig.go index f7778366bdd..c34a427afdc 100644 --- a/pkg/client/versioned/typed/monitoring/v1beta1/fake/fake_alertmanagerconfig.go +++ b/pkg/client/versioned/typed/monitoring/v1beta1/fake/fake_alertmanagerconfig.go @@ -42,22 +42,24 @@ var alertmanagerconfigsKind = v1beta1.SchemeGroupVersion.WithKind("AlertmanagerC // Get takes name of the alertmanagerConfig, and returns the corresponding alertmanagerConfig object, and an error if there is any. func (c *FakeAlertmanagerConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.AlertmanagerConfig, err error) { + emptyResult := &v1beta1.AlertmanagerConfig{} obj, err := c.Fake. - Invokes(testing.NewGetAction(alertmanagerconfigsResource, c.ns, name), &v1beta1.AlertmanagerConfig{}) + Invokes(testing.NewGetActionWithOptions(alertmanagerconfigsResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1beta1.AlertmanagerConfig), err } // List takes label and field selectors, and returns the list of AlertmanagerConfigs that match those selectors. func (c *FakeAlertmanagerConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.AlertmanagerConfigList, err error) { + emptyResult := &v1beta1.AlertmanagerConfigList{} obj, err := c.Fake. - Invokes(testing.NewListAction(alertmanagerconfigsResource, alertmanagerconfigsKind, c.ns, opts), &v1beta1.AlertmanagerConfigList{}) + Invokes(testing.NewListActionWithOptions(alertmanagerconfigsResource, alertmanagerconfigsKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -76,28 +78,30 @@ func (c *FakeAlertmanagerConfigs) List(ctx context.Context, opts v1.ListOptions) // Watch returns a watch.Interface that watches the requested alertmanagerConfigs. func (c *FakeAlertmanagerConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(alertmanagerconfigsResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(alertmanagerconfigsResource, c.ns, opts)) } // Create takes the representation of a alertmanagerConfig and creates it. Returns the server's representation of the alertmanagerConfig, and an error, if there is any. func (c *FakeAlertmanagerConfigs) Create(ctx context.Context, alertmanagerConfig *v1beta1.AlertmanagerConfig, opts v1.CreateOptions) (result *v1beta1.AlertmanagerConfig, err error) { + emptyResult := &v1beta1.AlertmanagerConfig{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(alertmanagerconfigsResource, c.ns, alertmanagerConfig), &v1beta1.AlertmanagerConfig{}) + Invokes(testing.NewCreateActionWithOptions(alertmanagerconfigsResource, c.ns, alertmanagerConfig, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1beta1.AlertmanagerConfig), err } // Update takes the representation of a alertmanagerConfig and updates it. Returns the server's representation of the alertmanagerConfig, and an error, if there is any. func (c *FakeAlertmanagerConfigs) Update(ctx context.Context, alertmanagerConfig *v1beta1.AlertmanagerConfig, opts v1.UpdateOptions) (result *v1beta1.AlertmanagerConfig, err error) { + emptyResult := &v1beta1.AlertmanagerConfig{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(alertmanagerconfigsResource, c.ns, alertmanagerConfig), &v1beta1.AlertmanagerConfig{}) + Invokes(testing.NewUpdateActionWithOptions(alertmanagerconfigsResource, c.ns, alertmanagerConfig, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1beta1.AlertmanagerConfig), err } @@ -112,7 +116,7 @@ func (c *FakeAlertmanagerConfigs) Delete(ctx context.Context, name string, opts // DeleteCollection deletes a collection of objects. func (c *FakeAlertmanagerConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(alertmanagerconfigsResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(alertmanagerconfigsResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1beta1.AlertmanagerConfigList{}) return err @@ -120,11 +124,12 @@ func (c *FakeAlertmanagerConfigs) DeleteCollection(ctx context.Context, opts v1. // Patch applies the patch and returns the patched alertmanagerConfig. func (c *FakeAlertmanagerConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.AlertmanagerConfig, err error) { + emptyResult := &v1beta1.AlertmanagerConfig{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(alertmanagerconfigsResource, c.ns, name, pt, data, subresources...), &v1beta1.AlertmanagerConfig{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(alertmanagerconfigsResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1beta1.AlertmanagerConfig), err } @@ -142,11 +147,12 @@ func (c *FakeAlertmanagerConfigs) Apply(ctx context.Context, alertmanagerConfig if name == nil { return nil, fmt.Errorf("alertmanagerConfig.Name must be provided to Apply") } + emptyResult := &v1beta1.AlertmanagerConfig{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(alertmanagerconfigsResource, c.ns, *name, types.ApplyPatchType, data), &v1beta1.AlertmanagerConfig{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(alertmanagerconfigsResource, c.ns, *name, types.ApplyPatchType, data, opts.ToPatchOptions()), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1beta1.AlertmanagerConfig), err } diff --git a/pkg/k8sutil/k8sutil.go b/pkg/k8sutil/k8sutil.go index 1312c5d626b..e8f563e73fe 100644 --- a/pkg/k8sutil/k8sutil.go +++ b/pkg/k8sutil/k8sutil.go @@ -29,6 +29,7 @@ import ( appsv1 "k8s.io/api/apps/v1" authv1 "k8s.io/api/authorization/v1" v1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" apiequality "k8s.io/apimachinery/pkg/api/equality" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -40,6 +41,7 @@ import ( clientappsv1 "k8s.io/client-go/kubernetes/typed/apps/v1" clientauthv1 "k8s.io/client-go/kubernetes/typed/authorization/v1" clientv1 "k8s.io/client-go/kubernetes/typed/core/v1" + clientdiscoveryv1 "k8s.io/client-go/kubernetes/typed/discovery/v1" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/util/retry" @@ -229,16 +231,18 @@ func IsResourceNotFoundError(err error) bool { return false } -func CreateOrUpdateService(ctx context.Context, sclient clientv1.ServiceInterface, svc *v1.Service) error { +func CreateOrUpdateService(ctx context.Context, sclient clientv1.ServiceInterface, svc *v1.Service) (*v1.Service, error) { + var ret *v1.Service + // As stated in the RetryOnConflict's documentation, the returned error shouldn't be wrapped. - return retry.RetryOnConflict(retry.DefaultRetry, func() error { + err := retry.RetryOnConflict(retry.DefaultRetry, func() error { service, err := sclient.Get(ctx, svc.Name, metav1.GetOptions{}) if err != nil { if !apierrors.IsNotFound(err) { return err } - _, err = sclient.Create(ctx, svc, metav1.CreateOptions{}) + ret, err = sclient.Create(ctx, svc, metav1.CreateOptions{}) return err } @@ -251,9 +255,11 @@ func CreateOrUpdateService(ctx context.Context, sclient clientv1.ServiceInterfac svc.SetOwnerReferences(mergeOwnerReferences(service.GetOwnerReferences(), svc.GetOwnerReferences())) mergeMetadata(&svc.ObjectMeta, service.ObjectMeta) - _, err = sclient.Update(ctx, svc, metav1.UpdateOptions{}) + ret, err = sclient.Update(ctx, svc, metav1.UpdateOptions{}) return err }) + + return ret, err } func CreateOrUpdateEndpoints(ctx context.Context, eclient clientv1.EndpointsInterface, eps *v1.Endpoints) error { @@ -276,6 +282,31 @@ func CreateOrUpdateEndpoints(ctx context.Context, eclient clientv1.EndpointsInte }) } +func CreateOrUpdateEndpointSlice(ctx context.Context, c clientdiscoveryv1.EndpointSliceInterface, eps *discoveryv1.EndpointSlice) error { + // As stated in the RetryOnConflict's documentation, the returned error shouldn't be wrapped. + return retry.RetryOnConflict(retry.DefaultRetry, func() error { + if eps.Name == "" { + _, err := c.Create(ctx, eps, metav1.CreateOptions{}) + return err + } + + endpoints, err := c.Get(ctx, eps.Name, metav1.GetOptions{}) + if err != nil { + if !apierrors.IsNotFound(err) { + return err + } + + _, err = c.Create(ctx, eps, metav1.CreateOptions{}) + return err + } + + mergeMetadata(&eps.ObjectMeta, endpoints.ObjectMeta) + + _, err = c.Update(ctx, eps, metav1.UpdateOptions{}) + return err + }) +} + // UpdateStatefulSet merges metadata of existing StatefulSet with new one and updates it. func UpdateStatefulSet(ctx context.Context, sstClient clientappsv1.StatefulSetInterface, sset *appsv1.StatefulSet) error { // As stated in the RetryOnConflict's documentation, the returned error shouldn't be wrapped. @@ -294,6 +325,24 @@ func UpdateStatefulSet(ctx context.Context, sstClient clientappsv1.StatefulSetIn }) } +// UpdateDaemonSet merges metadata of existing DaemonSet with new one and updates it. +func UpdateDaemonSet(ctx context.Context, dmsClient clientappsv1.DaemonSetInterface, dset *appsv1.DaemonSet) error { + // As stated in the RetryOnConflict's documentation, the returned error shouldn't be wrapped. + return retry.RetryOnConflict(retry.DefaultRetry, func() error { + existingDset, err := dmsClient.Get(ctx, dset.Name, metav1.GetOptions{}) + if err != nil { + return err + } + + mergeMetadata(&dset.ObjectMeta, existingDset.ObjectMeta) + // Propagate annotations set by kubectl on spec.template.annotations. e.g performing a rolling restart. + mergeKubectlAnnotations(&existingDset.Spec.Template.ObjectMeta, dset.Spec.Template.ObjectMeta) + + _, err = dmsClient.Update(ctx, dset, metav1.UpdateOptions{}) + return err + }) +} + // CreateOrUpdateSecret merges metadata of existing Secret with new one and updates it. func CreateOrUpdateSecret(ctx context.Context, secretClient clientv1.SecretInterface, desired *v1.Secret) error { // As stated in the RetryOnConflict's documentation, the returned error shouldn't be wrapped. @@ -489,3 +538,31 @@ func mergeMapsByPrefix(from map[string]string, to map[string]string, prefix stri return to } + +func UpdateDNSConfig(podSpec *v1.PodSpec, config *monitoringv1.PodDNSConfig) { + if config == nil { + return + } + + dnsConfig := v1.PodDNSConfig{ + Nameservers: config.Nameservers, + Searches: config.Searches, + } + + for _, opt := range config.Options { + dnsConfig.Options = append(dnsConfig.Options, v1.PodDNSConfigOption{ + Name: opt.Name, + Value: opt.Value, + }) + } + + podSpec.DNSConfig = &dnsConfig +} + +func UpdateDNSPolicy(podSpec *v1.PodSpec, dnsPolicy *monitoringv1.DNSPolicy) { + if dnsPolicy == nil { + return + } + + podSpec.DNSPolicy = v1.DNSPolicy(*dnsPolicy) +} diff --git a/pkg/k8sutil/k8sutil_test.go b/pkg/k8sutil/k8sutil_test.go index 771fc2439de..62a01159bfd 100644 --- a/pkg/k8sutil/k8sutil_test.go +++ b/pkg/k8sutil/k8sutil_test.go @@ -23,9 +23,13 @@ import ( "github.com/stretchr/testify/require" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/validation" "k8s.io/client-go/kubernetes/fake" + "k8s.io/utils/ptr" + + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" ) func TestUniqueVolumeName(t *testing.T) { @@ -315,7 +319,7 @@ func TestMergeMetadata(t *testing.T) { _, err := svcClient.Update(context.Background(), modifiedSvc, metav1.UpdateOptions{}) require.NoError(t, err) - err = CreateOrUpdateService(context.Background(), svcClient, service) + _, err = CreateOrUpdateService(context.Background(), svcClient, service) require.NoError(t, err) updatedSvc, err := svcClient.Get(context.Background(), "prometheus-operated", metav1.GetOptions{}) @@ -504,7 +508,8 @@ func TestCreateOrUpdateImmutableFields(t *testing.T) { Status: corev1.ServiceStatus{}, } - require.NoError(t, CreateOrUpdateService(context.TODO(), svcClient, modifiedSvc)) + _, err := CreateOrUpdateService(context.TODO(), svcClient, modifiedSvc) + require.NoError(t, err) require.Equal(t, service.Spec.IPFamilies, modifiedSvc.Spec.IPFamilies, "services Spec.IPFamilies are not equal, expected %q, got %q", service.Spec.IPFamilies, modifiedSvc.Spec.IPFamilies) @@ -519,3 +524,34 @@ func TestCreateOrUpdateImmutableFields(t *testing.T) { service.Spec.IPFamilyPolicy, modifiedSvc.Spec.IPFamilyPolicy) }) } + +func TestConvertToK8sDNSConfig(t *testing.T) { + monitoringDNSConfig := &monitoringv1.PodDNSConfig{ + Nameservers: []string{"8.8.8.8", "8.8.4.4"}, + Searches: []string{"custom.search"}, + Options: []monitoringv1.PodDNSConfigOption{ + { + Name: "ndots", + Value: ptr.To("5"), + }, + { + Name: "timeout", + Value: ptr.To("1"), + }, + }, + } + + var spec v1.PodSpec + UpdateDNSConfig(&spec, monitoringDNSConfig) + + // Verify the conversion matches the original content + require.Equal(t, monitoringDNSConfig.Nameservers, spec.DNSConfig.Nameservers, "expected nameservers to match") + require.Equal(t, monitoringDNSConfig.Searches, spec.DNSConfig.Searches, "expected searches to match") + + // Check if DNSConfig options match + require.Equal(t, len(monitoringDNSConfig.Options), len(spec.DNSConfig.Options), "expected options length to match") + for i, opt := range monitoringDNSConfig.Options { + require.Equal(t, opt.Name, spec.DNSConfig.Options[i].Name, "expected option names to match") + require.Equal(t, opt.Value, spec.DNSConfig.Options[i].Value, "expected option values to match") + } +} diff --git a/pkg/k8sutil/secrets.go b/pkg/k8sutil/secrets.go index 2a8e2bc1c39..6bf20f7279c 100644 --- a/pkg/k8sutil/secrets.go +++ b/pkg/k8sutil/secrets.go @@ -17,9 +17,8 @@ package k8sutil import ( "context" "fmt" + "log/slog" - "github.com/go-kit/log" - "github.com/go-kit/log/level" v1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -30,7 +29,7 @@ import ( // LoadSecretRef returns the data from a secret key reference. // If the reference is set as optional and the secret or key isn't found, the // function returns no error. -func LoadSecretRef(ctx context.Context, logger log.Logger, client clientv1.SecretInterface, sks *v1.SecretKeySelector) ([]byte, error) { +func LoadSecretRef(ctx context.Context, logger *slog.Logger, client clientv1.SecretInterface, sks *v1.SecretKeySelector) ([]byte, error) { if sks == nil { return nil, nil } @@ -41,7 +40,7 @@ func LoadSecretRef(ctx context.Context, logger log.Logger, client clientv1.Secre secret, err := client.Get(ctx, sks.Name, metav1.GetOptions{}) if err != nil { if apierrors.IsNotFound(err) && optional { - level.Debug(logger).Log("msg", fmt.Sprintf("secret %v could not be found", sks.Name)) + logger.Debug(fmt.Sprintf("secret %v could not be found", sks.Name)) return nil, nil } @@ -51,7 +50,7 @@ func LoadSecretRef(ctx context.Context, logger log.Logger, client clientv1.Secre b, found := secret.Data[sks.Key] if !found { if optional { - level.Debug(logger).Log("msg", fmt.Sprintf("secret %v could not be found", sks.Name)) + logger.Debug(fmt.Sprintf("secret %v could not be found", sks.Name)) return nil, nil } diff --git a/pkg/k8sutil/secrets_test.go b/pkg/k8sutil/secrets_test.go index 13e34095df4..ddfa99e5cb6 100644 --- a/pkg/k8sutil/secrets_test.go +++ b/pkg/k8sutil/secrets_test.go @@ -16,9 +16,11 @@ package k8sutil import ( "context" + "log/slog" + "math" + "os" "testing" - "github.com/go-kit/log" "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" @@ -39,7 +41,12 @@ func TestLoadSecretRef(t *testing.T) { } sClient := fake.NewSimpleClientset(secret).CoreV1().Secrets("ns") - logger := log.NewNopLogger() + logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + // slog level math.MaxInt means no logging + // We would like to use the slog buil-in No-op level once it is available + // More: https://github.com/golang/go/issues/62005 + Level: slog.Level(math.MaxInt), + })) for _, tc := range []struct { name string diff --git a/pkg/kubelet/controller.go b/pkg/kubelet/controller.go index 98058c6613c..982ce4d046c 100644 --- a/pkg/kubelet/controller.go +++ b/pkg/kubelet/controller.go @@ -17,31 +17,49 @@ package kubelet import ( "context" "fmt" + "log/slog" + "net" + "slices" "strings" "time" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/prometheus/client_golang/prometheus" v1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/kubernetes" - "k8s.io/client-go/rest" + "k8s.io/utils/ptr" "github.com/prometheus-operator/prometheus-operator/pkg/k8sutil" "github.com/prometheus-operator/prometheus-operator/pkg/operator" ) -const resyncPeriod = 3 * time.Minute +const ( + resyncPeriod = 3 * time.Minute + + maxEndpointsPerSlice = 512 + + endpointsLabel = "endpoints" + endpointSliceLabel = "endpointslice" + + httpsPort = int32(10250) + httpsPortName = "https-metrics" + httpPort = int32(10255) + httpPortName = "http-metrics" + cAdvisorPort = int32(4194) + cAdvisorPortName = "cadvisor" +) type Controller struct { - logger log.Logger + logger *slog.Logger kclient kubernetes.Interface nodeAddressLookupErrors prometheus.Counter - nodeEndpointSyncs prometheus.Counter - nodeEndpointSyncErrors prometheus.Counter + nodeEndpointSyncs *prometheus.CounterVec + nodeEndpointSyncErrors *prometheus.CounterVec kubeletObjectName string kubeletObjectNamespace string @@ -50,71 +68,148 @@ type Controller struct { annotations operator.Map labels operator.Map - nodeAddressPriority string + nodeAddressPriority string + maxEndpointsPerSlice int + + manageEndpointSlice bool + manageEndpoints bool +} + +type ControllerOption func(*Controller) + +func WithEndpointSlice() ControllerOption { + return func(c *Controller) { + c.manageEndpointSlice = true + } +} + +func WithMaxEndpointsPerSlice(v int) ControllerOption { + return func(c *Controller) { + c.maxEndpointsPerSlice = v + } +} + +func WithEndpoints() ControllerOption { + return func(c *Controller) { + c.manageEndpoints = true + } +} + +func WithNodeAddressPriority(s string) ControllerOption { + return func(c *Controller) { + c.nodeAddressPriority = s + } } func New( - logger log.Logger, - restConfig *rest.Config, + logger *slog.Logger, + kclient kubernetes.Interface, r prometheus.Registerer, - kubeletObject string, + kubeletServiceName string, + kubeletServiceNamespace string, kubeletSelector operator.LabelSelector, commonAnnotations operator.Map, commonLabels operator.Map, - nodeAddressPriority operator.NodeAddressPriority, + opts ...ControllerOption, ) (*Controller, error) { - client, err := kubernetes.NewForConfig(restConfig) - if err != nil { - return nil, fmt.Errorf("instantiating kubernetes client failed: %w", err) - } - c := &Controller{ - kclient: client, + kclient: kclient, nodeAddressLookupErrors: prometheus.NewCounter(prometheus.CounterOpts{ Name: "prometheus_operator_node_address_lookup_errors_total", Help: "Number of times a node IP address could not be determined", }), - nodeEndpointSyncs: prometheus.NewCounter(prometheus.CounterOpts{ - Name: "prometheus_operator_node_syncs_total", - Help: "Number of node endpoints synchronisations", - }), - nodeEndpointSyncErrors: prometheus.NewCounter(prometheus.CounterOpts{ - Name: "prometheus_operator_node_syncs_failed_total", - Help: "Number of node endpoints synchronisation failures", - }), + nodeEndpointSyncs: prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "prometheus_operator_node_syncs_total", + Help: "Total number of synchronisations for the given resource", + }, + []string{"resource"}, + ), + nodeEndpointSyncErrors: prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "prometheus_operator_node_syncs_failed_total", + Help: "Total number of failed synchronisations for the given resource", + }, + []string{"resource"}, + ), - kubeletSelector: kubeletSelector.String(), + kubeletObjectName: kubeletServiceName, + kubeletObjectNamespace: kubeletServiceNamespace, + kubeletSelector: kubeletSelector.String(), + maxEndpointsPerSlice: maxEndpointsPerSlice, annotations: commonAnnotations, labels: commonLabels, + } + + for _, opt := range opts { + opt(c) + } + + if !c.manageEndpoints && !c.manageEndpointSlice { + return nil, fmt.Errorf("at least one of endpoints or endpointslice needs to be enabled") + } - nodeAddressPriority: nodeAddressPriority.String(), + for _, v := range []string{ + endpointsLabel, + endpointSliceLabel, + } { + c.nodeEndpointSyncs.WithLabelValues(v) + c.nodeEndpointSyncErrors.WithLabelValues(v) } + if r == nil { + r = prometheus.NewRegistry() + } r.MustRegister( c.nodeAddressLookupErrors, c.nodeEndpointSyncs, c.nodeEndpointSyncErrors, + prometheus.NewGaugeFunc( + prometheus.GaugeOpts{ + Name: "prometheus_operator_kubelet_managed_resource", + Help: "", + ConstLabels: prometheus.Labels{ + "resource": endpointsLabel, + }, + }, + func() float64 { + if c.manageEndpoints { + return 1.0 + } + return 0.0 + }, + ), + prometheus.NewGaugeFunc( + prometheus.GaugeOpts{ + Name: "prometheus_operator_kubelet_managed_resource", + Help: "", + ConstLabels: prometheus.Labels{ + "resource": endpointSliceLabel, + }, + }, + func() float64 { + if c.manageEndpointSlice { + return 1.0 + } + return 0.0 + }, + ), ) - parts := strings.Split(kubeletObject, "/") - if len(parts) != 2 { - return nil, fmt.Errorf("malformatted kubelet object string %q, must be in format \"namespace/name\"", kubeletObject) - } - c.kubeletObjectNamespace = parts[0] - c.kubeletObjectName = parts[1] - - c.logger = log.With(logger, "kubelet_object", kubeletObject) + c.logger = logger.With("kubelet_object", fmt.Sprintf("%s/%s", c.kubeletObjectNamespace, c.kubeletObjectName)) return c, nil } func (c *Controller) Run(ctx context.Context) error { + c.logger.Info("Starting controller") + ticker := time.NewTicker(resyncPeriod) defer ticker.Stop() for { - c.syncNodeEndpointsWithLogError(ctx) + c.sync(ctx) select { case <-ctx.Done(): @@ -155,42 +250,167 @@ func (c *Controller) nodeAddress(node v1.Node) (string, map[v1.NodeAddressType][ return "", m, fmt.Errorf("host address unknown") } -func (c *Controller) getNodeAddresses(nodes *v1.NodeList) ([]v1.EndpointAddress, []error) { - addresses := make([]v1.EndpointAddress, 0) - errs := make([]error, 0) +// nodeReadyConditionKnown checks the node for a known Ready condition. If the +// condition is Unknown then that node's kubelet has not recently sent any node +// status, so we should not add this node to the kubelet endpoint and scrape +// it. +func nodeReadyConditionKnown(node v1.Node) bool { + for _, c := range node.Status.Conditions { + if c.Type == v1.NodeReady && c.Status != v1.ConditionUnknown { + return true + } + } + return false +} + +type nodeAddress struct { + apiVersion string + ipAddress string + name string + uid types.UID + ipv4 bool + ready bool +} + +func (na *nodeAddress) discoveryV1Endpoint() discoveryv1.Endpoint { + return discoveryv1.Endpoint{ + Addresses: []string{na.ipAddress}, + Conditions: discoveryv1.EndpointConditions{ + Ready: ptr.To(true), + }, + NodeName: ptr.To(na.name), + TargetRef: &v1.ObjectReference{ + Kind: "Node", + Name: na.name, + UID: na.uid, + APIVersion: na.apiVersion, + }, + } +} - for _, n := range nodes.Items { +func (na *nodeAddress) v1EndpointAddress() v1.EndpointAddress { + return v1.EndpointAddress{ + IP: na.ipAddress, + NodeName: ptr.To(na.name), + TargetRef: &v1.ObjectReference{ + Kind: "Node", + Name: na.name, + UID: na.uid, + APIVersion: na.apiVersion, + }, + } +} + +func (c *Controller) getNodeAddresses(nodes []v1.Node) ([]nodeAddress, []error) { + var ( + addresses = make([]nodeAddress, 0, len(nodes)) + readyKnownNodes = map[string]string{} + readyUnknownNodes = map[string]string{} + + errs []error + ) + + for _, n := range nodes { address, _, err := c.nodeAddress(n) if err != nil { - errs = append(errs, fmt.Errorf("failed to determine hostname for node (%s): %w", n.Name, err)) + errs = append(errs, fmt.Errorf("failed to determine hostname for node %q (priority: %s): %w", n.Name, c.nodeAddressPriority, err)) continue } - addresses = append(addresses, v1.EndpointAddress{ - IP: address, - TargetRef: &v1.ObjectReference{ - Kind: "Node", - Name: n.Name, - UID: n.UID, - APIVersion: n.APIVersion, - }, - }) + + ip := net.ParseIP(address) + if ip == nil { + errs = append(errs, fmt.Errorf("failed to parse IP address %q for node %q (priority: %s): %w", address, n.Name, c.nodeAddressPriority, err)) + continue + } + + na := nodeAddress{ + ipAddress: address, + name: n.Name, + uid: n.UID, + apiVersion: n.APIVersion, + ipv4: ip.To4() != nil, + ready: nodeReadyConditionKnown(n), + } + addresses = append(addresses, na) + + if !na.ready { + c.logger.Info("Node Ready condition is Unknown", "node", n.GetName()) + readyUnknownNodes[address] = n.Name + continue + } + + readyKnownNodes[address] = n.Name } - return addresses, errs + // We want to remove any nodes that have an unknown ready state *and* a + // duplicate IP address. If this is the case, we want to keep just the node + // with the duplicate IP address that has a known ready state. This also + // ensures that order of addresses are preserved. + addressesFinal := make([]nodeAddress, 0) + for _, address := range addresses { + knownNodeName, foundKnown := readyKnownNodes[address.ipAddress] + _, foundUnknown := readyUnknownNodes[address.ipAddress] + if foundKnown && foundUnknown && address.name != knownNodeName { + continue + } + + addressesFinal = append(addressesFinal, address) + } + + return addressesFinal, errs } -func (c *Controller) syncNodeEndpointsWithLogError(ctx context.Context) { - level.Debug(c.logger).Log("msg", "Synchronizing nodes") +func (c *Controller) sync(ctx context.Context) { + c.logger.Debug("Synchronizing nodes") + + //TODO(simonpasquier): add failed/attempted counters. + nodeList, err := c.kclient.CoreV1().Nodes().List(ctx, metav1.ListOptions{LabelSelector: c.kubeletSelector}) + if err != nil { + c.logger.Error("Failed to list nodes", "err", err) + return + } + + // Sort the nodes slice by their name. + nodes := nodeList.Items + slices.SortStableFunc(nodes, func(a, b v1.Node) int { + return strings.Compare(a.Name, b.Name) + }) + c.logger.Debug("Nodes retrieved from the Kubernetes API", "num_nodes", len(nodes)) + + addresses, errs := c.getNodeAddresses(nodes) + if len(errs) > 0 { + for _, err := range errs { + c.logger.Warn(err.Error()) + } + c.nodeAddressLookupErrors.Add(float64(len(errs))) + } + c.logger.Debug("Nodes converted to endpoint addresses", "num_addresses", len(addresses)) - c.nodeEndpointSyncs.Inc() - err := c.syncNodeEndpoints(ctx) + svc, err := c.syncService(ctx) if err != nil { - c.nodeEndpointSyncErrors.Inc() - level.Error(c.logger).Log("msg", "Failed to synchronize nodes", "err", err) + c.logger.Error("Failed to synchronize kubelet service", "err", err) + } + + if c.manageEndpoints { + c.nodeEndpointSyncs.WithLabelValues(endpointsLabel).Inc() + if err = c.syncEndpoints(ctx, addresses); err != nil { + c.nodeEndpointSyncErrors.WithLabelValues(endpointsLabel).Inc() + c.logger.Error("Failed to synchronize kubelet endpoints", "err", err) + } + } + + if c.manageEndpointSlice { + c.nodeEndpointSyncs.WithLabelValues(endpointSliceLabel).Inc() + if err = c.syncEndpointSlice(ctx, svc, addresses); err != nil { + c.nodeEndpointSyncErrors.WithLabelValues(endpointSliceLabel).Inc() + c.logger.Error("Failed to synchronize kubelet endpointslice", "err", err) + } } } -func (c *Controller) syncNodeEndpoints(ctx context.Context) error { +func (c *Controller) syncEndpoints(ctx context.Context, addresses []nodeAddress) error { + c.logger.Debug("Sync endpoints") + eps := &v1.Endpoints{ ObjectMeta: metav1.ObjectMeta{ Name: c.kubeletObjectName, @@ -203,41 +423,46 @@ func (c *Controller) syncNodeEndpoints(ctx context.Context) error { }, Subsets: []v1.EndpointSubset{ { + Addresses: make([]v1.EndpointAddress, len(addresses)), Ports: []v1.EndpointPort{ { - Name: "https-metrics", - Port: 10250, + Name: httpsPortName, + Port: httpsPort, }, { - Name: "http-metrics", - Port: 10255, + Name: httpPortName, + Port: httpPort, }, { - Name: "cadvisor", - Port: 4194, + Name: cAdvisorPortName, + Port: cAdvisorPort, }, }, }, }, } - nodes, err := c.kclient.CoreV1().Nodes().List(ctx, metav1.ListOptions{LabelSelector: c.kubeletSelector}) - if err != nil { - return fmt.Errorf("listing nodes failed: %w", err) + if c.manageEndpointSlice { + // Tell the endpointslice mirroring controller that it shouldn't manage + // the endpoints object since this controller is in charge. + eps.ObjectMeta.Labels[discoveryv1.LabelSkipMirror] = "true" } - level.Debug(c.logger).Log("msg", "Nodes retrieved from the Kubernetes API", "num_nodes", len(nodes.Items)) + for i, na := range addresses { + eps.Subsets[0].Addresses[i] = na.v1EndpointAddress() + } - addresses, errs := c.getNodeAddresses(nodes) - if len(errs) > 0 { - for _, err := range errs { - level.Warn(c.logger).Log("err", err) - } - c.nodeAddressLookupErrors.Add(float64(len(errs))) + c.logger.Debug("Updating Kubernetes endpoint") + err := k8sutil.CreateOrUpdateEndpoints(ctx, c.kclient.CoreV1().Endpoints(c.kubeletObjectNamespace), eps) + if err != nil { + return err } - level.Debug(c.logger).Log("msg", "Nodes converted to endpoint addresses", "num_addresses", len(addresses)) - eps.Subsets[0].Addresses = addresses + return nil +} + +func (c *Controller) syncService(ctx context.Context) (*v1.Service, error) { + c.logger.Debug("Sync service") svc := &v1.Service{ ObjectMeta: metav1.ObjectMeta{ @@ -251,35 +476,206 @@ func (c *Controller) syncNodeEndpoints(ctx context.Context) error { }, Spec: v1.ServiceSpec{ Type: v1.ServiceTypeClusterIP, - ClusterIP: "None", + ClusterIP: v1.ClusterIPNone, Ports: []v1.ServicePort{ { - Name: "https-metrics", - Port: 10250, + Name: httpsPortName, + Port: httpsPort, }, { - Name: "http-metrics", - Port: 10255, + Name: httpPortName, + Port: httpPort, }, { - Name: "cadvisor", - Port: 4194, + Name: cAdvisorPortName, + Port: cAdvisorPort, }, }, }, } - level.Debug(c.logger).Log("msg", "Updating Kubernetes service", "service") - err = k8sutil.CreateOrUpdateService(ctx, c.kclient.CoreV1().Services(c.kubeletObjectNamespace), svc) + c.logger.Debug("Updating Kubernetes service", "service", c.kubeletObjectName) + return k8sutil.CreateOrUpdateService(ctx, c.kclient.CoreV1().Services(c.kubeletObjectNamespace), svc) +} + +func (c *Controller) syncEndpointSlice(ctx context.Context, svc *v1.Service, addresses []nodeAddress) error { + c.logger.Debug("Sync endpointslice") + + // Get the list of endpointslice objects associated to the service. + client := c.kclient.DiscoveryV1().EndpointSlices(c.kubeletObjectNamespace) + l, err := client.List(ctx, metav1.ListOptions{ + LabelSelector: labels.Set{discoveryv1.LabelServiceName: c.kubeletObjectName}.String(), + }) if err != nil { - return fmt.Errorf("synchronizing kubelet service object failed: %w", err) + return fmt.Errorf("failed to list endpointslice: %w", err) } - level.Debug(c.logger).Log("msg", "Updating Kubernetes endpoint") - err = k8sutil.CreateOrUpdateEndpoints(ctx, c.kclient.CoreV1().Endpoints(c.kubeletObjectNamespace), eps) - if err != nil { - return fmt.Errorf("synchronizing kubelet endpoints object failed: %w", err) + epsl := []discoveryv1.EndpointSlice{} + if len(l.Items) > 0 { + epsl = l.Items + } + + nodeAddressIdx := make(map[string]nodeAddress, len(addresses)) + for _, a := range addresses { + nodeAddressIdx[a.ipAddress] = a + } + + // Iterate over the existing endpoints to update their state or remove them + // if the IP address isn't associated to a node anymore. + for i, eps := range epsl { + endpoints := make([]discoveryv1.Endpoint, 0, len(eps.Endpoints)) + for _, ep := range eps.Endpoints { + if len(ep.Addresses) != 1 { + c.logger.Warn("Got more than 1 address for the endpoint", "name", eps.Name, "num", len(ep.Addresses)) + continue + } + + a, found := nodeAddressIdx[ep.Addresses[0]] + if !found { + // The node doesn't exist anymore. + continue + } + + endpoints = append(endpoints, a.discoveryV1Endpoint()) + delete(nodeAddressIdx, a.ipAddress) + } + + epsl[i].Endpoints = endpoints + } + + // Append new nodes into the existing endpointslices. + for _, a := range addresses { + if _, found := nodeAddressIdx[a.ipAddress]; !found { + // Already processed. + continue + } + + for i := range epsl { + if a.ipv4 != (epsl[i].AddressType == discoveryv1.AddressTypeIPv4) { + // Not the same address type. + continue + } + + if len(epsl[i].Endpoints) >= c.maxEndpointsPerSlice { + // The endpoints slice is full. + continue + } + + epsl[i].Endpoints = append(epsl[i].Endpoints, a.discoveryV1Endpoint()) + delete(nodeAddressIdx, a.ipAddress) + + break + } + } + + // Create new endpointslice object(s) for the new nodes which couldn't be + // appended to the existing endpointslices. + var ( + ipv4Eps *discoveryv1.EndpointSlice + ipv6Eps *discoveryv1.EndpointSlice + ) + for _, a := range addresses { + if _, found := nodeAddressIdx[a.ipAddress]; !found { + // Already processed. + continue + } + + if ipv4Eps != nil && c.fullCapacity(ipv4Eps.Endpoints) { + epsl = append(epsl, *ipv4Eps) + ipv4Eps = nil + } + + if ipv6Eps != nil && c.fullCapacity(ipv6Eps.Endpoints) { + epsl = append(epsl, *ipv6Eps) + ipv6Eps = nil + } + + eps := ipv4Eps + if !a.ipv4 { + eps = ipv6Eps + } + + if eps == nil { + eps = &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: c.kubeletObjectName + "-", + Annotations: c.annotations, + Labels: c.labels.Merge(map[string]string{ + discoveryv1.LabelServiceName: c.kubeletObjectName, + discoveryv1.LabelManagedBy: "prometheus-operator", + "k8s-app": "kubelet", + "app.kubernetes.io/name": "kubelet", + "app.kubernetes.io/managed-by": "prometheus-operator", + }), + OwnerReferences: []metav1.OwnerReference{{ + APIVersion: "v1", + BlockOwnerDeletion: ptr.To(true), + Controller: ptr.To(true), + Kind: "Service", + Name: c.kubeletObjectName, + UID: svc.UID, + }, + }, + }, + Ports: []discoveryv1.EndpointPort{ + { + Name: ptr.To(httpsPortName), + Port: ptr.To(httpsPort), + }, + { + Name: ptr.To(httpPortName), + Port: ptr.To(httpPort), + }, + { + Name: ptr.To(cAdvisorPortName), + Port: ptr.To(cAdvisorPort), + }, + }, + } + + if a.ipv4 { + eps.AddressType = discoveryv1.AddressTypeIPv4 + ipv4Eps = eps + } else { + eps.AddressType = discoveryv1.AddressTypeIPv6 + ipv6Eps = eps + } + } + + eps.Endpoints = append(eps.Endpoints, a.discoveryV1Endpoint()) + delete(nodeAddressIdx, a.ipAddress) + } + + if ipv4Eps != nil { + epsl = append(epsl, *ipv4Eps) + } + + if ipv6Eps != nil { + epsl = append(epsl, *ipv6Eps) + } + + for _, eps := range epsl { + if len(eps.Endpoints) == 0 { + fmt.Println("delete") + c.logger.Debug("Deleting endpointslice object", "name", eps.Name) + err := client.Delete(ctx, eps.Name, metav1.DeleteOptions{}) + if err != nil { + return fmt.Errorf("failed to delete endpoinslice: %w", err) + } + + continue + } + + c.logger.Debug("Updating endpointslice object", "name", eps.Name) + err := k8sutil.CreateOrUpdateEndpointSlice(ctx, client, &eps) + if err != nil { + return fmt.Errorf("failed to update endpoinslice: %w", err) + } } return nil } + +func (c *Controller) fullCapacity(eps []discoveryv1.Endpoint) bool { + return len(eps) >= c.maxEndpointsPerSlice +} diff --git a/pkg/kubelet/controller_test.go b/pkg/kubelet/controller_test.go index 65dcc41ee06..3181b7604e7 100644 --- a/pkg/kubelet/controller_test.go +++ b/pkg/kubelet/controller_test.go @@ -15,34 +15,52 @@ package kubelet import ( + "context" + "fmt" + "log/slog" + "slices" + "strings" "testing" "github.com/stretchr/testify/require" v1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apiserver/pkg/storage/names" + "k8s.io/client-go/kubernetes/fake" + clientdiscoveryv1 "k8s.io/client-go/kubernetes/typed/discovery/v1" + ktesting "k8s.io/client-go/testing" + + logging "github.com/prometheus-operator/prometheus-operator/internal/log" ) func TestGetNodeAddresses(t *testing.T) { for _, c := range []struct { name string - nodes *v1.NodeList + nodes []v1.Node expectedAddresses []string expectedErrors int }{ { name: "simple", - nodes: &v1.NodeList{ - Items: []v1.Node{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "node-0", + nodes: []v1.Node{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "node-0", + }, + Status: v1.NodeStatus{ + Addresses: []v1.NodeAddress{ + { + Address: "10.0.0.1", + Type: v1.NodeInternalIP, + }, }, - Status: v1.NodeStatus{ - Addresses: []v1.NodeAddress{ - { - Address: "10.0.0.1", - Type: v1.NodeInternalIP, - }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionTrue, }, }, }, @@ -54,31 +72,41 @@ func TestGetNodeAddresses(t *testing.T) { { // Replicates #1815 name: "missing ip on one node", - nodes: &v1.NodeList{ - Items: []v1.Node{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "node-0", + nodes: []v1.Node{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "node-0", + }, + Status: v1.NodeStatus{ + Addresses: []v1.NodeAddress{ + { + Address: "node-0", + Type: v1.NodeHostName, + }, }, - Status: v1.NodeStatus{ - Addresses: []v1.NodeAddress{ - { - Address: "node-0", - Type: v1.NodeHostName, - }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionTrue, }, }, }, - { - ObjectMeta: metav1.ObjectMeta{ - Name: "node-1", + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "node-1", + }, + Status: v1.NodeStatus{ + Addresses: []v1.NodeAddress{ + { + Address: "10.0.0.1", + Type: v1.NodeInternalIP, + }, }, - Status: v1.NodeStatus{ - Addresses: []v1.NodeAddress{ - { - Address: "10.0.0.1", - Type: v1.NodeInternalIP, - }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionTrue, }, }, }, @@ -87,10 +115,139 @@ func TestGetNodeAddresses(t *testing.T) { expectedAddresses: []string{"10.0.0.1"}, expectedErrors: 1, }, + { + name: "not ready node unique ip", + nodes: []v1.Node{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "node-0", + }, + Status: v1.NodeStatus{ + Addresses: []v1.NodeAddress{ + { + Address: "10.0.0.1", + Type: v1.NodeInternalIP, + }, + }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionTrue, + }, + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "node-1", + }, + Status: v1.NodeStatus{ + Addresses: []v1.NodeAddress{ + { + Address: "10.0.0.2", + Type: v1.NodeInternalIP, + }, + }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionUnknown, + }, + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "node-2", + }, + Status: v1.NodeStatus{ + Addresses: []v1.NodeAddress{ + { + Address: "10.0.0.3", + Type: v1.NodeInternalIP, + }, + }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionFalse, + }, + }, + }, + }, + }, + expectedAddresses: []string{"10.0.0.1", "10.0.0.2", "10.0.0.3"}, + expectedErrors: 0, + }, + { + name: "not ready node duplicate ip", + nodes: []v1.Node{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "node-0", + }, + Status: v1.NodeStatus{ + Addresses: []v1.NodeAddress{ + { + Address: "10.0.0.1", + Type: v1.NodeInternalIP, + }, + }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionTrue, + }, + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "node-1", + }, + Status: v1.NodeStatus{ + Addresses: []v1.NodeAddress{ + { + Address: "10.0.0.1", + Type: v1.NodeInternalIP, + }, + }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionUnknown, + }, + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "node-2", + }, + Status: v1.NodeStatus{ + Addresses: []v1.NodeAddress{ + { + Address: "10.0.0.3", + Type: v1.NodeInternalIP, + }, + }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionFalse, + }, + }, + }, + }, + }, + expectedAddresses: []string{"10.0.0.1", "10.0.0.3"}, + expectedErrors: 0, + }, } { t.Run(c.name, func(t *testing.T) { controller := Controller{ nodeAddressPriority: "internal", + logger: newLogger(), } addrs, errs := controller.getNodeAddresses(c.nodes) @@ -101,39 +258,50 @@ func TestGetNodeAddresses(t *testing.T) { } func TestNodeAddressPriority(t *testing.T) { - nodes := &v1.NodeList{ - Items: []v1.Node{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "node-0", + nodes := []v1.Node{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "node-0", + }, + Status: v1.NodeStatus{ + Addresses: []v1.NodeAddress{ + { + Address: "192.168.0.100", + Type: v1.NodeInternalIP, + }, + { + Address: "203.0.113.100", + Type: v1.NodeExternalIP, + }, }, - Status: v1.NodeStatus{ - Addresses: []v1.NodeAddress{ - { - Address: "192.168.0.100", - Type: v1.NodeInternalIP, - }, - { - Address: "203.0.113.100", - Type: v1.NodeExternalIP, - }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionTrue, }, }, }, - { - ObjectMeta: metav1.ObjectMeta{ - Name: "node-1", + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "node-1", + Namespace: "abc", + }, + Status: v1.NodeStatus{ + Addresses: []v1.NodeAddress{ + { + Address: "104.27.131.189", + Type: v1.NodeExternalIP, + }, + { + Address: "192.168.1.100", + Type: v1.NodeInternalIP, + }, }, - Status: v1.NodeStatus{ - Addresses: []v1.NodeAddress{ - { - Address: "104.27.131.189", - Type: v1.NodeExternalIP, - }, - { - Address: "192.168.1.100", - Type: v1.NodeInternalIP, - }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionTrue, }, }, }, @@ -142,26 +310,277 @@ func TestNodeAddressPriority(t *testing.T) { internalC := Controller{ nodeAddressPriority: "internal", + logger: newLogger(), } actualAddresses, errs := internalC.getNodeAddresses(nodes) require.Empty(t, errs) expectedAddresses := []string{"192.168.0.100", "192.168.1.100"} checkNodeAddresses(t, actualAddresses, expectedAddresses) + checkNodeNames(t, actualAddresses, []string{"node-0", "node-1"}) externalC := Controller{ nodeAddressPriority: "external", + logger: newLogger(), } actualAddresses, errs = externalC.getNodeAddresses(nodes) require.Empty(t, errs) expectedAddresses = []string{"203.0.113.100", "104.27.131.189"} checkNodeAddresses(t, actualAddresses, expectedAddresses) + checkNodeNames(t, actualAddresses, []string{"node-0", "node-1"}) } -func checkNodeAddresses(t *testing.T, actualAddresses []v1.EndpointAddress, expectedAddresses []string) { - ips := make([]string, 0) +func checkNodeNames(t *testing.T, actualAddresses []nodeAddress, expectedNodeNames []string) { + names := make([]string, 0, len(actualAddresses)) for _, addr := range actualAddresses { - ips = append(ips, addr.IP) + names = append(names, addr.name) + } + require.Equal(t, expectedNodeNames, names) +} + +func checkNodeAddresses(t *testing.T, actualAddresses []nodeAddress, expectedAddresses []string) { + ips := make([]string, 0, len(actualAddresses)) + for _, addr := range actualAddresses { + ips = append(ips, addr.ipAddress) } require.Equal(t, expectedAddresses, ips) } + +func TestSync(t *testing.T) { + var ( + ctx = context.Background() + id = int32(0) + fakeClient = fake.NewClientset() + ) + + fakeClient.PrependReactor( + "create", "*", + func(action ktesting.Action) (handled bool, ret runtime.Object, err error) { + ret = action.(ktesting.CreateAction).GetObject() + meta, ok := ret.(metav1.Object) + if !ok { + return + } + + if meta.GetName() == "" && meta.GetGenerateName() != "" { + meta.SetName(names.SimpleNameGenerator.GenerateName(meta.GetGenerateName())) + meta.SetUID(types.UID(string('A' + id))) + id++ + } + + return + }, + ) + + c, err := New( + newLogger(), + fakeClient, + nil, + "kubelet", + "test", + "", + nil, + nil, + WithEndpoints(), WithEndpointSlice(), WithMaxEndpointsPerSlice(2), WithNodeAddressPriority("internal"), + ) + require.NoError(t, err) + + var ( + nclient = c.kclient.CoreV1().Nodes() + sclient = c.kclient.CoreV1().Services(c.kubeletObjectNamespace) + eclient = c.kclient.CoreV1().Endpoints(c.kubeletObjectNamespace) + esclient = c.kclient.DiscoveryV1().EndpointSlices(c.kubeletObjectNamespace) + ) + + t.Run("no nodes", func(t *testing.T) { + c.sync(ctx) + + svc, err := sclient.Get(ctx, c.kubeletObjectName, metav1.GetOptions{}) + require.NoError(t, err) + require.NotNil(t, svc) + + ep, err := eclient.Get(ctx, c.kubeletObjectName, metav1.GetOptions{}) + require.NoError(t, err) + require.Len(t, ep.Subsets, 1) + require.Empty(t, ep.Subsets[0].Addresses) + + _ = listEndpointSlices(t, esclient, 0) + }) + + t.Run("add 1 ipv4 node", func(t *testing.T) { + _, _ = nclient.Create(ctx, newNode("node-0", "10.0.0.1"), metav1.CreateOptions{}) + + c.sync(ctx) + + ep, err := eclient.Get(ctx, c.kubeletObjectName, metav1.GetOptions{}) + require.NoError(t, err) + require.Len(t, ep.Subsets, 1) + require.Len(t, ep.Subsets[0].Addresses, 1) + require.Equal(t, "10.0.0.1", ep.Subsets[0].Addresses[0].IP) + + eps := listEndpointSlices(t, esclient, 1) + require.Equal(t, discoveryv1.AddressType("IPv4"), eps[0].AddressType) + require.Len(t, eps[0].Endpoints, 1) + require.Len(t, eps[0].Endpoints[0].Addresses, 1) + require.Equal(t, "10.0.0.1", eps[0].Endpoints[0].Addresses[0]) + }) + + t.Run("add 4 IPv4 nodes and 1 IPv6 node", func(t *testing.T) { + for _, n := range [][2]string{ + {"node-1", "fc00:f853:ccd:e793::1"}, + {"node-2", "10.0.0.2"}, + {"node-3", "10.0.0.3"}, + {"node-4", "10.0.0.4"}, + {"node-5", "10.0.0.5"}, + } { + _, _ = nclient.Create(ctx, newNode(n[0], n[1]), metav1.CreateOptions{}) + } + + c.sync(ctx) + + ep, err := eclient.Get(ctx, c.kubeletObjectName, metav1.GetOptions{}) + require.NoError(t, err) + require.Len(t, ep.Subsets[0].Addresses, 6) + for i, a := range []string{ + "10.0.0.1", + "fc00:f853:ccd:e793::1", + "10.0.0.2", + "10.0.0.3", + "10.0.0.4", + "10.0.0.5", + } { + require.Equal(t, a, ep.Subsets[0].Addresses[i].IP) + } + + eps := listEndpointSlices(t, esclient, 4) + + i := 0 + for _, ep := range eps { + if ep.AddressType == discoveryv1.AddressType("IPv6") { + require.Len(t, ep.Endpoints, 1) + require.Len(t, ep.Endpoints[0].Addresses, 1) + require.Equal(t, "fc00:f853:ccd:e793::1", ep.Endpoints[0].Addresses[0]) + + continue + } + + switch i { + case 0: + require.Len(t, ep.Endpoints, 2) + require.Equal(t, "10.0.0.1", ep.Endpoints[0].Addresses[0]) + require.Equal(t, "10.0.0.2", ep.Endpoints[1].Addresses[0]) + case 1: + require.Len(t, ep.Endpoints, 2) + require.Equal(t, "10.0.0.3", ep.Endpoints[0].Addresses[0]) + require.Equal(t, "10.0.0.4", ep.Endpoints[1].Addresses[0]) + case 2: + require.Len(t, ep.Endpoints, 1) + require.Equal(t, "10.0.0.5", ep.Endpoints[0].Addresses[0]) + } + i++ + } + }) + + t.Run("delete 1 IPv4 node and 1 IPv6 node", func(t *testing.T) { + for _, n := range []string{"node-1", "node-3"} { + _ = nclient.Delete(ctx, n, metav1.DeleteOptions{}) + } + + c.sync(ctx) + + ep, err := eclient.Get(ctx, c.kubeletObjectName, metav1.GetOptions{}) + require.NoError(t, err) + require.Len(t, ep.Subsets[0].Addresses, 4) + for i, a := range []string{ + "10.0.0.1", + "10.0.0.2", + "10.0.0.4", + "10.0.0.5", + } { + require.Equal(t, a, ep.Subsets[0].Addresses[i].IP) + } + + eps := listEndpointSlices(t, esclient, 3) + + for i, ep := range eps { + require.Equal(t, discoveryv1.AddressType("IPv4"), ep.AddressType) + + switch i { + case 0: + require.Len(t, ep.Endpoints, 2) + require.Equal(t, "10.0.0.1", ep.Endpoints[0].Addresses[0]) + require.Equal(t, "10.0.0.2", ep.Endpoints[1].Addresses[0]) + case 1: + require.Len(t, ep.Endpoints, 1) + require.Equal(t, "10.0.0.4", ep.Endpoints[0].Addresses[0]) + case 2: + require.Len(t, ep.Endpoints, 1) + require.Equal(t, "10.0.0.5", ep.Endpoints[0].Addresses[0]) + } + } + }) + + t.Run("delete all nodes", func(t *testing.T) { + for _, n := range []string{"node-0", "node-2", "node-4", "node-5"} { + _ = nclient.Delete(ctx, n, metav1.DeleteOptions{}) + } + + c.sync(ctx) + + ep, err := eclient.Get(ctx, c.kubeletObjectName, metav1.GetOptions{}) + require.NoError(t, err) + require.Empty(t, ep.Subsets[0].Addresses) + + _ = listEndpointSlices(t, esclient, 0) + }) +} + +func newNode(name, address string) *v1.Node { + return &v1.Node{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + UID: types.UID(name + "-" + address), + }, + Status: v1.NodeStatus{ + Addresses: []v1.NodeAddress{ + { + Address: address, + Type: v1.NodeInternalIP, + }, + }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionTrue, + }, + }, + }, + } +} + +func listEndpointSlices(t *testing.T, c clientdiscoveryv1.EndpointSliceInterface, expected int) []discoveryv1.EndpointSlice { + t.Helper() + + eps, err := c.List(context.Background(), metav1.ListOptions{}) + require.NoError(t, err) + require.Len(t, eps.Items, expected) + + slices.SortStableFunc(eps.Items, func(a, b discoveryv1.EndpointSlice) int { + return strings.Compare(string(a.UID), string(b.UID)) + }) + + return eps.Items +} + +func newLogger() *slog.Logger { + l, err := logging.NewLoggerSlog(logging.Config{ + Level: logging.LevelWarn, + Format: logging.FormatLogFmt, + }) + + if err != nil { + panic(fmt.Sprintf("failed to create logger: %v", err)) + } + + return l +} diff --git a/pkg/listwatch/listwatch.go b/pkg/listwatch/listwatch.go index 3ebb3f19afd..13b552f0b42 100644 --- a/pkg/listwatch/listwatch.go +++ b/pkg/listwatch/listwatch.go @@ -18,25 +18,26 @@ import ( "context" "crypto/rand" "fmt" + "log/slog" + "math" "math/big" + "os" "sort" "strings" "time" "github.com/blang/semver/v4" - "github.com/go-kit/log" - "github.com/go-kit/log/level" v1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apimachinery/pkg/version" "k8s.io/apimachinery/pkg/watch" authv1 "k8s.io/client-go/kubernetes/typed/authorization/v1" corev1 "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/client-go/tools/cache" + "github.com/prometheus-operator/prometheus-operator/internal/util" "github.com/prometheus-operator/prometheus-operator/pkg/k8sutil" ) @@ -60,14 +61,19 @@ const ( // the given denied namespaces are applied. func NewNamespaceListWatchFromClient( ctx context.Context, - l log.Logger, - k8sVersion version.Info, + l *slog.Logger, + k8sVersion semver.Version, corev1Client corev1.CoreV1Interface, ssarClient authv1.SelfSubjectAccessReviewInterface, allowedNamespaces, deniedNamespaces map[string]struct{}, ) (cache.ListerWatcher, bool, error) { if l == nil { - l = log.NewNopLogger() + l = slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + // slog level math.MaxInt means no logging + // We would like to use the slog buil-in No-op level once it is available + // More: https://github.com/golang/go/issues/62005 + Level: slog.Level(math.MaxInt), + })) } listWatchAllowed, reasons, err := k8sutil.IsAllowed( @@ -84,13 +90,7 @@ func NewNamespaceListWatchFromClient( } // The "kubernetes.io/metadata.name" label is GA since Kubernetes 1.22. - var metadataNameLabelSupported bool - v, err := semver.ParseTolerant(k8sVersion.String()) - if err != nil { - level.Warn(l).Log("msg", "failed to parse Kubernetes version", "version", k8sVersion.String(), "err", err) - } else { - metadataNameLabelSupported = v.GTE(semver.MustParse("1.22.0")) - } + metadataNameLabelSupported := k8sVersion.GTE(semver.MustParse("1.22.0")) if IsAllNamespaces(allowedNamespaces) { if !listWatchAllowed { @@ -122,7 +122,7 @@ func NewNamespaceListWatchFromClient( } if listWatchAllowed && metadataNameLabelSupported { - level.Debug(l).Log("msg", "using privileged namespace lister/watcher") + l.Debug("using privileged namespace lister/watcher") return cache.NewFilteredListWatchFromClient( corev1Client.RESTClient(), "namespaces", @@ -162,7 +162,7 @@ func NewNamespaceListWatchFromClient( err = fmt.Errorf("%w: %w", err, r) } - level.Warn(l).Log("msg", "the operator lacks required permissions which may result in degraded functionalities", "err", err) + l.Warn("the operator lacks required permissions which may result in degraded functionalities", "err", err) } var namespaces []string @@ -209,12 +209,6 @@ func TweakByLabel(options *metav1.ListOptions, label string, filter FilterType, return } - var labels []string - for value := range valueSet { - labels = append(labels, value) - } - sort.Strings(labels) - var op string switch filter { case IncludeFilterType: @@ -224,7 +218,7 @@ func TweakByLabel(options *metav1.ListOptions, label string, filter FilterType, default: panic(fmt.Sprintf("unsupported filter: %q", filter)) } - selectors := []string{fmt.Sprintf("%s %s (%s)", label, op, strings.Join(labels, ","))} + selectors := []string{fmt.Sprintf("%s %s (%s)", label, op, strings.Join(util.SortedKeys(valueSet), ","))} if options.LabelSelector != "" { selectors = append(selectors, options.LabelSelector) @@ -258,7 +252,7 @@ type pollBasedListerWatcher struct { ch chan watch.Event ctx context.Context - l log.Logger + l *slog.Logger cache map[string]cacheEntry } @@ -271,9 +265,14 @@ type cacheEntry struct { var _ = watch.Interface(&pollBasedListerWatcher{}) var _ = cache.ListerWatcher(&pollBasedListerWatcher{}) -func newPollBasedListerWatcher(ctx context.Context, l log.Logger, corev1Client corev1.CoreV1Interface, namespaces []string) *pollBasedListerWatcher { +func newPollBasedListerWatcher(ctx context.Context, l *slog.Logger, corev1Client corev1.CoreV1Interface, namespaces []string) *pollBasedListerWatcher { if l == nil { - l = log.NewNopLogger() + l = slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + // slog level math.MaxInt means no logging + // We would like to use the slog buil-in No-op level once it is available + // More: https://github.com/golang/go/issues/62005 + Level: slog.Level(math.MaxInt), + })) } pblw := &pollBasedListerWatcher{ @@ -298,7 +297,7 @@ func (pblw *pollBasedListerWatcher) List(_ metav1.ListOptions) (runtime.Object, result, err := pblw.corev1Client.Namespaces().Get(pblw.ctx, ns, metav1.GetOptions{}) if err != nil { if apierrors.IsNotFound(err) { - level.Info(pblw.l).Log("msg", "namespace not found", "namespace", ns) + pblw.l.Info("namespace not found", "namespace", ns) continue } @@ -327,7 +326,7 @@ func (pblw *pollBasedListerWatcher) ResultChan() <-chan watch.Event { if err == nil { time.Sleep(time.Duration(jitter.Int64())) } else { - level.Info(pblw.l).Log("msg", "failed to generate random jitter", "err", err) + pblw.l.Info("failed to generate random jitter", "err", err) } _ = wait.PollUntilContextCancel(pblw.ctx, pollInterval, false, pblw.poll) @@ -351,7 +350,7 @@ func (pblw *pollBasedListerWatcher) poll(ctx context.Context) (bool, error) { deleted = append(deleted, ns) } default: - level.Warn(pblw.l).Log("msg", "watch error", "err", err, "namespace", ns) + pblw.l.Warn("watch error", "err", err, "namespace", ns) } continue } diff --git a/pkg/listwatch/namespace_denylist.go b/pkg/listwatch/namespace_denylist.go index 30d09a5587c..62ded0b3e88 100644 --- a/pkg/listwatch/namespace_denylist.go +++ b/pkg/listwatch/namespace_denylist.go @@ -16,9 +16,8 @@ package listwatch import ( "fmt" + "log/slog" - "github.com/go-kit/log" - "github.com/go-kit/log/level" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -33,13 +32,13 @@ import ( type denylistListerWatcher struct { denylist map[string]struct{} next cache.ListerWatcher - logger log.Logger + logger *slog.Logger } // newDenylistListerWatcher creates a cache.ListerWatcher // wrapping the given next cache.ListerWatcher // filtering lists and watch events by the given namespaces. -func newDenylistListerWatcher(l log.Logger, namespaces map[string]struct{}, next cache.ListerWatcher) cache.ListerWatcher { +func newDenylistListerWatcher(l *slog.Logger, namespaces map[string]struct{}, next cache.ListerWatcher) cache.ListerWatcher { if len(namespaces) == 0 { return next } @@ -55,44 +54,42 @@ func newDenylistListerWatcher(l log.Logger, namespaces map[string]struct{}, next // but filtering denied namespaces from the result. func (w *denylistListerWatcher) List(options metav1.ListOptions) (runtime.Object, error) { var ( - l = metav1.List{} - errL = level.Error(w.logger) - debugL = level.Debug(w.logger) + l = metav1.List{} ) list, err := w.next.List(options) if err != nil { - errL.Log("msg", "error listing", "err", err) + w.logger.Error("error listing", "err", err) return nil, err } objs, err := meta.ExtractList(list) if err != nil { - errL.Log("msg", "error extracting list", "err", err) + w.logger.Error("error extracting list", "err", err) return nil, err } metaObj, err := meta.ListAccessor(list) if err != nil { - errL.Log("msg", "error getting list accessor", "err", err) + w.logger.Error("error getting list accessor", "err", err) return nil, err } for _, obj := range objs { acc, err := meta.Accessor(obj) if err != nil { - errL.Log("msg", "error getting meta accessor accessor", "obj", fmt.Sprintf("%v", obj), "err", err) + w.logger.Error("error getting meta accessor accessor", "obj", fmt.Sprintf("%v", obj), "err", err) return nil, err } - debugDetailed := log.With(debugL, "selflink", acc.GetSelfLink()) + debugDetailed := w.logger.With("selflink", acc.GetSelfLink()) if _, denied := w.denylist[getNamespace(acc)]; denied { - debugDetailed.Log("msg", "denied") + debugDetailed.Debug("denied") continue } - debugDetailed.Log("msg", "allowed") + debugDetailed.Debug("allowed") l.Items = append(l.Items, runtime.RawExtension{Object: obj.DeepCopyObject()}) } @@ -118,17 +115,15 @@ func (w *denylistListerWatcher) Watch(options metav1.ListOptions) (watch.Interfa // It starts a new goroutine until either // a) the result channel of the wrapped next watcher is closed, or // b) Stop() was invoked on the returned watcher. -func newDenylistWatch(l log.Logger, denylist map[string]struct{}, next watch.Interface) watch.Interface { +func newDenylistWatch(l *slog.Logger, denylist map[string]struct{}, next watch.Interface) watch.Interface { var ( - result = make(chan watch.Event) - proxy = watch.NewProxyWatcher(result) - debug = level.Debug(l) - warning = level.Warn(l) + result = make(chan watch.Event) + proxy = watch.NewProxyWatcher(result) ) go func() { defer func() { - debug.Log("msg", "stopped denylist watcher") + l.Debug("stopped denylist watcher") // According to watch.Interface the result channel is supposed to be called // in case of error or if the listwach is closed, see [1]. // @@ -140,7 +135,7 @@ func newDenylistWatch(l log.Logger, denylist map[string]struct{}, next watch.Int select { case event, ok := <-next.ResultChan(): if !ok { - debug.Log("msg", "result channel closed") + l.Debug("result channel closed") return } @@ -148,21 +143,21 @@ func newDenylistWatch(l log.Logger, denylist map[string]struct{}, next watch.Int if err != nil { // ignore this event, it doesn't implement the metav1.Object interface, // hence we cannot determine its namespace. - warning.Log("msg", fmt.Sprintf("unexpected object type in event (%T): %v", event.Object, event.Object)) + l.Warn(fmt.Sprintf("unexpected object type in event (%T): %v", event.Object, event.Object)) continue } - debugDetailed := log.With(debug, "selflink", acc.GetSelfLink()) + debugDetailed := l.With("selflink", acc.GetSelfLink()) if _, denied := denylist[getNamespace(acc)]; denied { - debugDetailed.Log("msg", "denied") + debugDetailed.Debug("denied") continue } - debugDetailed.Log("msg", "allowed") + debugDetailed.Debug("allowed") select { case result <- event: - debugDetailed.Log("msg", "dispatched") + debugDetailed.Debug("dispatched") case <-proxy.StopChan(): next.Stop() return diff --git a/pkg/listwatch/namespace_denylist_test.go b/pkg/listwatch/namespace_denylist_test.go index 2629652f483..fa8da66fc19 100644 --- a/pkg/listwatch/namespace_denylist_test.go +++ b/pkg/listwatch/namespace_denylist_test.go @@ -15,10 +15,12 @@ package listwatch import ( + "log/slog" + "math" + "os" "reflect" "testing" - "github.com/go-kit/log" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -76,7 +78,12 @@ func namespaces(ns ...string) map[string]struct{} { } func TestDenylistList(t *testing.T) { - logger := log.NewNopLogger() + logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + // slog level math.MaxInt means no logging + // We would like to use the slog buil-in No-op level once it is available + // More: https://github.com/golang/go/issues/62005 + Level: slog.Level(math.MaxInt), + })) cases := []struct { name string @@ -202,7 +209,12 @@ func TestDenylistList(t *testing.T) { } func TestDenylistWatch(t *testing.T) { - logger := log.NewNopLogger() + logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + // slog level math.MaxInt means no logging + // We would like to use the slog buil-in No-op level once it is available + // More: https://github.com/golang/go/issues/62005 + Level: slog.Level(math.MaxInt), + })) cases := []struct { name string diff --git a/pkg/operator/accessor.go b/pkg/operator/accessor.go index afe866a81a9..aeed203b24f 100644 --- a/pkg/operator/accessor.go +++ b/pkg/operator/accessor.go @@ -15,8 +15,8 @@ package operator import ( - "github.com/go-kit/log" - "github.com/go-kit/log/level" + "log/slog" + "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/cache" @@ -24,10 +24,10 @@ import ( // Accessor can manipulate objects returned by informers and handlers. type Accessor struct { - logger log.Logger + logger *slog.Logger } -func NewAccessor(l log.Logger) *Accessor { +func NewAccessor(l *slog.Logger) *Accessor { return &Accessor{ logger: l, } @@ -39,7 +39,7 @@ func NewAccessor(l log.Logger) *Accessor { func (a *Accessor) MetaNamespaceKey(obj interface{}) (string, bool) { k, err := cache.DeletionHandlingMetaNamespaceKeyFunc(obj) if err != nil { - level.Error(a.logger).Log("msg", "failed to retrieve object's key", "err", err) + a.logger.Error("failed to retrieve object's key", "err", err) return k, false } @@ -56,7 +56,7 @@ func (a *Accessor) ObjectMetadata(obj interface{}) (metav1.Object, bool) { o, err := meta.Accessor(obj) if err != nil { - level.Error(a.logger).Log("msg", "get object failed", "err", err) + a.logger.Error("get object failed", "err", err) return nil, false } return o, true diff --git a/pkg/operator/config.go b/pkg/operator/config.go index 3ac32e79947..9cee9c10f23 100644 --- a/pkg/operator/config.go +++ b/pkg/operator/config.go @@ -21,19 +21,19 @@ import ( "sort" "strings" + "github.com/blang/semver/v4" "golang.org/x/exp/maps" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/version" k8sflag "k8s.io/component-base/cli/flag" ) // Config defines configuration parameters for the Operator. type Config struct { // Version reported by the Kubernetes API. - KubernetesVersion version.Info + KubernetesVersion semver.Version // Cluster domain for Kubernetes services managed by the operator. ClusterDomain string @@ -57,14 +57,18 @@ type Config struct { LocalHost string // Label and field selectors for resource watchers. - PromSelector LabelSelector - AlertmanagerSelector LabelSelector - ThanosRulerSelector LabelSelector - SecretListWatchSelector FieldSelector + PromSelector LabelSelector + AlertmanagerSelector LabelSelector + ThanosRulerSelector LabelSelector + SecretListWatchFieldSelector FieldSelector + SecretListWatchLabelSelector LabelSelector // Controller id for pod ownership. ControllerID string + // Event recorder factory. + EventRecorderFactory EventRecorderFactory + // Feature gates. Gates *FeatureGates } diff --git a/pkg/operator/config_reloader.go b/pkg/operator/config_reloader.go index 898acb4c2ac..43711f856f9 100644 --- a/pkg/operator/config_reloader.go +++ b/pkg/operator/config_reloader.go @@ -179,10 +179,13 @@ func ImagePullPolicy(imagePullPolicy v1.PullPolicy) ReloaderOption { } } -// WithNodeNameEnv sets the withNodeNameEnv option for the config-reloader container. -func WithNodeNameEnv() ReloaderOption { +// DaemonSet sets the options that work for DaemonSet mode. +// Currently we set SHARD env equal to 0, eventhough DaemonSet doesn't use this env. +// TODO: Remove SHARD env for DaemonSet mode. +func WithDaemonSetMode() ReloaderOption { return func(c *ConfigReloader) { c.withNodeNameEnv = true + c.shard = ptr.To(int32(0)) } } diff --git a/pkg/operator/config_reloader_test.go b/pkg/operator/config_reloader_test.go index c4c7a7b1359..817c7ebb00f 100644 --- a/pkg/operator/config_reloader_test.go +++ b/pkg/operator/config_reloader_test.go @@ -164,16 +164,8 @@ func TestCreateConfigReloader(t *testing.T) { WebConfigFile(webConfigFile), Shard(shard), ImagePullPolicy(expectedImagePullPolicy), - WithNodeNameEnv(), ) - assert.Contains(t, container.Env, v1.EnvVar{ - Name: NodeNameEnvVar, - ValueFrom: &v1.EnvVarSource{ - FieldRef: &v1.ObjectFieldSelector{FieldPath: "spec.nodeName"}, - }, - }) - if container.Name != "config-reloader" { t.Errorf("Expected container name %s, but found %s", containerName, container.Name) } @@ -227,6 +219,25 @@ func TestCreateConfigReloader(t *testing.T) { } } +func TestCreateConfigReloaderForDaemonSet(t *testing.T) { + var container = CreateConfigReloader( + "config-reloader", + WithDaemonSetMode(), + ) + + assert.Contains(t, container.Env, v1.EnvVar{ + Name: NodeNameEnvVar, + ValueFrom: &v1.EnvVarSource{ + FieldRef: &v1.ObjectFieldSelector{FieldPath: "spec.nodeName"}, + }, + }) + + assert.Contains(t, container.Env, v1.EnvVar{ + Name: ShardEnvVar, + Value: strconv.Itoa(0), + }) +} + func contains(s []string, str string) bool { for _, v := range s { if v == str { diff --git a/pkg/operator/defaults.go b/pkg/operator/defaults.go index 0d085740528..6c991dae6cd 100644 --- a/pkg/operator/defaults.go +++ b/pkg/operator/defaults.go @@ -25,7 +25,7 @@ const ( DefaultAlertmanagerImage = DefaultAlertmanagerBaseImage + ":" + DefaultAlertmanagerVersion // DefaultThanosVersion is a default image tag for the Thanos long-term prometheus storage collector. - DefaultThanosVersion = "v0.35.1" + DefaultThanosVersion = "v0.36.1" // DefaultThanosBaseImage is a base container registry address for the Thanos long-term prometheus // storage collector. DefaultThanosBaseImage = "quay.io/thanos/thanos" @@ -36,6 +36,8 @@ const ( var ( // DefaultPrometheusVersion is a default image tag for the prometheus. DefaultPrometheusVersion = PrometheusCompatibilityMatrix[len(PrometheusCompatibilityMatrix)-1] + // DefaultPrometheusExperimentalVersion is a default image tag for the prometheus experimental version (like Prometheus 3 beta). + DefaultPrometheusExperimentalVersion = PrometheusExperimentalVersions[len(PrometheusExperimentalVersions)-1] // DefaultPrometheusBaseImage is a base container registry address for the prometheus. DefaultPrometheusBaseImage = "quay.io/prometheus/prometheus" // DefaultPrometheusImage is a default image pulling address for the prometheus. @@ -90,6 +92,18 @@ var ( "v2.51.1", "v2.51.2", "v2.52.0", + "v2.52.1", "v2.53.0", + "v2.53.1", + "v2.54.0", + "v2.54.1", + "v2.55.0", + } + + // Note: Issues in this version won't be supported by operator till its stable + // This is only added for users to try the unstable versions. + PrometheusExperimentalVersions = []string{ + "v3.0.0-beta.0", + "v3.0.0-beta.1", } ) diff --git a/pkg/operator/event_handler.go b/pkg/operator/event_handler.go index d08f913cb86..d3ced1f6872 100644 --- a/pkg/operator/event_handler.go +++ b/pkg/operator/event_handler.go @@ -16,15 +16,14 @@ package operator import ( "fmt" + "log/slog" - "github.com/go-kit/log" - "github.com/go-kit/log/level" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) // EventHandler implements the k8s.io/tools/cache.ResourceEventHandler interface. type EventHandler struct { - logger log.Logger + logger *slog.Logger accessor *Accessor metrics *Metrics @@ -33,7 +32,7 @@ type EventHandler struct { } func NewEventHandler( - logger log.Logger, + logger *slog.Logger, accessor *Accessor, metrics *Metrics, objName string, @@ -51,7 +50,7 @@ func NewEventHandler( func (e *EventHandler) OnAdd(obj interface{}, _ bool) { o, ok := e.accessor.ObjectMetadata(obj) if ok { - level.Debug(e.logger).Log("msg", fmt.Sprintf("%s added", e.objName)) + e.logger.Debug(fmt.Sprintf("%s added", e.objName)) e.metrics.TriggerByCounter(e.objName, AddEvent).Inc() e.enqueueFunc(o.GetNamespace()) } @@ -63,7 +62,7 @@ func (e *EventHandler) OnUpdate(old, cur interface{}) { } if o, ok := e.accessor.ObjectMetadata(cur); ok { - level.Debug(e.logger).Log("msg", fmt.Sprintf("%s updated", e.objName)) + e.logger.Debug(fmt.Sprintf("%s updated", e.objName)) e.metrics.TriggerByCounter(e.objName, UpdateEvent) e.enqueueFunc(o.GetNamespace()) } @@ -71,7 +70,7 @@ func (e *EventHandler) OnUpdate(old, cur interface{}) { func (e *EventHandler) OnDelete(obj interface{}) { if o, ok := e.accessor.ObjectMetadata(obj); ok { - level.Debug(e.logger).Log("msg", fmt.Sprintf("%s deleted", e.objName)) + e.logger.Debug(fmt.Sprintf("%s deleted", e.objName)) e.metrics.TriggerByCounter(e.objName, DeleteEvent).Inc() e.enqueueFunc(o.GetNamespace()) } diff --git a/pkg/operator/factory.go b/pkg/operator/factory.go index af73149ce96..4e596413003 100644 --- a/pkg/operator/factory.go +++ b/pkg/operator/factory.go @@ -15,6 +15,8 @@ package operator import ( + "strings" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/utils/ptr" @@ -106,6 +108,39 @@ func WithAnnotations(annotations map[string]string) ObjectOption { } } +// InputHashAnnotationName is the name of the annotation used to store the +// operator's computed hash value. +const InputHashAnnotationName = "prometheus-operator-input-hash" + +// WithInputHashAnnotation records the given hash string in the object's +// annotations. +func WithInputHashAnnotation(h string) ObjectOption { + return func(o metav1.Object) { + a := o.GetAnnotations() + if a == nil { + a = map[string]string{} + } + a[InputHashAnnotationName] = h + o.SetAnnotations(a) + } +} + +// WithoutKubectlAnnotations removes kubectl annotations inherited from the +// governing object. Otherwise the managed object might be deleted when +// "kubectl apply --prune" is run against the governing object. +func WithoutKubectlAnnotations() ObjectOption { + return func(o metav1.Object) { + a := make(map[string]string, len(o.GetAnnotations())) + for k, v := range o.GetAnnotations() { + if !strings.HasPrefix(k, "kubectl.kubernetes.io/") { + a[k] = v + } + } + + o.SetAnnotations(a) + } +} + // UpdateObject updates the object with the provided options. func UpdateObject(o metav1.Object, opts ...ObjectOption) { WithLabels(map[string]string{managedByOperatorLabel: managedByOperatorLabelValue})(o) diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go index 9e94e26c3bd..f3def25ee69 100644 --- a/pkg/operator/operator.go +++ b/pkg/operator/operator.go @@ -17,11 +17,10 @@ package operator import ( "context" "fmt" + "log/slog" "sync" "time" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/prometheus/client_golang/prometheus" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" @@ -431,7 +430,7 @@ func SanitizeSTS(sts *appsv1.StatefulSet) { // than 1 minute, it means that something is stuck and the message will // indicate to the admin which informer is the culprit. // See https://github.com/prometheus-operator/prometheus-operator/issues/3347. -func WaitForNamedCacheSync(ctx context.Context, controllerName string, logger log.Logger, inf cache.SharedIndexInformer) bool { +func WaitForNamedCacheSync(ctx context.Context, controllerName string, logger *slog.Logger, inf cache.SharedIndexInformer) bool { ctx, cancel := context.WithTimeout(ctx, 10*time.Minute) defer cancel() @@ -442,7 +441,7 @@ func WaitForNamedCacheSync(ctx context.Context, controllerName string, logger lo for { select { case <-t.C: - level.Warn(logger).Log("msg", "cache sync not yet completed") + logger.Warn("cache sync not yet completed") case <-ctx.Done(): return } @@ -451,9 +450,9 @@ func WaitForNamedCacheSync(ctx context.Context, controllerName string, logger lo ok := cache.WaitForNamedCacheSync(controllerName, ctx.Done(), inf.HasSynced) if !ok { - level.Error(logger).Log("msg", "failed to sync cache") + logger.Error("failed to sync cache") } else { - level.Debug(logger).Log("msg", "successfully synced cache") + logger.Debug("successfully synced cache") } return ok diff --git a/pkg/operator/resource_reconciler.go b/pkg/operator/resource_reconciler.go index eef596a53c3..f15d2a46485 100644 --- a/pkg/operator/resource_reconciler.go +++ b/pkg/operator/resource_reconciler.go @@ -17,32 +17,38 @@ package operator import ( "context" "fmt" + "log/slog" "reflect" "strings" "time" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/prometheus/client_golang/prometheus" "golang.org/x/sync/errgroup" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/client-go/tools/cache" "k8s.io/client-go/util/workqueue" + "k8s.io/utils/ptr" ) -// Syncer knows how to synchronize statefulset-based resources. +// Syncer knows how to synchronize statefulset-based or daemonset-based resources. type Syncer interface { // Sync the state of the object identified by its key. Sync(context.Context, string) error // UpdateStatus updates the status of the object identified by its key. UpdateStatus(context.Context, string) error - // Resolve returns the resource associated to the statefulset. - Resolve(*appsv1.StatefulSet) metav1.Object +} + +// OwnedResourceOwner returns an object from its "/" key. +type OwnedResourceOwner interface { + Get(string) (runtime.Object, error) } // ReconcilerMetrics tracks reconciler metrics. @@ -58,18 +64,19 @@ type ReconcilerMetrics interface { // // var statefulSetInformer, resourceInformer cache.SharedInformer // ... -// rr := NewResourceReconciler(...) +// rr := NewResourceReconciler(..., "Prometheus", ...) // statefulSetInformer.AddEventHandler(rr) // resourceInformer.AddEventHandler(rr) // // ResourceReconciler will trigger object and status reconciliations based on // the events received from the informer. type ResourceReconciler struct { - logger log.Logger + logger *slog.Logger resourceKind string syncer Syncer + getter OwnedResourceOwner reconcileTotal prometheus.Counter reconcileErrors prometheus.Counter @@ -80,9 +87,9 @@ type ResourceReconciler struct { metrics ReconcilerMetrics // Queue to trigger state reconciliations of objects. - reconcileQ workqueue.RateLimitingInterface + reconcileQ workqueue.TypedRateLimitingInterface[string] // Queue to trigger status updates of Prometheus objects. - statusQ workqueue.RateLimitingInterface + statusQ workqueue.TypedRateLimitingInterface[string] g errgroup.Group @@ -99,8 +106,9 @@ const ( // NewResourceReconciler returns a reconciler for the "kind" resource. func NewResourceReconciler( - l log.Logger, + l *slog.Logger, syncer Syncer, + getter OwnedResourceOwner, metrics ReconcilerMetrics, kind string, reg prometheus.Registerer, @@ -136,6 +144,7 @@ func NewResourceReconciler( qname := strings.ToLower(kind) + // TODO: Support reconciling metrics for DaemonSet resource for _, t := range []string{"StatefulSet", kind} { for _, e := range []HandlerEvent{AddEvent, DeleteEvent, UpdateEvent} { metrics.TriggerByCounter(t, e) @@ -146,6 +155,7 @@ func NewResourceReconciler( logger: l, resourceKind: kind, syncer: syncer, + getter: getter, reconcileTotal: reconcileTotal, reconcileErrors: reconcileErrors, @@ -155,16 +165,15 @@ func NewResourceReconciler( metrics: metrics, controllerID: controllerID, - reconcileQ: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), qname), - statusQ: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), qname+"_status"), + reconcileQ: workqueue.NewTypedRateLimitingQueueWithConfig[string](workqueue.DefaultTypedControllerRateLimiter[string](), workqueue.TypedRateLimitingQueueConfig[string]{Name: qname}), + statusQ: workqueue.NewTypedRateLimitingQueueWithConfig[string](workqueue.DefaultTypedControllerRateLimiter[string](), workqueue.TypedRateLimitingQueueConfig[string]{Name: qname + "_status"}), } } // DeletionInProgress returns true if the object deletion has been requested. func (rr *ResourceReconciler) DeletionInProgress(o metav1.Object) bool { if o.GetDeletionTimestamp() != nil { - level.Debug(rr.logger).Log( - "msg", "object deletion in progress", + rr.logger.Debug("object deletion in progress", "object", fmt.Sprintf("%s/%s", o.GetNamespace(), o.GetName()), ) return true @@ -175,8 +184,7 @@ func (rr *ResourceReconciler) DeletionInProgress(o metav1.Object) bool { // hasObjectChanged returns true if the objects have different resource revisions. func (rr *ResourceReconciler) hasObjectChanged(old, cur metav1.Object) bool { if old.GetResourceVersion() != cur.GetResourceVersion() { - level.Debug(rr.logger).Log( - "msg", "different resource versions", + rr.logger.Debug("different resource versions", "current", cur.GetResourceVersion(), "old", old.GetResourceVersion(), "object", fmt.Sprintf("%s/%s", cur.GetNamespace(), cur.GetName()), @@ -193,8 +201,7 @@ func (rr *ResourceReconciler) hasObjectChanged(old, cur metav1.Object) bool { // subresource for instance. func (rr *ResourceReconciler) hasStateChanged(old, cur metav1.Object) bool { if old.GetGeneration() != cur.GetGeneration() { - level.Debug(rr.logger).Log( - "msg", "different generations", + rr.logger.Debug("different generations", "current", cur.GetGeneration(), "old", old.GetGeneration(), "object", fmt.Sprintf("%s/%s", cur.GetNamespace(), cur.GetName()), @@ -203,8 +210,7 @@ func (rr *ResourceReconciler) hasStateChanged(old, cur metav1.Object) bool { } if !reflect.DeepEqual(old.GetLabels(), cur.GetLabels()) { - level.Debug(rr.logger).Log( - "msg", "different labels", + rr.logger.Debug("different labels", "current", fmt.Sprintf("%v", cur.GetLabels()), "old", fmt.Sprintf("%v", old.GetLabels()), "object", fmt.Sprintf("%s/%s", cur.GetNamespace(), cur.GetName()), @@ -213,8 +219,7 @@ func (rr *ResourceReconciler) hasStateChanged(old, cur metav1.Object) bool { } if !reflect.DeepEqual(old.GetAnnotations(), cur.GetAnnotations()) { - level.Debug(rr.logger).Log( - "msg", "different annotations", + rr.logger.Debug("different annotations", "current", fmt.Sprintf("%v", cur.GetAnnotations()), "old", fmt.Sprintf("%v", old.GetAnnotations()), "object", fmt.Sprintf("%s/%s", cur.GetNamespace(), cur.GetName()), @@ -230,18 +235,54 @@ func (rr *ResourceReconciler) hasStateChanged(old, cur metav1.Object) bool { func (rr *ResourceReconciler) objectKey(obj interface{}) (string, bool) { k, err := cache.DeletionHandlingMetaNamespaceKeyFunc(obj) if err != nil { - level.Error(rr.logger).Log("msg", "creating key failed", "err", err) + rr.logger.Error("creating key failed", "err", err) return "", false } return k, true } +func (rr *ResourceReconciler) resolve(obj metav1.Object) metav1.Object { + for _, or := range obj.GetOwnerReferences() { + if !ptr.Deref(or.Controller, false) { + continue + } + + if or.Kind != rr.resourceKind { + continue + } + + owner, err := rr.getter.Get(types.NamespacedName{Namespace: obj.GetNamespace(), Name: or.Name}.String()) + if err != nil { + if !apierrors.IsNotFound(err) { + rr.logger.Error("failed to resolve controller owner", "err", err, "namespace", obj.GetNamespace(), "name", obj.GetName(), "kind", rr.resourceKind) + } + + return nil + } + + owner = owner.DeepCopyObject() + o, err := meta.Accessor(owner) + if err != nil { + rr.logger.Error("failed to get owner meta", "err", err, "gvk", owner.GetObjectKind().GroupVersionKind().String(), "namespace", obj.GetNamespace(), "name", obj.GetName(), "kind", rr.resourceKind) + } + + return o + } + + rr.logger.Debug("no known controller owner", "namespace", obj.GetNamespace(), "name", obj.GetName()) + return nil +} + // OnAdd implements the cache.ResourceEventHandler interface. func (rr *ResourceReconciler) OnAdd(obj interface{}, _ bool) { - if _, ok := obj.(*appsv1.StatefulSet); ok { - rr.onStatefulSetAdd(obj.(*appsv1.StatefulSet)) + switch v := obj.(type) { + case *appsv1.DaemonSet: + rr.onDaemonSetAdd(v) + return + case *appsv1.StatefulSet: + rr.onStatefulSetAdd(v) return } @@ -259,7 +300,7 @@ func (rr *ResourceReconciler) OnAdd(obj interface{}, _ bool) { return } - level.Debug(rr.logger).Log("msg", fmt.Sprintf("%s added", rr.resourceKind), "key", key) + rr.logger.Debug(fmt.Sprintf("%s added", rr.resourceKind), "key", key) rr.metrics.TriggerByCounter(rr.resourceKind, AddEvent).Inc() rr.reconcileQ.Add(key) @@ -267,8 +308,12 @@ func (rr *ResourceReconciler) OnAdd(obj interface{}, _ bool) { // OnUpdate implements the cache.ResourceEventHandler interface. func (rr *ResourceReconciler) OnUpdate(old, cur interface{}) { - if _, ok := cur.(*appsv1.StatefulSet); ok { - rr.onStatefulSetUpdate(old.(*appsv1.StatefulSet), cur.(*appsv1.StatefulSet)) + switch v := cur.(type) { + case *appsv1.DaemonSet: + rr.onDaemonSetUpdate(old.(*appsv1.DaemonSet), v) + return + case *appsv1.StatefulSet: + rr.onStatefulSetUpdate(old.(*appsv1.StatefulSet), v) return } @@ -279,12 +324,12 @@ func (rr *ResourceReconciler) OnUpdate(old, cur interface{}) { mOld, err := meta.Accessor(old) if err != nil { - level.Error(rr.logger).Log("err", fmt.Sprintf("failed to get object meta: %s", err), "key", key) + rr.logger.Error("failed to get old object meta", "err", err, "key", key) } mCur, err := meta.Accessor(cur) if err != nil { - level.Error(rr.logger).Log("err", fmt.Sprintf("failed to get object meta: %s", err), "key", key) + rr.logger.Error("failed to get current object meta", "err", err, "key", key) } if !rr.isManagedByController(mCur) { @@ -299,7 +344,7 @@ func (rr *ResourceReconciler) OnUpdate(old, cur interface{}) { return } - level.Debug(rr.logger).Log("msg", fmt.Sprintf("%s updated", rr.resourceKind), "key", key) + rr.logger.Debug(fmt.Sprintf("%s updated", rr.resourceKind), "key", key) rr.metrics.TriggerByCounter(rr.resourceKind, UpdateEvent).Inc() rr.reconcileQ.Add(key) @@ -307,8 +352,12 @@ func (rr *ResourceReconciler) OnUpdate(old, cur interface{}) { // OnDelete implements the cache.ResourceEventHandler interface. func (rr *ResourceReconciler) OnDelete(obj interface{}) { - if _, ok := obj.(*appsv1.StatefulSet); ok { - rr.onStatefulSetDelete(obj.(*appsv1.StatefulSet)) + switch v := obj.(type) { + case *appsv1.DaemonSet: + rr.onDaemonSetDelete(v) + return + case *appsv1.StatefulSet: + rr.onStatefulSetDelete(v) return } @@ -326,26 +375,37 @@ func (rr *ResourceReconciler) OnDelete(obj interface{}) { return } - level.Debug(rr.logger).Log("msg", fmt.Sprintf("%s deleted", rr.resourceKind), "key", key) + rr.logger.Debug(fmt.Sprintf("%s deleted", rr.resourceKind), "key", key) rr.metrics.TriggerByCounter(rr.resourceKind, DeleteEvent).Inc() rr.reconcileQ.Add(key) } func (rr *ResourceReconciler) onStatefulSetAdd(ss *appsv1.StatefulSet) { - obj := rr.syncer.Resolve(ss) + obj := rr.resolve(ss) if obj == nil { return } - level.Debug(rr.logger).Log("msg", "StatefulSet added") + rr.logger.Debug("StatefulSet added") rr.metrics.TriggerByCounter("StatefulSet", AddEvent).Inc() rr.EnqueueForReconciliation(obj) } +func (rr *ResourceReconciler) onDaemonSetAdd(ds *appsv1.DaemonSet) { + obj := rr.resolve(ds) + if obj == nil { + return + } + + rr.logger.Debug("DaemonSet added") + + rr.EnqueueForReconciliation(obj) +} + func (rr *ResourceReconciler) onStatefulSetUpdate(old, cur *appsv1.StatefulSet) { - level.Debug(rr.logger).Log("msg", "update handler", "resource", "statefulset", "old", old.ResourceVersion, "cur", cur.ResourceVersion) + rr.logger.Debug("update handler", "resource", "statefulset", "old", old.ResourceVersion, "cur", cur.ResourceVersion) if rr.DeletionInProgress(cur) { return @@ -355,12 +415,12 @@ func (rr *ResourceReconciler) onStatefulSetUpdate(old, cur *appsv1.StatefulSet) return } - obj := rr.syncer.Resolve(cur) + obj := rr.resolve(cur) if obj == nil { return } - level.Debug(rr.logger).Log("msg", "StatefulSet updated") + rr.logger.Debug("StatefulSet updated") rr.metrics.TriggerByCounter("StatefulSet", UpdateEvent).Inc() if !rr.hasStateChanged(old, cur) { @@ -374,18 +434,58 @@ func (rr *ResourceReconciler) onStatefulSetUpdate(old, cur *appsv1.StatefulSet) rr.EnqueueForReconciliation(obj) } +func (rr *ResourceReconciler) onDaemonSetUpdate(old, cur *appsv1.DaemonSet) { + rr.logger.Debug("update handler", "resource", "daemonset", "old", old.ResourceVersion, "cur", cur.ResourceVersion) + + if rr.DeletionInProgress(cur) { + return + } + + if !rr.hasObjectChanged(old, cur) { + return + } + + obj := rr.resolve(cur) + if obj == nil { + return + } + + rr.logger.Debug("DaemonSet updated") + if !rr.hasStateChanged(old, cur) { + // If the daemonset state (spec, labels or annotations) hasn't + // changed, the operator can only update the status subresource instead + // of doing a full reconciliation. + // TODO: Uncomment this when Prometheus Agent DaemonSet's status has been supported. + // rr.EnqueueForStatus(obj) + return + } + + rr.EnqueueForReconciliation(obj) +} + func (rr *ResourceReconciler) onStatefulSetDelete(ss *appsv1.StatefulSet) { - obj := rr.syncer.Resolve(ss) + obj := rr.resolve(ss) if obj == nil { return } - level.Debug(rr.logger).Log("msg", "StatefulSet delete") + rr.logger.Debug("StatefulSet delete") rr.metrics.TriggerByCounter("StatefulSet", DeleteEvent).Inc() rr.EnqueueForReconciliation(obj) } +func (rr *ResourceReconciler) onDaemonSetDelete(ds *appsv1.DaemonSet) { + obj := rr.resolve(ds) + if obj == nil { + return + } + + rr.logger.Debug("DaemonSet delete") + + rr.EnqueueForReconciliation(obj) +} + // EnqueueForReconciliation asks for reconciling the object. func (rr *ResourceReconciler) EnqueueForReconciliation(obj metav1.Object) { if !rr.isManagedByController(obj) { @@ -435,12 +535,11 @@ func (rr *ResourceReconciler) Stop() { // the same key. // Before returning, the object's key is automatically added to the status queue. func (rr *ResourceReconciler) processNextReconcileItem(ctx context.Context) bool { - item, quit := rr.reconcileQ.Get() + key, quit := rr.reconcileQ.Get() if quit { return false } - key := item.(string) defer rr.reconcileQ.Done(key) defer rr.statusQ.Add(key) // enqueues the object's key to update the status subresource @@ -462,12 +561,11 @@ func (rr *ResourceReconciler) processNextReconcileItem(ctx context.Context) bool } func (rr *ResourceReconciler) processNextStatusItem(ctx context.Context) bool { - item, quit := rr.statusQ.Get() + key, quit := rr.statusQ.Get() if quit { return false } - key := item.(string) defer rr.statusQ.Done(key) rr.statusTotal.Inc() @@ -508,7 +606,7 @@ func (rr *ResourceReconciler) isManagedByController(obj metav1.Object) bool { } if controllerID != rr.controllerID { - level.Debug(rr.logger).Log("msg", "skipping object not managed by the controller", "object", fmt.Sprintf("%s/%s", obj.GetNamespace(), obj.GetName()), "object_id", controllerID, "controller_id", rr.controllerID) + rr.logger.Debug("skipping object not managed by the controller", "object", fmt.Sprintf("%s/%s", obj.GetNamespace(), obj.GetName()), "object_id", controllerID, "controller_id", rr.controllerID) return false } diff --git a/pkg/operator/rules.go b/pkg/operator/rules.go index 012d8a1136b..dff030e0373 100644 --- a/pkg/operator/rules.go +++ b/pkg/operator/rules.go @@ -17,11 +17,10 @@ package operator import ( "errors" "fmt" + "log/slog" "strings" "github.com/blang/semver/v4" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/prometheus/prometheus/model/rulefmt" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -42,6 +41,12 @@ const ( ThanosFormat ) +// The maximum `Data` size of a ConfigMap seems to differ between +// environments. This is probably due to different meta data sizes which count +// into the overall maximum size of a ConfigMap. Thereby lets leave a +// large buffer. +var MaxConfigMapDataSize = int(float64(v1.MaxSecretSize) * 0.5) + type PrometheusRuleSelector struct { ruleFormat RuleConfigurationFormat version semver.Version @@ -51,10 +56,10 @@ type PrometheusRuleSelector struct { eventRecorder record.EventRecorder - logger log.Logger + logger *slog.Logger } -func NewPrometheusRuleSelector(ruleFormat RuleConfigurationFormat, version string, labelSelector *metav1.LabelSelector, nsLabeler *namespacelabeler.Labeler, ruleInformer *informers.ForResource, eventRecorder record.EventRecorder, logger log.Logger) (*PrometheusRuleSelector, error) { +func NewPrometheusRuleSelector(ruleFormat RuleConfigurationFormat, version string, labelSelector *metav1.LabelSelector, nsLabeler *namespacelabeler.Labeler, ruleInformer *informers.ForResource, eventRecorder record.EventRecorder, logger *slog.Logger) (*PrometheusRuleSelector, error) { componentVersion, err := semver.ParseTolerant(version) if err != nil { return nil, fmt.Errorf("failed to parse version: %w", err) @@ -77,7 +82,7 @@ func NewPrometheusRuleSelector(ruleFormat RuleConfigurationFormat, version strin } func (prs *PrometheusRuleSelector) generateRulesConfiguration(promRule *monitoringv1.PrometheusRule) (string, error) { - logger := log.With(prs.logger, "prometheusrule", promRule.Name, "prometheusrule-namespace", promRule.Namespace) + logger := prs.logger.With("prometheusrule", promRule.Name, "prometheusrule-namespace", promRule.Namespace) promRuleSpec := promRule.Spec promRuleSpec = prs.sanitizePrometheusRulesSpec(promRuleSpec, logger) @@ -90,9 +95,9 @@ func (prs *PrometheusRuleSelector) generateRulesConfiguration(promRule *monitori errs := ValidateRule(promRuleSpec) if len(errs) != 0 { const m = "Invalid rule" - level.Debug(logger).Log("msg", m, "content", content) + logger.Debug(m, "content", content) for _, err := range errs { - level.Info(logger).Log("msg", m, "err", err) + logger.Info(m, "err", err) } return "", errors.New(m) } @@ -101,21 +106,28 @@ func (prs *PrometheusRuleSelector) generateRulesConfiguration(promRule *monitori } // sanitizePrometheusRulesSpec sanitizes the PrometheusRules spec depending on the Prometheus/Thanos version. -func (prs *PrometheusRuleSelector) sanitizePrometheusRulesSpec(promRuleSpec monitoringv1.PrometheusRuleSpec, logger log.Logger) monitoringv1.PrometheusRuleSpec { +func (prs *PrometheusRuleSelector) sanitizePrometheusRulesSpec(promRuleSpec monitoringv1.PrometheusRuleSpec, logger *slog.Logger) monitoringv1.PrometheusRuleSpec { minVersionKeepFiringFor := semver.MustParse("2.42.0") minVersionLimits := semver.MustParse("2.31.0") + minVersionQueryOffset := semver.MustParse("2.53.0") component := "Prometheus" if prs.ruleFormat == ThanosFormat { minVersionKeepFiringFor = semver.MustParse("0.34.0") minVersionLimits = semver.MustParse("0.24.0") + minVersionQueryOffset = semver.MustParse("100.0.0") // Arbitrary very high major version because it's not yet supported by Thanos. component = "Thanos" } for i := range promRuleSpec.Groups { if promRuleSpec.Groups[i].Limit != nil && prs.version.LT(minVersionLimits) { promRuleSpec.Groups[i].Limit = nil - level.Warn(logger).Log("msg", fmt.Sprintf("ignoring `limit` not supported by %s", component), "minimum_version", minVersionLimits) + logger.Warn(fmt.Sprintf("ignoring `limit` not supported by %s", component), "minimum_version", minVersionLimits) + } + + if promRuleSpec.Groups[i].QueryOffset != nil && prs.version.LT(minVersionQueryOffset) { + promRuleSpec.Groups[i].QueryOffset = nil + logger.Warn(fmt.Sprintf("ignoring `query_offset` not supported by %s", component), "minimum_version", minVersionQueryOffset) } if prs.ruleFormat == PrometheusFormat { @@ -126,7 +138,7 @@ func (prs *PrometheusRuleSelector) sanitizePrometheusRulesSpec(promRuleSpec moni for j := range promRuleSpec.Groups[i].Rules { if promRuleSpec.Groups[i].Rules[j].KeepFiringFor != nil && prs.version.LT(minVersionKeepFiringFor) { promRuleSpec.Groups[i].Rules[j].KeepFiringFor = nil - level.Warn(logger).Log("msg", fmt.Sprintf("ignoring 'keep_firing_for' not supported by %s", component), "minimum_version", minVersionKeepFiringFor) + logger.Warn(fmt.Sprintf("ignoring 'keep_firing_for' not supported by %s", component), "minimum_version", minVersionKeepFiringFor) } } } @@ -158,6 +170,13 @@ func ValidateRule(promRuleSpec monitoringv1.PrometheusRuleSpec) []error { if err != nil { return []error{fmt.Errorf("failed to marshal content: %w", err)} } + + // Check if the serialized rules exceed our internal limit. + promRuleSize := len(content) + if promRuleSize > MaxConfigMapDataSize { + return []error{fmt.Errorf("the length of rendered Prometheus Rule is %d bytes which is above the maximum limit of %d bytes", promRuleSize, MaxConfigMapDataSize)} + } + _, errs := rulefmt.Parse(content) return errs } @@ -171,7 +190,7 @@ func (prs *PrometheusRuleSelector) Select(namespaces []string) (map[string]strin err := prs.ruleInformer.ListAllByNamespace(ns, prs.ruleSelector, func(obj interface{}) { promRule := obj.(*monitoringv1.PrometheusRule).DeepCopy() if err := k8sutil.AddTypeInformationToObject(promRule); err != nil { - level.Error(prs.logger).Log("msg", "failed to set rule type information", "namespace", ns, "err", err) + prs.logger.Error("failed to set rule type information", "namespace", ns, "err", err) return } @@ -195,8 +214,8 @@ func (prs *PrometheusRuleSelector) Select(namespaces []string) (map[string]strin content, err = prs.generateRulesConfiguration(promRule) if err != nil { rejected++ - level.Warn(prs.logger).Log( - "msg", "skipping prometheusrule", + prs.logger.Warn( + "skipping prometheusrule", "error", err.Error(), "prometheusrule", promRule.Name, "namespace", promRule.Namespace, @@ -213,8 +232,8 @@ func (prs *PrometheusRuleSelector) Select(namespaces []string) (map[string]strin ruleNames = append(ruleNames, name) } - level.Debug(prs.logger).Log( - "msg", "selected Rules", + prs.logger.Debug( + "selected Rules", "rules", strings.Join(ruleNames, ","), ) diff --git a/pkg/operator/rules_test.go b/pkg/operator/rules_test.go index d91627d3953..1f841d6033b 100644 --- a/pkg/operator/rules_test.go +++ b/pkg/operator/rules_test.go @@ -15,11 +15,12 @@ package operator import ( + "log/slog" "os" + "strings" "testing" "github.com/blang/semver/v4" - "github.com/go-kit/log" "github.com/stretchr/testify/require" "k8s.io/apimachinery/pkg/util/intstr" @@ -35,19 +36,23 @@ func TestMakeRulesConfigMaps(t *testing.T) { t.Run("shouldResetRuleWithPartialResponseStrategySet", shouldResetRuleWithPartialResponseStrategySet) t.Run("shouldAcceptRuleWithLimitPrometheus", shouldAcceptRuleWithLimitPrometheus) t.Run("shouldAcceptRuleWithLimitThanos", shouldAcceptRuleWithLimitThanos) + t.Run("shouldAcceptRuleWithQueryOffsetPrometheus", shouldAcceptRuleWithQueryOffsetPrometheus) t.Run("shouldDropLimitFieldForUnsupportedPrometheusVersion", shouldDropLimitFieldForUnsupportedPrometheusVersion) t.Run("shouldDropLimitFieldForUnsupportedThanosVersion", shouldDropLimitFieldForUnsupportedThanosVersion) + t.Run("shouldDropQueryOffsetFieldForUnsupportedPrometheusVersion", shouldDropQueryOffsetFieldForUnsupportedPrometheusVersion) t.Run("shouldAcceptRuleWithKeepFiringForPrometheus", shouldAcceptRuleWithKeepFiringForPrometheus) t.Run("shouldDropRuleFiringForThanos", shouldDropRuleFiringForThanos) t.Run("shouldAcceptRuleFiringForThanos", shouldAcceptRuleFiringForThanos) t.Run("shouldDropKeepFiringForFieldForUnsupportedPrometheusVersion", shouldDropKeepFiringForFieldForUnsupportedPrometheusVersion) + t.Run("shouldErrorOnTooLargePrometheusRule", shouldErrorOnTooLargePrometheusRule) } func newRuleSelectorForConfigGeneration(ruleFormat RuleConfigurationFormat, version semver.Version) PrometheusRuleSelector { + logger := slog.New(slog.NewTextHandler(os.Stdout, nil)) return PrometheusRuleSelector{ ruleFormat: ruleFormat, version: version, - logger: log.NewLogfmtLogger(log.NewSyncWriter(os.Stdout)), + logger: logger, } } @@ -329,6 +334,33 @@ func shouldAcceptRuleWithLimitThanos(t *testing.T) { require.Contains(t, content, "limit", "expected `limit` to be present in PrometheusRule") } +func shouldAcceptRuleWithQueryOffsetPrometheus(t *testing.T) { + var queryOffset monitoringv1.Duration = "30s" + rules := &monitoringv1.PrometheusRule{ + Spec: monitoringv1.PrometheusRuleSpec{Groups: []monitoringv1.RuleGroup{ + { + Name: "group", + Rules: []monitoringv1.Rule{ + { + Alert: "alert", + Expr: intstr.FromString("vector(1)"), + }, + }, + QueryOffset: &queryOffset, + }, + }}, + } + + promVersion, err := semver.ParseTolerant(DefaultPrometheusVersion) + require.NoError(t, err) + + pr := newRuleSelectorForConfigGeneration(PrometheusFormat, promVersion) + content, err := pr.generateRulesConfiguration(rules) + require.NoError(t, err) + + require.Contains(t, content, "query_offset", "expected `query_offset` to be present in PrometheusRule") +} + func shouldDropLimitFieldForUnsupportedPrometheusVersion(t *testing.T) { limit := 50 rules := &monitoringv1.PrometheusRule{ @@ -374,3 +406,52 @@ func shouldDropLimitFieldForUnsupportedThanosVersion(t *testing.T) { content, _ := pr.generateRulesConfiguration(rules) require.NotContains(t, content, "limit", "expected `limit` not to be present in PrometheusRule") } + +func shouldDropQueryOffsetFieldForUnsupportedPrometheusVersion(t *testing.T) { + var queryOffset monitoringv1.Duration = "30s" + rules := &monitoringv1.PrometheusRule{ + Spec: monitoringv1.PrometheusRuleSpec{Groups: []monitoringv1.RuleGroup{ + { + Name: "group", + Rules: []monitoringv1.Rule{ + { + Alert: "alert", + Expr: intstr.FromString("vector(1)"), + }, + }, + QueryOffset: &queryOffset, + }, + }}, + } + + promVersion, err := semver.ParseTolerant("v2.52.0") + require.NoError(t, err) + + pr := newRuleSelectorForConfigGeneration(PrometheusFormat, promVersion) + content, err := pr.generateRulesConfiguration(rules) + require.NoError(t, err) + + require.NotContains(t, content, "query_offset", "expected `query_offset` not to be present in PrometheusRule") +} + +func shouldErrorOnTooLargePrometheusRule(t *testing.T) { + ruleLbel := map[string]string{} + ruleLbel["label"] = strings.Repeat("a", MaxConfigMapDataSize+1) + + err := ValidateRule(monitoringv1.PrometheusRuleSpec{ + Groups: []monitoringv1.RuleGroup{ + { + Name: "group", + Rules: []monitoringv1.Rule{ + { + Record: "record", + Expr: intstr.FromString("vector(1)"), + Alert: "alert", + Labels: ruleLbel, + }, + }, + }, + }, + }) + require.NotEmpty(t, err, "expected ValidateRule to return error of size limit") +} diff --git a/pkg/operator/sharded_secret.go b/pkg/operator/sharded_secret.go index 5dcab3f3735..a07264aa8b6 100644 --- a/pkg/operator/sharded_secret.go +++ b/pkg/operator/sharded_secret.go @@ -17,7 +17,6 @@ package operator import ( "context" "fmt" - "sort" v1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -25,6 +24,7 @@ import ( "k8s.io/client-go/kubernetes" corev1 "k8s.io/client-go/kubernetes/typed/core/v1" + "github.com/prometheus-operator/prometheus-operator/internal/util" "github.com/prometheus-operator/prometheus-operator/pkg/k8sutil" ) @@ -59,18 +59,11 @@ func (s *ShardedSecret) updateSecrets(ctx context.Context, sClient corev1.Secret func (s *ShardedSecret) shard() []*v1.Secret { s.secretShards = []*v1.Secret{} - // Ensure that we always iterate over the keys in the same order. - keys := make([]string, 0, len(s.data)) - for k := range s.data { - keys = append(keys, k) - } - sort.Strings(keys) - currentIndex := 0 secretSize := 0 currentSecret := s.newSecretAt(currentIndex) - for _, key := range keys { + for _, key := range util.SortedKeys(s.data) { v := s.data[key] vSize := len(key) + len(v) if secretSize+vSize > MaxSecretDataSizeBytes { diff --git a/pkg/prometheus/agent/daemonset.go b/pkg/prometheus/agent/daemonset.go new file mode 100644 index 00000000000..d8e7f06a723 --- /dev/null +++ b/pkg/prometheus/agent/daemonset.go @@ -0,0 +1,238 @@ +// Copyright 2023 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package prometheusagent + +import ( + "fmt" + + appsv1 "k8s.io/api/apps/v1" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" + + monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" + "github.com/prometheus-operator/prometheus-operator/pkg/k8sutil" + "github.com/prometheus-operator/prometheus-operator/pkg/operator" + prompkg "github.com/prometheus-operator/prometheus-operator/pkg/prometheus" +) + +func makeDaemonSet( + p *monitoringv1alpha1.PrometheusAgent, + config prompkg.Config, + cg *prompkg.ConfigGenerator, + tlsSecrets *operator.ShardedSecret, +) (*appsv1.DaemonSet, error) { + cpf := p.GetCommonPrometheusFields() + objMeta := p.GetObjectMeta() + + if cpf.PortName == "" { + cpf.PortName = prompkg.DefaultPortName + } + + // We need to re-set the common fields because cpf is only a copy of the original object. + // We set some defaults if some fields are not present, and we want those fields set in the original Prometheus object before building the DaemonSetSpec. + p.SetCommonPrometheusFields(cpf) + + spec, err := makeDaemonSetSpec(p, config, cg, tlsSecrets) + if err != nil { + return nil, fmt.Errorf("make DaemonSet spec: %w", err) + } + daemonSet := &appsv1.DaemonSet{Spec: *spec} + + operator.UpdateObject( + daemonSet, + operator.WithName(prompkg.PrefixedName(p)), + operator.WithAnnotations(objMeta.GetAnnotations()), + operator.WithAnnotations(config.Annotations), + operator.WithLabels(objMeta.GetLabels()), + operator.WithLabels(map[string]string{ + prompkg.PrometheusNameLabelName: objMeta.GetName(), + prompkg.PrometheusModeLabeLName: prometheusMode, + }), + operator.WithLabels(config.Labels), + operator.WithManagingOwner(p), + operator.WithoutKubectlAnnotations(), + ) + + if len(cpf.ImagePullSecrets) > 0 { + daemonSet.Spec.Template.Spec.ImagePullSecrets = cpf.ImagePullSecrets + } + + return daemonSet, nil +} + +func makeDaemonSetSpec( + p *monitoringv1alpha1.PrometheusAgent, + c prompkg.Config, + cg *prompkg.ConfigGenerator, + tlsSecrets *operator.ShardedSecret, +) (*appsv1.DaemonSetSpec, error) { + cpf := p.GetCommonPrometheusFields() + + pImagePath, err := operator.BuildImagePathForAgent( + ptr.Deref(cpf.Image, ""), + c.PrometheusDefaultBaseImage, + "v"+cg.Version().String(), + ) + if err != nil { + return nil, err + } + + promArgs := buildAgentArgs(cg, cpf.WALCompression) + + volumes, promVolumeMounts, err := prompkg.BuildCommonVolumes(p, tlsSecrets, false) + if err != nil { + return nil, err + } + + configReloaderVolumeMounts := prompkg.CreateConfigReloaderVolumeMounts() + + var configReloaderWebConfigFile string + + confArg, configVol, configMount, err := prompkg.BuildWebconfig(cpf, p) + if err != nil { + return nil, err + } + + promArgs = append(promArgs, confArg) + volumes = append(volumes, configVol...) + promVolumeMounts = append(promVolumeMounts, configMount...) + + configReloaderWebConfigFile = confArg.Value + configReloaderVolumeMounts = append(configReloaderVolumeMounts, configMount...) + + startupProbe, readinessProbe, livenessProbe := cg.BuildProbes() + + podAnnotations, podLabels := cg.BuildPodMetadata() + // In cases where an existing selector label is modified, or a new one is added, new daemonset cannot match existing pods. + // We should try to avoid removing such immutable fields whenever possible since doing + // so forces us to enter the 'recreate cycle' and can potentially lead to downtime. + // The requirement to make a change here should be carefully evaluated. + podSelectorLabels := makeSelectorLabels(p.GetObjectMeta().GetName()) + + for k, v := range podSelectorLabels { + podLabels[k] = v + } + + finalSelectorLabels := c.Labels.Merge(podSelectorLabels) + finalLabels := c.Labels.Merge(podLabels) + + var additionalContainers, operatorInitContainers []v1.Container + + var watchedDirectories []string + + var minReadySeconds int32 + if cpf.MinReadySeconds != nil { + minReadySeconds = int32(*cpf.MinReadySeconds) + } + + operatorInitContainers = append(operatorInitContainers, + prompkg.BuildConfigReloader( + p, + c, + true, + configReloaderVolumeMounts, + watchedDirectories, + operator.WithDaemonSetMode(), + ), + ) + + initContainers, err := k8sutil.MergePatchContainers(operatorInitContainers, cpf.InitContainers) + if err != nil { + return nil, fmt.Errorf("failed to merge init containers spec: %w", err) + } + + containerArgs, err := operator.BuildArgs(promArgs, cpf.AdditionalArgs) + if err != nil { + return nil, err + } + + operatorContainers := append([]v1.Container{ + { + Name: "prometheus", + Image: pImagePath, + ImagePullPolicy: cpf.ImagePullPolicy, + Ports: prompkg.MakeContainerPorts(cpf), + Args: containerArgs, + VolumeMounts: promVolumeMounts, + StartupProbe: startupProbe, + LivenessProbe: livenessProbe, + ReadinessProbe: readinessProbe, + Resources: cpf.Resources, + TerminationMessagePolicy: v1.TerminationMessageFallbackToLogsOnError, + SecurityContext: &v1.SecurityContext{ + ReadOnlyRootFilesystem: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), + Capabilities: &v1.Capabilities{ + Drop: []v1.Capability{"ALL"}, + }, + }, + }, + prompkg.BuildConfigReloader( + p, + c, + false, + configReloaderVolumeMounts, + watchedDirectories, + operator.WebConfigFile(configReloaderWebConfigFile), + operator.WithDaemonSetMode(), + ), + }, additionalContainers...) + + containers, err := k8sutil.MergePatchContainers(operatorContainers, cpf.Containers) + if err != nil { + return nil, fmt.Errorf("failed to merge containers spec: %w", err) + } + + spec := appsv1.DaemonSetSpec{ + Selector: &metav1.LabelSelector{ + MatchLabels: finalSelectorLabels, + }, + MinReadySeconds: minReadySeconds, + Template: v1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: finalLabels, + Annotations: podAnnotations, + }, + Spec: v1.PodSpec{ + ShareProcessNamespace: prompkg.ShareProcessNamespace(p), + Containers: containers, + InitContainers: initContainers, + SecurityContext: cpf.SecurityContext, + ServiceAccountName: cpf.ServiceAccountName, + AutomountServiceAccountToken: ptr.To(ptr.Deref(cpf.AutomountServiceAccountToken, true)), + NodeSelector: cpf.NodeSelector, + PriorityClassName: cpf.PriorityClassName, + // Prometheus may take quite long to shut down to checkpoint existing data. + // Allow up to 10 minutes for clean termination. + TerminationGracePeriodSeconds: ptr.To(int64(600)), + Volumes: volumes, + Tolerations: cpf.Tolerations, + Affinity: cpf.Affinity, + TopologySpreadConstraints: prompkg.MakeK8sTopologySpreadConstraint(finalSelectorLabels, cpf.TopologySpreadConstraints), + HostAliases: operator.MakeHostAliases(cpf.HostAliases), + HostNetwork: cpf.HostNetwork, + }, + }, + } + + if cpf.HostNetwork { + spec.Template.Spec.DNSPolicy = v1.DNSClusterFirstWithHostNet + } + k8sutil.UpdateDNSPolicy(&spec.Template.Spec, cpf.DNSPolicy) + k8sutil.UpdateDNSConfig(&spec.Template.Spec, cpf.DNSConfig) + + return &spec, nil +} diff --git a/pkg/prometheus/agent/daemonset_test.go b/pkg/prometheus/agent/daemonset_test.go new file mode 100644 index 00000000000..e6d42673887 --- /dev/null +++ b/pkg/prometheus/agent/daemonset_test.go @@ -0,0 +1,182 @@ +// Copyright 2023 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package prometheusagent + +import ( + "strings" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + appsv1 "k8s.io/api/apps/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" + "github.com/prometheus-operator/prometheus-operator/pkg/operator" + prompkg "github.com/prometheus-operator/prometheus-operator/pkg/prometheus" +) + +func TestListenTLSForDaemonSet(t *testing.T) { + dset, err := makeDaemonSetFromPrometheus(monitoringv1alpha1.PrometheusAgent{ + Spec: makeSpecForTestListenTLS(), + }) + require.NoError(t, err) + + actualStartupProbe := dset.Spec.Template.Spec.Containers[0].StartupProbe + expectedStartupProbe := prompkg.MakeExpectedStartupProbe() + require.Equal(t, expectedStartupProbe, actualStartupProbe) + + actualLivenessProbe := dset.Spec.Template.Spec.Containers[0].LivenessProbe + expectedLivenessProbe := prompkg.MakeExpectedLivenessProbe() + require.Equal(t, expectedLivenessProbe, actualLivenessProbe) + + actualReadinessProbe := dset.Spec.Template.Spec.Containers[0].ReadinessProbe + expectedReadinessProbe := prompkg.MakeExpectedReadinessProbe() + require.Equal(t, expectedReadinessProbe, actualReadinessProbe) + + testCorrectArgs(t, dset.Spec.Template.Spec.Containers[1].Args, dset.Spec.Template.Spec.Containers) +} + +func TestPrometheusAgentCommandLineFlagForDaemonSet(t *testing.T) { + tests := []struct { + version string + expectedArg string + shouldContain bool + }{ + {"v3.0.0", "--agent", true}, + {"v3.0.0-beta.0", "--agent", true}, + {"v2.53.0", "--agent", false}, + } + + for _, test := range tests { + sset, err := makeStatefulSetFromPrometheus(monitoringv1alpha1.PrometheusAgent{ + Spec: monitoringv1alpha1.PrometheusAgentSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Version: test.version, + }, + }, + }) + require.NoError(t, err) + + promArgs := sset.Spec.Template.Spec.Containers[0].Args + found := false + for _, flag := range promArgs { + if flag == test.expectedArg { + found = true + break + } + } + require.Equal(t, test.shouldContain, found) + } +} + +func TestStartupProbeTimeoutSecondsForDaemonSet(t *testing.T) { + testcases := createTestCasesForTestStartupProbeTimeoutSeconds() + + for _, test := range testcases { + dset, err := makeDaemonSetFromPrometheus( + makePrometheusAgentForTestStartupProbeTimeoutSeconds(test.maximumStartupDurationSeconds)) + + require.NoError(t, err) + require.NotNil(t, dset.Spec.Template.Spec.Containers[0].StartupProbe) + require.Equal(t, test.expectedStartupPeriodSeconds, dset.Spec.Template.Spec.Containers[0].StartupProbe.PeriodSeconds) + require.Equal(t, test.expectedStartupFailureThreshold, dset.Spec.Template.Spec.Containers[0].StartupProbe.FailureThreshold) + } +} + +func makeDaemonSetFromPrometheus(p monitoringv1alpha1.PrometheusAgent) (*appsv1.DaemonSet, error) { + logger := prompkg.NewLogger() + cg, err := prompkg.NewConfigGenerator(logger, &p) + if err != nil { + return nil, err + } + + return makeDaemonSet( + &p, + defaultTestConfig, + cg, + &operator.ShardedSecret{}) +} + +func TestPodTopologySpreadConstraintWithAdditionalLabelsForDaemonSet(t *testing.T) { + testcases := createTestCasesForTestPodTopologySpreadConstraintWithAdditionalLabels() + + for _, tc := range testcases { + t.Run(tc.name, func(t *testing.T) { + dms, err := makeDaemonSetFromPrometheus(makePrometheusAgentForTestPodTopologySpreadConstraintWithAdditionalLabels(tc.spec)) + + require.NoError(t, err) + + assert.NotEmpty(t, dms.Spec.Template.Spec.TopologySpreadConstraints) + assert.Equal(t, tc.tsc, dms.Spec.Template.Spec.TopologySpreadConstraints[0]) + }) + } +} + +func TestAutomountServiceAccountTokenForDaemonSet(t *testing.T) { + testcases := createTestCasesForTestAutomountServiceAccountToken() + + for _, tc := range testcases { + t.Run(tc.name, func(t *testing.T) { + dset, err := makeDaemonSetFromPrometheus(makePrometheusAgentForTestAutomountServiceAccountToken(tc.automountServiceAccountToken)) + require.NoError(t, err) + require.NotNil(t, dset.Spec.Template.Spec.AutomountServiceAccountToken) + require.Equal(t, tc.expectedValue, *dset.Spec.Template.Spec.AutomountServiceAccountToken) + }) + } +} + +func TestDaemonSetLabelingAndAnnotations(t *testing.T) { + labels := map[string]string{ + "testlabel": "testlabelvalue", + } + annotations := map[string]string{ + "testannotation": "testannotationvalue", + "kubectl.kubernetes.io/last-applied-configuration": "something", + "kubectl.kubernetes.io/something": "something", + } + // kubectl annotations must not be on the daemonset so kubectl does + // not manage the generated object + expectedDaemonSetAnnotations := map[string]string{ + "testannotation": "testannotationvalue", + } + + expectedDaemonSetLabels := map[string]string{ + "testlabel": "testlabelvalue", + "operator.prometheus.io/name": "", + "operator.prometheus.io/mode": "agent", + "managed-by": "prometheus-operator", + } + + expectedPodLabels := map[string]string{ + "app.kubernetes.io/name": "prometheus-agent", + "app.kubernetes.io/version": strings.TrimPrefix(operator.DefaultPrometheusVersion, "v"), + "app.kubernetes.io/managed-by": "prometheus-operator", + "app.kubernetes.io/instance": "", + "operator.prometheus.io/name": "", + } + + dset, err := makeDaemonSetFromPrometheus(monitoringv1alpha1.PrometheusAgent{ + ObjectMeta: metav1.ObjectMeta{ + Labels: labels, + Annotations: annotations, + }, + }) + require.NoError(t, err) + require.Equal(t, expectedDaemonSetLabels, dset.Labels) + require.Equal(t, expectedDaemonSetAnnotations, dset.Annotations) + require.Equal(t, expectedPodLabels, dset.Spec.Template.ObjectMeta.Labels) +} diff --git a/pkg/prometheus/agent/operator.go b/pkg/prometheus/agent/operator.go index 543a79fc366..1af485075be 100644 --- a/pkg/prometheus/agent/operator.go +++ b/pkg/prometheus/agent/operator.go @@ -17,12 +17,10 @@ package prometheusagent import ( "context" "fmt" - "regexp" + "log/slog" "strings" "time" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/mitchellh/hashstructure" "github.com/prometheus/client_golang/prometheus" appsv1 "k8s.io/api/apps/v1" @@ -31,7 +29,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/kubernetes" "k8s.io/client-go/metadata" "k8s.io/client-go/rest" @@ -56,9 +53,6 @@ const ( controllerName = "prometheusagent-controller" ) -var prometheusAgentKeyInShardStatefulSet = regexp.MustCompile("^(.+)/prom-agent-(.+)-shard-[1-9][0-9]*$") -var prometheusAgentKeyInStatefulSet = regexp.MustCompile("^(.+)/prom-agent-(.+)$") - // Operator manages life cycle of Prometheus agent deployments and // monitoring configurations. type Operator struct { @@ -66,7 +60,8 @@ type Operator struct { mdClient metadata.Interface mclient monitoringclient.Interface - logger log.Logger + logger *slog.Logger + accessor *operator.Accessor controllerID string @@ -82,25 +77,53 @@ type Operator struct { cmapInfs *informers.ForResource secrInfs *informers.ForResource ssetInfs *informers.ForResource + dsetInfs *informers.ForResource rr *operator.ResourceReconciler metrics *operator.Metrics reconciliations *operator.ReconciliationTracker - config prompkg.Config - endpointSliceSupported bool + config prompkg.Config + + endpointSliceSupported bool // Whether the Kubernetes API suports the EndpointSlice kind. scrapeConfigSupported bool canReadStorageClass bool eventRecorder record.EventRecorder statusReporter prompkg.StatusReporter + + daemonSetFeatureGateEnabled bool +} + +type ControllerOption func(*Operator) + +// WithEndpointSlice tells that the Kubernetes API supports the Endpointslice resource. +func WithEndpointSlice() ControllerOption { + return func(o *Operator) { + o.endpointSliceSupported = true + } +} + +// WithScrapeConfig tells that the controller manages ScrapeConfig objects. +func WithScrapeConfig() ControllerOption { + return func(o *Operator) { + o.scrapeConfigSupported = true + } +} + +// WithStorageClassValidation tells that the controller should verify that the +// Prometheus spec references a valid StorageClass name. +func WithStorageClassValidation() ControllerOption { + return func(o *Operator) { + o.canReadStorageClass = true + } } // New creates a new controller. -func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger log.Logger, r prometheus.Registerer, scrapeConfigSupported, canReadStorageClass bool, erf operator.EventRecorderFactory) (*Operator, error) { - logger = log.With(logger, "component", controllerName) +func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger *slog.Logger, r prometheus.Registerer, options ...ControllerOption) (*Operator, error) { + logger = logger.With("component", controllerName) client, err := kubernetes.NewForConfig(restConfig) if err != nil { @@ -133,25 +156,17 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger Annotations: c.Annotations, Labels: c.Labels, }, - metrics: operator.NewMetrics(r), - reconciliations: &operator.ReconciliationTracker{}, - controllerID: c.ControllerID, - scrapeConfigSupported: scrapeConfigSupported, - canReadStorageClass: canReadStorageClass, - eventRecorder: erf(client, controllerName), + metrics: operator.NewMetrics(r), + reconciliations: &operator.ReconciliationTracker{}, + controllerID: c.ControllerID, + eventRecorder: c.EventRecorderFactory(client, controllerName), } o.metrics.MustRegister( o.reconciliations, ) - - o.rr = operator.NewResourceReconciler( - o.logger, - o, - o.metrics, - monitoringv1alpha1.PrometheusAgentsKind, - r, - o.controllerID, - ) + for _, opt := range options { + opt(o) + } o.promInfs, err = informers.NewInformersForResource( informers.NewMonitoringInformerFactories( @@ -173,9 +188,18 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger for _, informer := range o.promInfs.GetInformers() { promStores = append(promStores, informer.Informer().GetStore()) } - o.metrics.MustRegister(prompkg.NewCollectorForStores(promStores...)) + o.rr = operator.NewResourceReconciler( + o.logger, + o, + o.promInfs, + o.metrics, + monitoringv1alpha1.PrometheusAgentsKind, + r, + o.controllerID, + ) + o.smonInfs, err = informers.NewInformersForResource( informers.NewMonitoringInformerFactories( c.Namespaces.AllowList, @@ -258,7 +282,8 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger o.mdClient, resyncPeriod, func(options *metav1.ListOptions) { - options.FieldSelector = c.SecretListWatchSelector.String() + options.FieldSelector = c.SecretListWatchFieldSelector.String() + options.LabelSelector = c.SecretListWatchLabelSelector.String() }, ), v1.SchemeGroupVersion.WithResource(string(v1.ResourceSecrets)), @@ -282,6 +307,24 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger return nil, fmt.Errorf("error creating statefulset informers: %w", err) } + if c.Gates.Enabled(operator.PrometheusAgentDaemonSetFeature) { + o.daemonSetFeatureGateEnabled = true + + o.dsetInfs, err = informers.NewInformersForResource( + informers.NewKubeInformerFactories( + c.Namespaces.PrometheusAllowList, + c.Namespaces.DenyList, + o.kclient, + resyncPeriod, + nil, + ), + appsv1.SchemeGroupVersion.WithResource("daemonsets"), + ) + if err != nil { + return nil, fmt.Errorf("error creating daemonset informers: %w", err) + } + } + newNamespaceInformer := func(o *Operator, allowList map[string]struct{}) (cache.SharedIndexInformer, error) { lw, privileged, err := listwatch.NewNamespaceListWatchFromClient( ctx, @@ -296,7 +339,7 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger return nil, err } - level.Debug(o.logger).Log("msg", "creating namespace informer", "privileged", privileged) + logger.Debug("creating namespace informer", "privileged", privileged) return cache.NewSharedIndexInformer( o.metrics.NewInstrumentedListerWatcher(lw), &v1.Namespace{}, resyncPeriod, cache.Indexers{}, @@ -317,16 +360,6 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger } } - endpointSliceSupported, err := k8sutil.IsAPIGroupVersionResourceSupported(o.kclient.Discovery(), schema.GroupVersion{Group: "discovery.k8s.io", Version: "v1"}, "endpointslices") - if err != nil { - level.Warn(o.logger).Log("msg", "failed to check if the API supports the endpointslice resources", "err ", err) - } - level.Info(o.logger).Log("msg", "Kubernetes API capabilities", "endpointslices", endpointSliceSupported) - // The operator doesn't yet support the endpointslices API. - // See https://github.com/prometheus-operator/prometheus-operator/issues/3862 - // for details. - o.endpointSliceSupported = false - o.statusReporter = prompkg.StatusReporter{ Kclient: o.kclient, Reconciliations: o.reconciliations, @@ -352,6 +385,9 @@ func (c *Operator) Run(ctx context.Context) error { go c.cmapInfs.Start(ctx.Done()) go c.secrInfs.Start(ctx.Done()) go c.ssetInfs.Start(ctx.Done()) + if c.dsetInfs != nil { + go c.dsetInfs.Start(ctx.Done()) + } go c.nsMonInf.Run(ctx.Done()) if c.nsPromInf != c.nsMonInf { go c.nsPromInf.Run(ctx.Done()) @@ -381,7 +417,7 @@ func (c *Operator) Iterate(processFn func(metav1.Object, []monitoringv1.Conditio p := o.(*monitoringv1alpha1.PrometheusAgent) processFn(p, p.Status.Conditions) }); err != nil { - level.Error(c.logger).Log("msg", "failed to list PrometheusAgent objects", "err", err) + c.logger.Error("failed to list PrometheusAgent objects", "err", err) } } @@ -404,6 +440,7 @@ func (c *Operator) waitForCacheSync(ctx context.Context) error { {"ConfigMap", c.cmapInfs}, {"Secret", c.secrInfs}, {"StatefulSet", c.ssetInfs}, + {"DaemonSet", c.dsetInfs}, } { // Skipping informers that were not started. If prerequisites for a CRD were not met, their informer will be // nil. ScrapeConfig is one example. @@ -412,7 +449,7 @@ func (c *Operator) waitForCacheSync(ctx context.Context) error { } for _, inf := range infs.informersForResource.GetInformers() { - if !operator.WaitForNamedCacheSync(ctx, "prometheusagent", log.With(c.logger, "informer", infs.name), inf.Informer()) { + if !operator.WaitForNamedCacheSync(ctx, "prometheusagent", c.logger.With("informer", infs.name), inf.Informer()) { return fmt.Errorf("failed to sync cache for %s informer", infs.name) } } @@ -425,12 +462,12 @@ func (c *Operator) waitForCacheSync(ctx context.Context) error { {"PromNamespace", c.nsPromInf}, {"MonNamespace", c.nsMonInf}, } { - if !operator.WaitForNamedCacheSync(ctx, "prometheusagent", log.With(c.logger, "informer", inf.name), inf.informer) { + if !operator.WaitForNamedCacheSync(ctx, "prometheusagent", c.logger.With("informer", inf.name), inf.informer) { return fmt.Errorf("failed to sync cache for %s informer", inf.name) } } - level.Info(c.logger).Log("msg", "successfully synced all caches") + c.logger.Info("successfully synced all caches") return nil } @@ -440,6 +477,10 @@ func (c *Operator) addHandlers() { c.ssetInfs.AddEventHandler(c.rr) + if c.dsetInfs != nil { + c.dsetInfs.AddEventHandler(c.rr) + } + c.smonInfs.AddEventHandler(operator.NewEventHandler( c.logger, c.accessor, @@ -500,75 +541,139 @@ func (c *Operator) addHandlers() { }) } -// Resolve implements the operator.Syncer interface. -func (c *Operator) Resolve(ss *appsv1.StatefulSet) metav1.Object { - key, ok := c.accessor.MetaNamespaceKey(ss) - if !ok { +// Sync implements the operator.Syncer interface. +// TODO: Consider refactoring the common code between syncDaemonSet() and syncStatefulSet(). +func (c *Operator) Sync(ctx context.Context, key string) error { + pobj, err := c.promInfs.Get(key) + + if apierrors.IsNotFound(err) { + c.reconciliations.ForgetObject(key) + // Dependent resources are cleaned up by K8s via OwnerReferences return nil } + if err != nil { + return err + } + + p := pobj.(*monitoringv1alpha1.PrometheusAgent) + p = p.DeepCopy() + if ptr.Deref(p.Spec.Mode, "StatefulSet") == "DaemonSet" { + err = c.syncDaemonSet(ctx, key, p) + } else { + err = c.syncStatefulSet(ctx, key, p) + } + c.reconciliations.SetStatus(key, err) + return err +} + +func (c *Operator) syncDaemonSet(ctx context.Context, key string, p *monitoringv1alpha1.PrometheusAgent) error { + if !c.daemonSetFeatureGateEnabled { + return fmt.Errorf("feature gate for Prometheus Agent's DaemonSet mode is not enabled") + } - match, promKey := statefulSetKeyToPrometheusAgentKey(key) - if !match { - level.Debug(c.logger).Log("msg", "StatefulSet key did not match a Prometheus Agent key format", "key", key) + if err := k8sutil.AddTypeInformationToObject(p); err != nil { + return fmt.Errorf("failed to set Prometheus type information: %w", err) + } + + logger := c.logger.With("key", key) + + // Check if the Agent instance is marked for deletion. + if c.rr.DeletionInProgress(p) { return nil } - p, err := c.promInfs.Get(promKey) - if apierrors.IsNotFound(err) { + if p.Spec.Paused { + logger.Info("the resource is paused, not reconciling") return nil } + logger.Info("sync prometheus") + + opts := []prompkg.ConfigGeneratorOption{prompkg.WithDaemonSet()} + if c.endpointSliceSupported { + opts = append(opts, prompkg.WithEndpointSliceSupport()) + } + cg, err := prompkg.NewConfigGenerator(c.logger, p, opts...) if err != nil { - level.Error(c.logger).Log("msg", "Prometheus lookup failed", "err", err) - return nil + return err } - return p.(*monitoringv1alpha1.PrometheusAgent) -} + assetStore := assets.NewStoreBuilder(c.kclient.CoreV1(), c.kclient.CoreV1()) + if err := c.createOrUpdateConfigurationSecret(ctx, p, cg, assetStore); err != nil { + return fmt.Errorf("creating config failed: %w", err) + } -func statefulSetKeyToPrometheusAgentKey(key string) (bool, string) { - r := prometheusAgentKeyInStatefulSet - if prometheusAgentKeyInShardStatefulSet.MatchString(key) { - r = prometheusAgentKeyInShardStatefulSet + tlsAssets, err := operator.ReconcileShardedSecret(ctx, assetStore.TLSAssets(), c.kclient, prompkg.NewTLSAssetSecret(p, c.config)) + if err != nil { + return fmt.Errorf("failed to reconcile the TLS secrets: %w", err) } - matches := r.FindAllStringSubmatch(key, 2) - if len(matches) != 1 { - return false, "" + if err := c.createOrUpdateWebConfigSecret(ctx, p); err != nil { + return fmt.Errorf("synchronizing web config secret failed: %w", err) } - if len(matches[0]) != 3 { - return false, "" + + dsetClient := c.kclient.AppsV1().DaemonSets(p.Namespace) + + logger.Debug("reconciling daemonset") + + _, err = c.dsetInfs.Get(keyToDaemonSetKey(p, key)) + exists := !apierrors.IsNotFound(err) + if err != nil && !apierrors.IsNotFound(err) { + return fmt.Errorf("retrieving daemonset failed: %w", err) } - return true, matches[0][1] + "/" + matches[0][2] -} -// Sync implements the operator.Syncer interface. -func (c *Operator) Sync(ctx context.Context, key string) error { - err := c.sync(ctx, key) - c.reconciliations.SetStatus(key, err) + dset, err := makeDaemonSet( + p, + c.config, + cg, + tlsAssets) + if err != nil { + return fmt.Errorf("making daemonset failed: %w", err) + } - return err -} + if !exists { + logger.Debug("no current daemonset found") + logger.Debug("creating daemonset") + if _, err := dsetClient.Create(ctx, dset, metav1.CreateOptions{}); err != nil { + return fmt.Errorf("creating daemonset failed: %w", err) + } -func (c *Operator) sync(ctx context.Context, key string) error { - pobj, err := c.promInfs.Get(key) + logger.Info("daemonset successfully created") + return nil + } - if apierrors.IsNotFound(err) { - c.reconciliations.ForgetObject(key) - // Dependent resources are cleaned up by K8s via OwnerReferences + err = k8sutil.UpdateDaemonSet(ctx, dsetClient, dset) + sErr, ok := err.(*apierrors.StatusError) + + if ok && sErr.ErrStatus.Code == 422 && sErr.ErrStatus.Reason == metav1.StatusReasonInvalid { + // Gather only reason for failed update + failMsg := make([]string, len(sErr.ErrStatus.Details.Causes)) + for i, cause := range sErr.ErrStatus.Details.Causes { + failMsg[i] = cause.Message + } + + logger.Info("recreating DaemonSet because the update operation wasn't possible", "reason", strings.Join(failMsg, ", ")) + + propagationPolicy := metav1.DeletePropagationForeground + if err := dsetClient.Delete(ctx, dset.GetName(), metav1.DeleteOptions{PropagationPolicy: &propagationPolicy}); err != nil { + return fmt.Errorf("failed to delete DaemonSet to avoid forbidden action: %w", err) + } return nil } + if err != nil { - return err + return fmt.Errorf("updating DaemonSet failed: %w", err) } - p := pobj.(*monitoringv1alpha1.PrometheusAgent) - p = p.DeepCopy() + return nil +} + +func (c *Operator) syncStatefulSet(ctx context.Context, key string, p *monitoringv1alpha1.PrometheusAgent) error { if err := k8sutil.AddTypeInformationToObject(p); err != nil { return fmt.Errorf("failed to set Prometheus type information: %w", err) } - logger := log.With(c.logger, "key", key) + logger := c.logger.With("key", key) // Check if the Agent instance is marked for deletion. if c.rr.DeletionInProgress(p) { @@ -576,17 +681,21 @@ func (c *Operator) sync(ctx context.Context, key string) error { } if p.Spec.Paused { - level.Info(logger).Log("msg", "the resource is paused, not reconciling") + logger.Info("the resource is paused, not reconciling") return nil } - level.Info(logger).Log("msg", "sync prometheus") + logger.Info("sync prometheus") if err := operator.CheckStorageClass(ctx, c.canReadStorageClass, c.kclient, p.Spec.Storage); err != nil { return err } - cg, err := prompkg.NewConfigGenerator(c.logger, p, c.endpointSliceSupported) + opts := []prompkg.ConfigGeneratorOption{} + if c.endpointSliceSupported { + opts = append(opts, prompkg.WithEndpointSliceSupport()) + } + cg, err := prompkg.NewConfigGenerator(c.logger, p, opts...) if err != nil { return err } @@ -607,7 +716,7 @@ func (c *Operator) sync(ctx context.Context, key string) error { // Create governing service if it doesn't exist. svcClient := c.kclient.CoreV1().Services(p.Namespace) - if err := k8sutil.CreateOrUpdateService(ctx, svcClient, makeStatefulSetService(p, c.config)); err != nil { + if _, err := k8sutil.CreateOrUpdateService(ctx, svcClient, makeStatefulSetService(p, c.config)); err != nil { return fmt.Errorf("synchronizing governing service failed: %w", err) } @@ -616,8 +725,8 @@ func (c *Operator) sync(ctx context.Context, key string) error { // Ensure we have a StatefulSet running Prometheus Agent deployed and that StatefulSet names are created correctly. expected := prompkg.ExpectedStatefulSetShardNames(p) for shard, ssetName := range expected { - logger := log.With(logger, "statefulset", ssetName, "shard", fmt.Sprintf("%d", shard)) - level.Debug(logger).Log("msg", "reconciling statefulset") + logger := logger.With("statefulset", ssetName, "shard", fmt.Sprintf("%d", shard)) + logger.Debug("reconciling statefulset") obj, err := c.ssetInfs.Get(prompkg.KeyToStatefulSetKey(p, key, shard)) exists := !apierrors.IsNotFound(err) @@ -648,7 +757,7 @@ func (c *Operator) sync(ctx context.Context, key string) error { sset, err := makeStatefulSet( ssetName, p, - &c.config, + c.config, cg, newSSetInputHash, int32(shard), @@ -659,23 +768,22 @@ func (c *Operator) sync(ctx context.Context, key string) error { operator.SanitizeSTS(sset) if !exists { - level.Debug(logger).Log("msg", "no current statefulset found") - level.Debug(logger).Log("msg", "creating statefulset") + logger.Debug("no current statefulset found") + logger.Debug("creating statefulset") if _, err := ssetClient.Create(ctx, sset, metav1.CreateOptions{}); err != nil { return fmt.Errorf("creating statefulset failed: %w", err) } continue } - if newSSetInputHash == existingStatefulSet.ObjectMeta.Annotations[prompkg.SSetInputHashName] { - level.Debug(logger).Log("msg", "new statefulset generation inputs match current, skipping any actions") + if newSSetInputHash == existingStatefulSet.ObjectMeta.Annotations[operator.InputHashAnnotationName] { + logger.Debug("new statefulset generation inputs match current, skipping any actions") continue } - level.Debug(logger).Log( - "msg", "updating current statefulset because of hash divergence", + logger.Debug("updating current statefulset because of hash divergence", "new_hash", newSSetInputHash, - "existing_hash", existingStatefulSet.ObjectMeta.Annotations[prompkg.SSetInputHashName], + "existing_hash", existingStatefulSet.ObjectMeta.Annotations[operator.InputHashAnnotationName], ) err = k8sutil.UpdateStatefulSet(ctx, ssetClient, sset) @@ -690,7 +798,7 @@ func (c *Operator) sync(ctx context.Context, key string) error { failMsg[i] = cause.Message } - level.Info(logger).Log("msg", "recreating StatefulSet because the update operation wasn't possible", "reason", strings.Join(failMsg, ", ")) + logger.Info("recreating StatefulSet because the update operation wasn't possible", "reason", strings.Join(failMsg, ", ")) propagationPolicy := metav1.DeletePropagationForeground if err := ssetClient.Delete(ctx, sset.GetName(), metav1.DeleteOptions{PropagationPolicy: &propagationPolicy}); err != nil { @@ -722,9 +830,8 @@ func (c *Operator) sync(ctx context.Context, key string) error { return } - propagationPolicy := metav1.DeletePropagationForeground - if err := ssetClient.Delete(ctx, s.GetName(), metav1.DeleteOptions{PropagationPolicy: &propagationPolicy}); err != nil { - level.Error(c.logger).Log("err", err, "name", s.GetName(), "namespace", s.GetNamespace()) + if err := ssetClient.Delete(ctx, s.GetName(), metav1.DeleteOptions{PropagationPolicy: ptr.To(metav1.DeletePropagationForeground)}); err != nil { + c.logger.Error("failed to delete StatefulSet object", "err", err, "name", s.GetName(), "namespace", s.GetNamespace()) } }) if err != nil { @@ -735,7 +842,10 @@ func (c *Operator) sync(ctx context.Context, key string) error { } func (c *Operator) createOrUpdateConfigurationSecret(ctx context.Context, p *monitoringv1alpha1.PrometheusAgent, cg *prompkg.ConfigGenerator, store *assets.StoreBuilder) error { - resourceSelector := prompkg.NewResourceSelector(c.logger, p, store, c.nsMonInf, c.metrics, c.eventRecorder) + resourceSelector, err := prompkg.NewResourceSelector(c.logger, p, store, c.nsMonInf, c.metrics, c.eventRecorder) + if err != nil { + return err + } smons, err := resourceSelector.SelectServiceMonitors(ctx, c.smonInfs.ListAllByNamespace) if err != nil { @@ -797,7 +907,7 @@ func (c *Operator) createOrUpdateConfigurationSecret(ctx context.Context, p *mon return fmt.Errorf("creating compressed secret failed: %w", err) } - level.Debug(c.logger).Log("msg", "updating Prometheus configuration secret") + c.logger.Debug("updating Prometheus configuration secret") return k8sutil.CreateOrUpdateSecret(ctx, sClient, s) } @@ -868,7 +978,7 @@ func (c *Operator) UpdateStatus(ctx context.Context, key string) error { p.Status.Shards = ptr.Deref(p.Spec.Shards, 1) if _, err = c.mclient.MonitoringV1alpha1().PrometheusAgents(p.Namespace).ApplyStatus(ctx, prompkg.ApplyConfigurationFromPrometheusAgent(p, true), metav1.ApplyOptions{FieldManager: operator.PrometheusOperatorFieldManager, Force: true}); err != nil { - level.Info(c.logger).Log("msg", "failed to apply prometheus status subresource, trying again without scale fields", "err", err) + c.logger.Info("failed to apply prometheus status subresource, trying again without scale fields", "err", err) // Try again, but this time does not update scale subresource. if _, err = c.mclient.MonitoringV1alpha1().PrometheusAgents(p.Namespace).ApplyStatus(ctx, prompkg.ApplyConfigurationFromPrometheusAgent(p, false), metav1.ApplyOptions{FieldManager: operator.PrometheusOperatorFieldManager, Force: true}); err != nil { return fmt.Errorf("failed to Apply prometheus agent status subresource: %w", err) @@ -921,16 +1031,14 @@ func (c *Operator) enqueueForMonitorNamespace(nsName string) { func (c *Operator) enqueueForNamespace(store cache.Store, nsName string) { nsObject, exists, err := store.GetByKey(nsName) if err != nil { - level.Error(c.logger).Log( - "msg", "get namespace to enqueue Prometheus instances failed", + c.logger.Error( + "get namespace to enqueue Prometheus instances failed", "err", err, ) return } if !exists { - level.Error(c.logger).Log( - "msg", fmt.Sprintf("get namespace to enqueue Prometheus instances failed: namespace %q does not exist", nsName), - ) + c.logger.Error(fmt.Sprintf("get namespace to enqueue Prometheus instances failed: namespace %q does not exist", nsName)) return } ns := nsObject.(*v1.Namespace) @@ -947,8 +1055,8 @@ func (c *Operator) enqueueForNamespace(store cache.Store, nsName string) { // the namespace. smNSSelector, err := metav1.LabelSelectorAsSelector(p.Spec.ServiceMonitorNamespaceSelector) if err != nil { - level.Error(c.logger).Log( - "msg", fmt.Sprintf("failed to convert ServiceMonitorNamespaceSelector of %q to selector", p.Name), + c.logger.Error( + fmt.Sprintf("failed to convert ServiceMonitorNamespaceSelector of %q to selector", p.Name), "err", err, ) return @@ -962,8 +1070,8 @@ func (c *Operator) enqueueForNamespace(store cache.Store, nsName string) { // Check for Prometheus instances selecting PodMonitors in the NS. pmNSSelector, err := metav1.LabelSelectorAsSelector(p.Spec.PodMonitorNamespaceSelector) if err != nil { - level.Error(c.logger).Log( - "msg", fmt.Sprintf("failed to convert PodMonitorNamespaceSelector of %q to selector", p.Name), + c.logger.Error( + fmt.Sprintf("failed to convert PodMonitorNamespaceSelector of %q to selector", p.Name), "err", err, ) return @@ -977,8 +1085,8 @@ func (c *Operator) enqueueForNamespace(store cache.Store, nsName string) { // Check for Prometheus instances selecting Probes in the NS. bmNSSelector, err := metav1.LabelSelectorAsSelector(p.Spec.ProbeNamespaceSelector) if err != nil { - level.Error(c.logger).Log( - "msg", fmt.Sprintf("failed to convert ProbeNamespaceSelector of %q to selector", p.Name), + c.logger.Error( + fmt.Sprintf("failed to convert ProbeNamespaceSelector of %q to selector", p.Name), "err", err, ) return @@ -991,23 +1099,20 @@ func (c *Operator) enqueueForNamespace(store cache.Store, nsName string) { // Check for Prometheus instances selecting Probes in the NS. ScrapeConfigNSSelector, err := metav1.LabelSelectorAsSelector(p.Spec.ScrapeConfigNamespaceSelector) if err != nil { - level.Error(c.logger).Log( - "msg", fmt.Sprintf("failed to convert ScrapeConfigNamespaceSelector of %q to selector", p.Name), + c.logger.Error( + fmt.Sprintf("failed to convert ScrapeConfigNamespaceSelector of %q to selector", p.Name), "err", err, ) return } - level.Info(c.logger).Log("msg", "we are gonna check if it Matches") - if ScrapeConfigNSSelector.Matches(labels.Set(ns.Labels)) { c.rr.EnqueueForReconciliation(p) return } }) if err != nil { - level.Error(c.logger).Log( - "msg", "listing all Prometheus instances from cache failed", + c.logger.Error("listing all Prometheus instances from cache failed", "err", err, ) } @@ -1018,7 +1123,7 @@ func (c *Operator) handleMonitorNamespaceUpdate(oldo, curo interface{}) { old := oldo.(*v1.Namespace) cur := curo.(*v1.Namespace) - level.Debug(c.logger).Log("msg", "update handler", "namespace", cur.GetName(), "old", old.ResourceVersion, "cur", cur.ResourceVersion) + c.logger.Debug("update handler", "namespace", cur.GetName(), "old", old.ResourceVersion, "cur", cur.ResourceVersion) // Periodic resync may resend the Namespace without changes // in-between. @@ -1026,7 +1131,7 @@ func (c *Operator) handleMonitorNamespaceUpdate(oldo, curo interface{}) { return } - level.Debug(c.logger).Log("msg", "Monitor namespace updated", "namespace", cur.GetName()) + c.logger.Debug("Monitor namespace updated", "namespace", cur.GetName()) c.metrics.TriggerByCounter("Namespace", operator.UpdateEvent).Inc() // Check for Prometheus Agent instances selecting ServiceMonitors, PodMonitors, @@ -1042,7 +1147,8 @@ func (c *Operator) handleMonitorNamespaceUpdate(oldo, curo interface{}) { sync, err := k8sutil.LabelSelectionHasChanged(old.Labels, cur.Labels, selector) if err != nil { - level.Error(c.logger).Log( + c.logger.Error( + "failed to detect label selection change", "err", err, "name", p.Name, "namespace", p.Namespace, @@ -1058,8 +1164,7 @@ func (c *Operator) handleMonitorNamespaceUpdate(oldo, curo interface{}) { } }) if err != nil { - level.Error(c.logger).Log( - "msg", "listing all Prometheus Agent instances from cache failed", + c.logger.Error("listing all Prometheus Agent instances from cache failed", "err", err, ) } @@ -1083,3 +1188,8 @@ func makeSelectorLabels(name string) map[string]string { prompkg.PrometheusNameLabelName: name, } } + +func keyToDaemonSetKey(p monitoringv1.PrometheusInterface, key string) string { + keyParts := strings.Split(key, "/") + return fmt.Sprintf("%s/%s", keyParts[0], fmt.Sprintf("%s-%s", prompkg.Prefix(p), keyParts[1])) +} diff --git a/pkg/prometheus/agent/statefulset.go b/pkg/prometheus/agent/statefulset.go index 5c742526b18..c3a11837a92 100644 --- a/pkg/prometheus/agent/statefulset.go +++ b/pkg/prometheus/agent/statefulset.go @@ -16,9 +16,7 @@ package prometheusagent import ( "fmt" - "strings" - "golang.org/x/exp/slices" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -39,8 +37,8 @@ const ( func makeStatefulSet( name string, - p monitoringv1.PrometheusInterface, - config *prompkg.Config, + p *monitoringv1alpha1.PrometheusAgent, + config prompkg.Config, cg *prompkg.ConfigGenerator, inputHash string, shard int32, @@ -63,23 +61,13 @@ func makeStatefulSet( return nil, fmt.Errorf("make StatefulSet spec: %w", err) } - annotations := map[string]string{ - prompkg.SSetInputHashName: inputHash, - } - - // do not transfer kubectl annotations to the statefulset so it is not - // pruned by kubectl - for key, value := range objMeta.GetAnnotations() { - if key != prompkg.SSetInputHashName && !strings.HasPrefix(key, "kubectl.kubernetes.io/") { - annotations[key] = value - } - } statefulset := &appsv1.StatefulSet{Spec: *spec} operator.UpdateObject( statefulset, operator.WithName(name), - operator.WithAnnotations(annotations), + operator.WithInputHashAnnotation(inputHash), + operator.WithAnnotations(objMeta.GetAnnotations()), operator.WithAnnotations(config.Annotations), operator.WithLabels(objMeta.GetLabels()), operator.WithLabels(map[string]string{ @@ -89,36 +77,40 @@ func makeStatefulSet( }), operator.WithLabels(config.Labels), operator.WithManagingOwner(p), + operator.WithoutKubectlAnnotations(), ) - if cpf.ImagePullSecrets != nil && len(cpf.ImagePullSecrets) > 0 { + if len(cpf.ImagePullSecrets) > 0 { statefulset.Spec.Template.Spec.ImagePullSecrets = cpf.ImagePullSecrets } + storageSpec := cpf.Storage - if storageSpec == nil { + switch { + case storageSpec == nil: statefulset.Spec.Template.Spec.Volumes = append(statefulset.Spec.Template.Spec.Volumes, v1.Volume{ Name: prompkg.VolumeName(p), VolumeSource: v1.VolumeSource{ EmptyDir: &v1.EmptyDirVolumeSource{}, }, }) - } else if storageSpec.EmptyDir != nil { - emptyDir := storageSpec.EmptyDir + + case storageSpec.EmptyDir != nil: statefulset.Spec.Template.Spec.Volumes = append(statefulset.Spec.Template.Spec.Volumes, v1.Volume{ Name: prompkg.VolumeName(p), VolumeSource: v1.VolumeSource{ - EmptyDir: emptyDir, + EmptyDir: storageSpec.EmptyDir, }, }) - } else if storageSpec.Ephemeral != nil { - ephemeral := storageSpec.Ephemeral + + case storageSpec.Ephemeral != nil: statefulset.Spec.Template.Spec.Volumes = append(statefulset.Spec.Template.Spec.Volumes, v1.Volume{ Name: prompkg.VolumeName(p), VolumeSource: v1.VolumeSource{ - Ephemeral: ephemeral, + Ephemeral: storageSpec.Ephemeral, }, }) - } else { + + default: // storageSpec.VolumeClaimTemplate pvcTemplate := operator.MakeVolumeClaimTemplate(storageSpec.VolumeClaimTemplate) if pvcTemplate.Name == "" { pvcTemplate.Name = prompkg.VolumeName(p) @@ -139,16 +131,12 @@ func makeStatefulSet( statefulset.Spec.PersistentVolumeClaimRetentionPolicy = cpf.PersistentVolumeClaimRetentionPolicy } - if cpf.HostNetwork { - statefulset.Spec.Template.Spec.DNSPolicy = v1.DNSClusterFirstWithHostNet - } - return statefulset, nil } func makeStatefulSetSpec( - p monitoringv1.PrometheusInterface, - c *prompkg.Config, + p *monitoringv1alpha1.PrometheusAgent, + c prompkg.Config, cg *prompkg.ConfigGenerator, shard int32, tlsSecrets *operator.ShardedSecret, @@ -158,18 +146,15 @@ func makeStatefulSetSpec( pImagePath, err := operator.BuildImagePathForAgent( ptr.Deref(cpf.Image, ""), c.PrometheusDefaultBaseImage, - operator.StringValOrDefault(cpf.Version, operator.DefaultPrometheusVersion), + "v"+cg.Version().String(), ) if err != nil { return nil, err } - if !slices.Contains(cpf.EnableFeatures, "agent") { - cpf.EnableFeatures = append(cpf.EnableFeatures, "agent") - } - promArgs := buildAgentArgs(cpf, cg) + promArgs := buildAgentArgs(cg, cpf.WALCompression) - volumes, promVolumeMounts, err := prompkg.BuildCommonVolumes(p, tlsSecrets) + volumes, promVolumeMounts, err := prompkg.BuildCommonVolumes(p, tlsSecrets, true) if err != nil { return nil, err } @@ -203,9 +188,9 @@ func makeStatefulSetSpec( webConfigGenerator.Warn("web.config.file") } - startupProbe, readinessProbe, livenessProbe := prompkg.MakeProbes(cpf, webConfigGenerator) + startupProbe, readinessProbe, livenessProbe := cg.BuildProbes() - podAnnotations, podLabels := prompkg.BuildPodMetadata(cpf, cg) + podAnnotations, podLabels := cg.BuildPodMetadata() // In cases where an existing selector label is modified, or a new one is added, new sts cannot match existing pods. // We should try to avoid removing such immutable fields whenever possible since doing // so forces us to enter the 'recreate cycle' and can potentially lead to downtime. @@ -246,7 +231,6 @@ func makeStatefulSetSpec( } containerArgs, err := operator.BuildArgs(promArgs, cpf.AdditionalArgs) - if err != nil { return nil, err } @@ -288,6 +272,30 @@ func makeStatefulSetSpec( return nil, fmt.Errorf("failed to merge containers spec: %w", err) } + spec := v1.PodSpec{ + ShareProcessNamespace: prompkg.ShareProcessNamespace(p), + Containers: containers, + InitContainers: initContainers, + SecurityContext: cpf.SecurityContext, + ServiceAccountName: cpf.ServiceAccountName, + AutomountServiceAccountToken: ptr.To(ptr.Deref(cpf.AutomountServiceAccountToken, true)), + NodeSelector: cpf.NodeSelector, + PriorityClassName: cpf.PriorityClassName, + TerminationGracePeriodSeconds: ptr.To(int64(600)), + Volumes: volumes, + Tolerations: cpf.Tolerations, + Affinity: cpf.Affinity, + TopologySpreadConstraints: prompkg.MakeK8sTopologySpreadConstraint(finalSelectorLabels, cpf.TopologySpreadConstraints), + HostAliases: operator.MakeHostAliases(cpf.HostAliases), + HostNetwork: cpf.HostNetwork, + } + + if cpf.HostNetwork { + spec.DNSPolicy = v1.DNSClusterFirstWithHostNet + } + k8sutil.UpdateDNSPolicy(&spec, cpf.DNSPolicy) + k8sutil.UpdateDNSConfig(&spec, cpf.DNSConfig) + // PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164 // This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations return &appsv1.StatefulSetSpec{ @@ -306,25 +314,7 @@ func makeStatefulSetSpec( Labels: finalLabels, Annotations: podAnnotations, }, - Spec: v1.PodSpec{ - ShareProcessNamespace: prompkg.ShareProcessNamespace(p), - Containers: containers, - InitContainers: initContainers, - SecurityContext: cpf.SecurityContext, - ServiceAccountName: cpf.ServiceAccountName, - AutomountServiceAccountToken: ptr.To(ptr.Deref(cpf.AutomountServiceAccountToken, true)), - NodeSelector: cpf.NodeSelector, - PriorityClassName: cpf.PriorityClassName, - // Prometheus may take quite long to shut down to checkpoint existing data. - // Allow up to 10 minutes for clean termination. - TerminationGracePeriodSeconds: ptr.To(int64(600)), - Volumes: volumes, - Tolerations: cpf.Tolerations, - Affinity: cpf.Affinity, - TopologySpreadConstraints: prompkg.MakeK8sTopologySpreadConstraint(finalSelectorLabels, cpf.TopologySpreadConstraints), - HostAliases: operator.MakeHostAliases(cpf.HostAliases), - HostNetwork: cpf.HostNetwork, - }, + Spec: spec, }, }, nil } @@ -364,11 +354,16 @@ func makeStatefulSetService(p *monitoringv1alpha1.PrometheusAgent, config prompk return svc } -// appendAgentArgs appends arguments that are only valid for the Prometheus agent. -func appendAgentArgs( - promArgs []monitoringv1.Argument, - cg *prompkg.ConfigGenerator, - walCompression *bool) []monitoringv1.Argument { +// buildAgentArgs returns the CLI arguments that are only valid for the Prometheus agent. +func buildAgentArgs(cg *prompkg.ConfigGenerator, walCompression *bool) []monitoringv1.Argument { + promArgs := cg.BuildCommonPrometheusArgs() + + switch cg.Version().Major { + case 2: + promArgs = append(promArgs, monitoringv1.Argument{Name: "enable-feature", Value: "agent"}) + case 3: + promArgs = append(promArgs, monitoringv1.Argument{Name: "agent"}) + } promArgs = append(promArgs, monitoringv1.Argument{Name: "storage.agent.path", Value: prompkg.StorageDir}, @@ -381,5 +376,6 @@ func appendAgentArgs( } promArgs = cg.AppendCommandlineArgument(promArgs, arg) } + return promArgs } diff --git a/pkg/prometheus/agent/statefulset_test.go b/pkg/prometheus/agent/statefulset_test.go index 8e912801ee2..17a3c004a81 100644 --- a/pkg/prometheus/agent/statefulset_test.go +++ b/pkg/prometheus/agent/statefulset_test.go @@ -88,6 +88,39 @@ func TestWALCompression(t *testing.T) { } } +func TestPrometheusAgentCommandLineFlag(t *testing.T) { + tests := []struct { + version string + expectedArg string + shouldContain bool + }{ + {"v3.0.0", "--agent", true}, + {"v3.0.0-beta.0", "--agent", true}, + {"v2.53.0", "--agent", false}, + } + + for _, test := range tests { + sset, err := makeStatefulSetFromPrometheus(monitoringv1alpha1.PrometheusAgent{ + Spec: monitoringv1alpha1.PrometheusAgentSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Version: test.version, + }, + }, + }) + require.NoError(t, err) + + promArgs := sset.Spec.Template.Spec.Containers[0].Args + found := false + for _, flag := range promArgs { + if flag == test.expectedArg { + found = true + break + } + } + require.Equal(t, test.shouldContain, found) + } +} + func TestStartupProbeTimeoutSeconds(t *testing.T) { testcases := createTestCasesForTestStartupProbeTimeoutSeconds() @@ -104,7 +137,7 @@ func TestStartupProbeTimeoutSeconds(t *testing.T) { func makeStatefulSetFromPrometheus(p monitoringv1alpha1.PrometheusAgent) (*appsv1.StatefulSet, error) { logger := prompkg.NewLogger() - cg, err := prompkg.NewConfigGenerator(logger, &p, false) + cg, err := prompkg.NewConfigGenerator(logger, &p) if err != nil { return nil, err } @@ -186,3 +219,48 @@ func TestAutomountServiceAccountToken(t *testing.T) { }) } } + +func TestStatefulSetDNSPolicyAndDNSConfig(t *testing.T) { + // Monitoring DNS settings + monitoringDNSPolicy := v1.DNSClusterFirst + monitoringDNSConfig := &monitoringv1.PodDNSConfig{ + Nameservers: []string{"8.8.8.8", "8.8.4.4"}, + Searches: []string{"custom.search"}, + Options: []monitoringv1.PodDNSConfigOption{ + { + Name: "ndots", + Value: ptr.To("5"), + }, + }, + } + monitoringDNSPolicyPtr := ptr.To(monitoringv1.DNSPolicy(monitoringDNSPolicy)) + + // Create the PrometheusAgent object with DNS settings + prometheusAgent := monitoringv1alpha1.PrometheusAgent{ + Spec: monitoringv1alpha1.PrometheusAgentSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + DNSPolicy: monitoringDNSPolicyPtr, + DNSConfig: monitoringDNSConfig, + }, + }, + } + + // Generate the StatefulSet + sset, err := makeStatefulSetFromPrometheus(prometheusAgent) + require.NoError(t, err) + + // Validate the DNS Policy + require.Equal(t, v1.DNSClusterFirst, sset.Spec.Template.Spec.DNSPolicy, "expected DNS policy to match") + + // Validate the DNS Config + require.NotNil(t, sset.Spec.Template.Spec.DNSConfig, "expected DNS config to be set") + require.Equal(t, monitoringDNSConfig.Nameservers, sset.Spec.Template.Spec.DNSConfig.Nameservers, "expected nameservers to match") + require.Equal(t, monitoringDNSConfig.Searches, sset.Spec.Template.Spec.DNSConfig.Searches, "expected searches to match") + + require.Equal(t, len(monitoringDNSConfig.Options), len(sset.Spec.Template.Spec.DNSConfig.Options), "expected options length to match") + for i, option := range monitoringDNSConfig.Options { + k8sOption := sset.Spec.Template.Spec.DNSConfig.Options[i] + require.Equal(t, option.Name, k8sOption.Name, "expected option names to match") + require.Equal(t, option.Value, k8sOption.Value, "expected option values to match") + } +} diff --git a/pkg/prometheus/agent/test_utils.go b/pkg/prometheus/agent/test_utils.go index 648b421f3e1..519e63d3e50 100644 --- a/pkg/prometheus/agent/test_utils.go +++ b/pkg/prometheus/agent/test_utils.go @@ -29,7 +29,7 @@ import ( ) var ( - defaultTestConfig = &prompkg.Config{ + defaultTestConfig = prompkg.Config{ LocalHost: "localhost", ReloaderConfig: operator.DefaultReloaderTestConfig.ReloaderConfig, PrometheusDefaultBaseImage: operator.DefaultPrometheusBaseImage, diff --git a/pkg/prometheus/common.go b/pkg/prometheus/common.go index caa2ed97700..3ca36fabf21 100644 --- a/pkg/prometheus/common.go +++ b/pkg/prometheus/common.go @@ -17,15 +17,12 @@ package prometheus import ( "bytes" "fmt" - "math" "net/url" "path" "path/filepath" - "strings" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/ptr" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" @@ -48,7 +45,6 @@ const ( configmapsDir = "/etc/prometheus/configmaps/" ConfigFilename = "prometheus.yaml.gz" ConfigEnvsubstFilename = "prometheus.env.yaml" - SSetInputHashName = "prometheus-operator-input-hash" DefaultPortName = "web" DefaultQueryLogDirectory = "/var/log/prometheus" ) @@ -101,7 +97,7 @@ func ReplicasNumberPtr( } func prometheusNameByShard(p monitoringv1.PrometheusInterface, shard int32) string { - base := prefixedName(p) + base := PrefixedName(p) if shard == 0 { return base } @@ -141,26 +137,26 @@ func MakeConfigurationSecret(p monitoringv1.PrometheusInterface, config Config, } func ConfigSecretName(p monitoringv1.PrometheusInterface) string { - return prefixedName(p) + return PrefixedName(p) } func TLSAssetsSecretName(p monitoringv1.PrometheusInterface) string { - return fmt.Sprintf("%s-tls-assets", prefixedName(p)) + return fmt.Sprintf("%s-tls-assets", PrefixedName(p)) } func WebConfigSecretName(p monitoringv1.PrometheusInterface) string { - return fmt.Sprintf("%s-web-config", prefixedName(p)) + return fmt.Sprintf("%s-web-config", PrefixedName(p)) } func VolumeName(p monitoringv1.PrometheusInterface) string { - return fmt.Sprintf("%s-db", prefixedName(p)) + return fmt.Sprintf("%s-db", PrefixedName(p)) } -func prefixedName(p monitoringv1.PrometheusInterface) string { - return fmt.Sprintf("%s-%s", prefix(p), p.GetObjectMeta().GetName()) +func PrefixedName(p monitoringv1.PrometheusInterface) string { + return fmt.Sprintf("%s-%s", Prefix(p), p.GetObjectMeta().GetName()) } -func prefix(p monitoringv1.PrometheusInterface) string { +func Prefix(p monitoringv1.PrometheusInterface) string { switch p.(type) { case *monitoringv1.Prometheus: return "prometheus" @@ -196,63 +192,8 @@ func queryLogFilePath(queryLogFile string) string { return filepath.Join(DefaultQueryLogDirectory, queryLogFile) } -// BuildCommonPrometheusArgs builds a slice of arguments that are common between Prometheus Server and Agent. -func BuildCommonPrometheusArgs(cpf monitoringv1.CommonPrometheusFields, cg *ConfigGenerator) []monitoringv1.Argument { - promArgs := []monitoringv1.Argument{ - {Name: "web.console.templates", Value: "/etc/prometheus/consoles"}, - {Name: "web.console.libraries", Value: "/etc/prometheus/console_libraries"}, - {Name: "config.file", Value: path.Join(ConfOutDir, ConfigEnvsubstFilename)}, - } - - if ptr.Deref(cpf.ReloadStrategy, monitoringv1.HTTPReloadStrategyType) == monitoringv1.HTTPReloadStrategyType { - promArgs = append(promArgs, monitoringv1.Argument{Name: "web.enable-lifecycle"}) - } - - if cpf.Web != nil { - if cpf.Web.PageTitle != nil { - promArgs = cg.WithMinimumVersion("2.6.0").AppendCommandlineArgument(promArgs, monitoringv1.Argument{Name: "web.page-title", Value: *cpf.Web.PageTitle}) - } - - if cpf.Web.MaxConnections != nil { - promArgs = append(promArgs, monitoringv1.Argument{Name: "web.max-connections", Value: fmt.Sprintf("%d", *cpf.Web.MaxConnections)}) - } - } - - if cpf.EnableRemoteWriteReceiver { - promArgs = cg.WithMinimumVersion("2.33.0").AppendCommandlineArgument(promArgs, monitoringv1.Argument{Name: "web.enable-remote-write-receiver"}) - } - - if len(cpf.EnableFeatures) > 0 { - efs := make([]string, len(cpf.EnableFeatures)) - for i := range cpf.EnableFeatures { - efs[i] = string(cpf.EnableFeatures[i]) - } - promArgs = cg.WithMinimumVersion("2.25.0").AppendCommandlineArgument(promArgs, monitoringv1.Argument{Name: "enable-feature", Value: strings.Join(efs, ",")}) - } - - if cpf.ExternalURL != "" { - promArgs = append(promArgs, monitoringv1.Argument{Name: "web.external-url", Value: cpf.ExternalURL}) - } - - promArgs = append(promArgs, monitoringv1.Argument{Name: "web.route-prefix", Value: cpf.WebRoutePrefix()}) - - if cpf.LogLevel != "" && cpf.LogLevel != "info" { - promArgs = append(promArgs, monitoringv1.Argument{Name: "log.level", Value: cpf.LogLevel}) - } - - if cpf.LogFormat != "" && cpf.LogFormat != "logfmt" { - promArgs = cg.WithMinimumVersion("2.6.0").AppendCommandlineArgument(promArgs, monitoringv1.Argument{Name: "log.format", Value: cpf.LogFormat}) - } - - if cpf.ListenLocal { - promArgs = append(promArgs, monitoringv1.Argument{Name: "web.listen-address", Value: "127.0.0.1:9090"}) - } - - return promArgs -} - -// BuildCommonVolumes returns a set of volumes to be mounted on statefulset spec that are common between Prometheus Server and Agent. -func BuildCommonVolumes(p monitoringv1.PrometheusInterface, tlsSecrets *operator.ShardedSecret) ([]v1.Volume, []v1.VolumeMount, error) { +// BuildCommonVolumes returns a set of volumes to be mounted on the spec that are common between Prometheus Server and Agent. +func BuildCommonVolumes(p monitoringv1.PrometheusInterface, tlsSecrets *operator.ShardedSecret, statefulSet bool) ([]v1.Volume, []v1.VolumeMount, error) { cpf := p.GetCommonPrometheusFields() volumes := []v1.Volume{ @@ -276,8 +217,6 @@ func BuildCommonVolumes(p monitoringv1.PrometheusInterface, tlsSecrets *operator }, } - volName := VolumeClaimName(p, cpf) - promVolumeMounts := []v1.VolumeMount{ { Name: "config-out", @@ -289,11 +228,15 @@ func BuildCommonVolumes(p monitoringv1.PrometheusInterface, tlsSecrets *operator ReadOnly: true, MountPath: tlsAssetsDir, }, - { - Name: volName, + } + + // Only StatefulSet needs this. + if statefulSet { + promVolumeMounts = append(promVolumeMounts, v1.VolumeMount{ + Name: VolumeClaimName(p, cpf), MountPath: StorageDir, SubPath: SubPathForStorage(cpf.Storage), - }, + }) } promVolumeMounts = append(promVolumeMounts, cpf.VolumeMounts...) @@ -358,53 +301,9 @@ func VolumeClaimName(p monitoringv1.PrometheusInterface, cpf monitoringv1.Common return volName } -func ProbeHandler(probePath string, cpf monitoringv1.CommonPrometheusFields, webConfigGenerator *ConfigGenerator) v1.ProbeHandler { - probePath = path.Clean(cpf.WebRoutePrefix() + probePath) - handler := v1.ProbeHandler{} - if cpf.ListenLocal { - probeURL := url.URL{ - Scheme: "http", - Host: "localhost:9090", - Path: probePath, - } - handler.Exec = operator.ExecAction(probeURL.String()) - - return handler - } - - handler.HTTPGet = &v1.HTTPGetAction{ - Path: probePath, - Port: intstr.FromString(cpf.PortName), - } - if cpf.Web != nil && cpf.Web.TLSConfig != nil && webConfigGenerator.IsCompatible() { - handler.HTTPGet.Scheme = v1.URISchemeHTTPS - } - return handler -} - -func BuildPodMetadata(cpf monitoringv1.CommonPrometheusFields, cg *ConfigGenerator) (map[string]string, map[string]string) { - podAnnotations := map[string]string{ - "kubectl.kubernetes.io/default-container": "prometheus", - } - podLabels := map[string]string{ - "app.kubernetes.io/version": cg.version.String(), - } - - if cpf.PodMetadata != nil { - for k, v := range cpf.PodMetadata.Labels { - podLabels[k] = v - } - for k, v := range cpf.PodMetadata.Annotations { - podAnnotations[k] = v - } - } - - return podAnnotations, podLabels -} - func BuildConfigReloader( p monitoringv1.PrometheusInterface, - c *Config, + c Config, initContainer bool, mounts []v1.VolumeMount, watchedDirectories []string, @@ -497,20 +396,6 @@ func MakeK8sTopologySpreadConstraint(selectorLabels map[string]string, tscs []mo return coreTscs } -func GetStatupProbePeriodSecondsAndFailureThreshold(cfp monitoringv1.CommonPrometheusFields) (int32, int32) { - var startupPeriodSeconds float64 = 15 - var startupFailureThreshold float64 = 60 - - maximumStartupDurationSeconds := float64(ptr.Deref(cfp.MaximumStartupDurationSeconds, 0)) - - if maximumStartupDurationSeconds >= 60 { - startupFailureThreshold = math.Ceil(maximumStartupDurationSeconds / 60) - startupPeriodSeconds = math.Ceil(maximumStartupDurationSeconds / startupFailureThreshold) - } - - return int32(startupPeriodSeconds), int32(startupFailureThreshold) -} - func MakeContainerPorts(cpf monitoringv1.CommonPrometheusFields) []v1.ContainerPort { if cpf.ListenLocal { return nil @@ -554,41 +439,3 @@ func BuildWebconfig( return webConfig.GetMountParameters() } - -// The /-/ready handler returns OK only after the TSDB initialization has -// completed. The WAL replay can take a significant time for large setups -// hence we enable the startup probe with a generous failure threshold (15 -// minutes) to ensure that the readiness probe only comes into effect once -// Prometheus is effectively ready. -// We don't want to use the /-/healthy handler here because it returns OK as -// soon as the web server is started (irrespective of the WAL replay). -func MakeProbes( - cpf monitoringv1.CommonPrometheusFields, - webConfigGenerator *ConfigGenerator, -) (*v1.Probe, *v1.Probe, *v1.Probe) { - readyProbeHandler := ProbeHandler("/-/ready", cpf, webConfigGenerator) - startupPeriodSeconds, startupFailureThreshold := GetStatupProbePeriodSecondsAndFailureThreshold(cpf) - - startupProbe := &v1.Probe{ - ProbeHandler: readyProbeHandler, - TimeoutSeconds: ProbeTimeoutSeconds, - PeriodSeconds: startupPeriodSeconds, - FailureThreshold: startupFailureThreshold, - } - - readinessProbe := &v1.Probe{ - ProbeHandler: readyProbeHandler, - TimeoutSeconds: ProbeTimeoutSeconds, - PeriodSeconds: 5, - FailureThreshold: 3, - } - - livenessProbe := &v1.Probe{ - ProbeHandler: ProbeHandler("/-/healthy", cpf, webConfigGenerator), - TimeoutSeconds: ProbeTimeoutSeconds, - PeriodSeconds: 5, - FailureThreshold: 6, - } - - return startupProbe, readinessProbe, livenessProbe -} diff --git a/pkg/prometheus/common_test.go b/pkg/prometheus/common_test.go index d7a776cbb9a..f21936e4872 100644 --- a/pkg/prometheus/common_test.go +++ b/pkg/prometheus/common_test.go @@ -18,6 +18,7 @@ import ( "testing" "github.com/stretchr/testify/require" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/utils/ptr" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" @@ -87,12 +88,74 @@ func TestStartupProbeTimeoutSeconds(t *testing.T) { } for _, test := range tests { - startupPeriodSeconds, startupFailureThreshold := GetStatupProbePeriodSecondsAndFailureThreshold(monitoringv1.CommonPrometheusFields{ - MaximumStartupDurationSeconds: test.maximumStartupDurationSeconds, - }) + startupPeriodSeconds, startupFailureThreshold := getStatupProbePeriodSecondsAndFailureThreshold(test.maximumStartupDurationSeconds) require.Equal(t, test.expectedStartupPeriodSeconds, startupPeriodSeconds) require.Equal(t, test.expectedStartupFailureThreshold, startupFailureThreshold) require.Equal(t, test.expectedMaxStartupDuration, startupPeriodSeconds*startupFailureThreshold) } } + +func TestBuildCommonPrometheusArgsWithRemoteWriteMessageV2(t *testing.T) { + for _, tc := range []struct { + version string + messageVersion *monitoringv1.RemoteWriteMessageVersion + + expectedPresent bool + }{ + { + version: "v2.53.0", + }, + { + version: "v2.53.0", + messageVersion: ptr.To(monitoringv1.RemoteWriteMessageVersion2_0), + }, + { + version: "v2.54.0", + }, + { + version: "v2.54.0", + messageVersion: ptr.To(monitoringv1.RemoteWriteMessageVersion1_0), + }, + { + version: "v2.54.0", + messageVersion: ptr.To(monitoringv1.RemoteWriteMessageVersion2_0), + expectedPresent: true, + }, + } { + t.Run("", func(t *testing.T) { + p := &monitoringv1.Prometheus{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "test", + }, + Spec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Version: tc.version, + RemoteWrite: []monitoringv1.RemoteWriteSpec{ + { + URL: "http://example.com", + MessageVersion: tc.messageVersion, + }, + }, + }, + }, + } + + cg, err := NewConfigGenerator(NewLogger(), p) + require.NoError(t, err) + + args := cg.BuildCommonPrometheusArgs() + + var found bool + for _, arg := range args { + if arg.Name == "enable-feature" && arg.Value == "metadata-wal-records" { + found = true + break + } + } + + require.Equal(t, tc.expectedPresent, found) + }) + } +} diff --git a/pkg/prometheus/operator.go b/pkg/prometheus/operator.go index 82feb79906c..239e04049e9 100644 --- a/pkg/prometheus/operator.go +++ b/pkg/prometheus/operator.go @@ -60,9 +60,9 @@ func KeyToStatefulSetKey(p monitoringv1.PrometheusInterface, key string, shard i func statefulSetNameFromPrometheusName(p monitoringv1.PrometheusInterface, name string, shard int) string { if shard == 0 { - return fmt.Sprintf("%s-%s", prefix(p), name) + return fmt.Sprintf("%s-%s", Prefix(p), name) } - return fmt.Sprintf("%s-%s-shard-%d", prefix(p), name, shard) + return fmt.Sprintf("%s-%s-shard-%d", Prefix(p), name, shard) } func NewTLSAssetSecret(p monitoringv1.PrometheusInterface, config Config) *v1.Secret { @@ -82,7 +82,7 @@ func NewTLSAssetSecret(p monitoringv1.PrometheusInterface, config Config) *v1.Se return s } -// ValidateRemoteWriteSpec checks that mutually exclusive configurations are not +// validateRemoteWriteSpec checks that mutually exclusive configurations are not // included in the Prometheus remoteWrite configuration section, while also validating // the RemoteWriteSpec child fields. // Reference: @@ -99,6 +99,7 @@ func ValidateRemoteWriteSpec(spec monitoringv1.RemoteWriteSpec) error { if reflect.ValueOf(v).IsNil() { continue } + nonNilFields = append(nonNilFields, fmt.Sprintf("%q", k)) } @@ -131,7 +132,120 @@ func ValidateRemoteWriteSpec(spec monitoringv1.RemoteWriteSpec) error { } } - return nil + return spec.ProxyConfig.Validate() +} + +// Process will determine the Status of a Prometheus resource (server or agent) depending on its current state in the cluster. +func (sr *StatusReporter) Process(ctx context.Context, p monitoringv1.PrometheusInterface, key string) (*monitoringv1.PrometheusStatus, error) { + + commonFields := p.GetCommonPrometheusFields() + pStatus := monitoringv1.PrometheusStatus{ + Paused: commonFields.Paused, + } + + var ( + availableStatus monitoringv1.ConditionStatus = monitoringv1.ConditionTrue + availableReason string + availableCondition = monitoringv1.Condition{ + Type: monitoringv1.Available, + LastTransitionTime: metav1.Time{ + Time: time.Now().UTC(), + }, + ObservedGeneration: p.GetObjectMeta().GetGeneration(), + } + messages []string + replicas = 1 + ) + + if commonFields.Replicas != nil { + replicas = int(*commonFields.Replicas) + } + + for shard := range ExpectedStatefulSetShardNames(p) { + ssetName := KeyToStatefulSetKey(p, key, shard) + + obj, err := sr.SsetInfs.Get(ssetName) + if err != nil { + if apierrors.IsNotFound(err) { + // Statefulset hasn't been created or is already deleted. + availableStatus = monitoringv1.ConditionFalse + availableReason = "StatefulSetNotFound" + messages = append(messages, fmt.Sprintf("shard %d: statefulset %s not found", shard, ssetName)) + pStatus.ShardStatuses = append( + pStatus.ShardStatuses, + monitoringv1.ShardStatus{ + ShardID: strconv.Itoa(shard), + }) + + continue + } + + return nil, fmt.Errorf("failed to retrieve statefulset: %w", err) + } + + sset := obj.(*appsv1.StatefulSet).DeepCopy() + if sr.Rr.DeletionInProgress(sset) { + continue + } + + stsReporter, err := operator.NewStatefulSetReporter(ctx, sr.Kclient, sset) + if err != nil { + return nil, fmt.Errorf("failed to retrieve statefulset state: %w", err) + } + + pStatus.Replicas += int32(len(stsReporter.Pods)) + pStatus.UpdatedReplicas += int32(len(stsReporter.UpdatedPods())) + pStatus.AvailableReplicas += int32(len(stsReporter.ReadyPods())) + pStatus.UnavailableReplicas += int32(len(stsReporter.Pods) - len(stsReporter.ReadyPods())) + + pStatus.ShardStatuses = append( + pStatus.ShardStatuses, + monitoringv1.ShardStatus{ + ShardID: strconv.Itoa(shard), + Replicas: int32(len(stsReporter.Pods)), + UpdatedReplicas: int32(len(stsReporter.UpdatedPods())), + AvailableReplicas: int32(len(stsReporter.ReadyPods())), + UnavailableReplicas: int32(len(stsReporter.Pods) - len(stsReporter.ReadyPods())), + }, + ) + + if len(stsReporter.ReadyPods()) >= replicas { + // All pods are ready (or the desired number of replicas is zero). + continue + } + + switch { + case len(stsReporter.ReadyPods()) == 0: + availableReason = "NoPodReady" + availableStatus = monitoringv1.ConditionFalse + case availableCondition.Status != monitoringv1.ConditionFalse: + availableReason = "SomePodsNotReady" + availableStatus = monitoringv1.ConditionDegraded + } + + for _, p := range stsReporter.Pods { + if m := p.Message(); m != "" { + messages = append(messages, fmt.Sprintf("shard %d: pod %s: %s", shard, p.Name, m)) + } + } + } + + pStatus.Conditions = operator.UpdateConditions( + pStatus.Conditions, + monitoringv1.Condition{ + Type: monitoringv1.Available, + Status: availableStatus, + Reason: availableReason, + Message: strings.Join(messages, "\n"), + LastTransitionTime: metav1.Time{ + Time: time.Now().UTC(), + }, + ObservedGeneration: p.GetObjectMeta().GetGeneration(), + }, + sr.Reconciliations.GetCondition(key, p.GetObjectMeta().GetGeneration()), + ) + + return &pStatus, nil } // Process will determine the Status of a Prometheus resource (server or agent) depending on its current state in the cluster. diff --git a/pkg/prometheus/operator_test.go b/pkg/prometheus/operator_test.go index 8ea65bdc991..9556bb470a4 100644 --- a/pkg/prometheus/operator_test.go +++ b/pkg/prometheus/operator_test.go @@ -17,6 +17,7 @@ package prometheus import ( "testing" + "github.com/stretchr/testify/require" v1 "k8s.io/api/core/v1" "k8s.io/utils/ptr" @@ -47,9 +48,7 @@ func TestKeyToStatefulSetKey(t *testing.T) { for _, c := range cases { got := KeyToStatefulSetKey(c.p, c.name, c.shard) - if c.expected != got { - t.Fatalf("Expected key %q got %q", c.expected, got) - } + require.Equal(t, c.expected, got, "Expected key %q got %q", c.expected, got) } } @@ -196,13 +195,12 @@ func TestValidateRemoteWriteConfig(t *testing.T) { for _, c := range cases { test := c t.Run(test.name, func(t *testing.T) { - err := ValidateRemoteWriteSpec(test.spec) - if err != nil && !test.expectErr { - t.Fatalf("unexpected error occurred: %v", err) - } - if err == nil && test.expectErr { - t.Fatalf("expected an error, got nil") + err := validateRemoteWriteSpec(test.spec) + if test.expectErr { + require.Error(t, err) + return } + require.NoError(t, err) }) } } diff --git a/pkg/prometheus/promcfg.go b/pkg/prometheus/promcfg.go index 1906f6397aa..2e5513fb777 100644 --- a/pkg/prometheus/promcfg.go +++ b/pkg/prometheus/promcfg.go @@ -15,23 +15,28 @@ package prometheus import ( - "context" + "cmp" "fmt" + "log/slog" + "math" + "net/url" + "os" "path" "reflect" "regexp" - "sort" + "slices" "strings" "github.com/alecthomas/units" "github.com/blang/semver/v4" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/prometheus/common/model" "gopkg.in/yaml.v2" + v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/ptr" + "github.com/prometheus-operator/prometheus-operator/internal/util" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" "github.com/prometheus-operator/prometheus-operator/pkg/assets" @@ -58,19 +63,44 @@ func sanitizeLabelName(name string) string { // ConfigGenerator knows how to generate a Prometheus configuration which is // compatible with a given Prometheus version. type ConfigGenerator struct { - logger log.Logger + logger *slog.Logger version semver.Version notCompatible bool prom monitoringv1.PrometheusInterface - endpointSliceSupported bool + useEndpointSlice bool // Whether to use EndpointSlice for service discovery from `ServiceMonitor` objects. scrapeClasses map[string]monitoringv1.ScrapeClass defaultScrapeClassName string + daemonSet bool +} + +type ConfigGeneratorOption func(*ConfigGenerator) + +func WithEndpointSliceSupport() ConfigGeneratorOption { + return func(cg *ConfigGenerator) { + cpf := cg.prom.GetCommonPrometheusFields() + cg.useEndpointSlice = ptr.Deref(cpf.ServiceDiscoveryRole, monitoringv1.EndpointsRole) == monitoringv1.EndpointSliceRole + } +} + +func WithDaemonSet() ConfigGeneratorOption { + return func(cg *ConfigGenerator) { + cg.daemonSet = true + } } // NewConfigGenerator creates a ConfigGenerator for the provided Prometheus resource. -func NewConfigGenerator(logger log.Logger, p monitoringv1.PrometheusInterface, endpointSliceSupported bool) (*ConfigGenerator, error) { +func NewConfigGenerator( + logger *slog.Logger, + p monitoringv1.PrometheusInterface, + opts ...ConfigGeneratorOption, +) (*ConfigGenerator, error) { if logger == nil { - logger = log.NewNopLogger() + logger = slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + // slog level math.MaxInt means no logging + // We would like to use the slog buil-in No-op level once it is available + // More: https://github.com/golang/go/issues/62005 + Level: slog.Level(math.MaxInt), + })) } cpf := p.GetCommonPrometheusFields() @@ -81,68 +111,94 @@ func NewConfigGenerator(logger log.Logger, p monitoringv1.PrometheusInterface, e return nil, fmt.Errorf("failed to parse Prometheus version: %w", err) } - if version.Major != 2 { - return nil, fmt.Errorf("unsupported Prometheus major version %s: %w", version, err) + if version.Major != 2 && version.Major != 3 { + return nil, fmt.Errorf("unsupported Prometheus version %q", promVersion) } - logger = log.WithSuffix(logger, "version", promVersion) + logger = logger.With("version", promVersion) scrapeClasses, defaultScrapeClassName, err := getScrapeClassConfig(p) if err != nil { return nil, fmt.Errorf("failed to parse scrape classes: %w", err) } - return &ConfigGenerator{ + cg := &ConfigGenerator{ logger: logger, version: version, prom: p, - endpointSliceSupported: endpointSliceSupported, scrapeClasses: scrapeClasses, defaultScrapeClassName: defaultScrapeClassName, - }, nil + } + + for _, opt := range opts { + opt(cg) + } + + return cg, nil } -func getScrapeClassConfig(p monitoringv1.PrometheusInterface) (map[string]monitoringv1.ScrapeClass, string, error) { - cpf := p.GetCommonPrometheusFields() +func (cg *ConfigGenerator) endpointRoleFlavor() string { + role := kubernetesSDRoleEndpoint + if cg.version.GTE(semver.MustParse("2.21.0")) && cg.useEndpointSlice { + role = kubernetesSDRoleEndpointSlice + } + + return role +} +func getScrapeClassConfig(p monitoringv1.PrometheusInterface) (map[string]monitoringv1.ScrapeClass, string, error) { var ( + cpf = p.GetCommonPrometheusFields() scrapeClasses = make(map[string]monitoringv1.ScrapeClass, len(cpf.ScrapeClasses)) defaultScrapeClass string ) + for _, scrapeClass := range cpf.ScrapeClasses { - scrapeClasses[scrapeClass.Name] = scrapeClass - // Validate all scrape class relabelings are correct. - if err := ValidateRelabelConfigs(p, scrapeClass.Relabelings); err != nil { + lcv, err := NewLabelConfigValidator(p) + if err != nil { + return nil, "", err + } + + if err := lcv.Validate(scrapeClass.Relabelings); err != nil { return nil, "", fmt.Errorf("invalid relabelings for scrapeClass %s: %w", scrapeClass.Name, err) } - if err := ValidateRelabelConfigs(p, scrapeClass.MetricRelabelings); err != nil { + + if err := lcv.Validate(scrapeClass.MetricRelabelings); err != nil { return nil, "", fmt.Errorf("invalid metric relabelings for scrapeClass %s: %w", scrapeClass.Name, err) } if ptr.Deref(scrapeClass.Default, false) { - if defaultScrapeClass == "" { - defaultScrapeClass = scrapeClass.Name - continue + if defaultScrapeClass != "" { + return nil, "", fmt.Errorf("multiple default scrape classes defined") } - return nil, "", fmt.Errorf("multiple default scrape classes defined") + + defaultScrapeClass = scrapeClass.Name } + + scrapeClasses[scrapeClass.Name] = scrapeClass } return scrapeClasses, defaultScrapeClass, nil } +// Version returns the currently configured Prometheus version. +func (cg *ConfigGenerator) Version() semver.Version { + return cg.version +} + // WithKeyVals returns a new ConfigGenerator with the same characteristics as // the current object, expect that the keyvals are appended to the existing // logger. func (cg *ConfigGenerator) WithKeyVals(keyvals ...interface{}) *ConfigGenerator { return &ConfigGenerator{ - logger: log.WithSuffix(cg.logger, keyvals...), + logger: cg.logger.With(keyvals...), version: cg.version, notCompatible: cg.notCompatible, prom: cg.prom, - endpointSliceSupported: cg.endpointSliceSupported, + useEndpointSlice: cg.useEndpointSlice, scrapeClasses: cg.scrapeClasses, defaultScrapeClassName: cg.defaultScrapeClassName, + daemonSet: cg.daemonSet, } } @@ -155,13 +211,14 @@ func (cg *ConfigGenerator) WithMinimumVersion(version string) *ConfigGenerator { if cg.version.LT(minVersion) { return &ConfigGenerator{ - logger: log.WithSuffix(cg.logger, "minimum_version", version), + logger: cg.logger.With("minimum_version", version), version: cg.version, notCompatible: true, prom: cg.prom, - endpointSliceSupported: cg.endpointSliceSupported, + useEndpointSlice: cg.useEndpointSlice, scrapeClasses: cg.scrapeClasses, defaultScrapeClassName: cg.defaultScrapeClassName, + daemonSet: cg.daemonSet, } } @@ -177,13 +234,14 @@ func (cg *ConfigGenerator) WithMaximumVersion(version string) *ConfigGenerator { if cg.version.GTE(minVersion) { return &ConfigGenerator{ - logger: log.WithSuffix(cg.logger, "maximum_version", version), + logger: cg.logger.With("maximum_version", version), version: cg.version, notCompatible: true, prom: cg.prom, - endpointSliceSupported: cg.endpointSliceSupported, + useEndpointSlice: cg.useEndpointSlice, scrapeClasses: cg.scrapeClasses, defaultScrapeClassName: cg.defaultScrapeClassName, + daemonSet: cg.daemonSet, } } @@ -205,7 +263,7 @@ func (cg *ConfigGenerator) AppendMapItem(m yaml.MapSlice, k string, v interface{ // the updated slice. func (cg *ConfigGenerator) AppendCommandlineArgument(m []monitoringv1.Argument, argument monitoringv1.Argument) []monitoringv1.Argument { if cg.notCompatible { - level.Warn(cg.logger).Log("msg", fmt.Sprintf("ignoring command line argument %q not supported by Prometheus", argument.Name)) + cg.logger.Warn(fmt.Sprintf("ignoring command line argument %q=%q not supported by Prometheus", argument.Name, argument.Value)) return m } @@ -219,7 +277,7 @@ func (cg *ConfigGenerator) IsCompatible() bool { // Warn logs a warning. func (cg *ConfigGenerator) Warn(field string) { - level.Warn(cg.logger).Log("msg", fmt.Sprintf("ignoring %q not supported by Prometheus", field)) + cg.logger.Warn(fmt.Sprintf("ignoring %q not supported by Prometheus", field)) } type limitKey struct { @@ -327,76 +385,157 @@ func (cg *ConfigGenerator) AddHonorLabels(cfg yaml.MapSlice, honorLabels bool) y return cg.AppendMapItem(cfg, "honor_labels", honorLabels) } -func (cg *ConfigGenerator) EndpointSliceSupported() bool { - return cg.version.GTE(semver.MustParse("2.21.0")) && cg.endpointSliceSupported +// addNativeHistogramConfig adds the native histogram field into scrape configurations. +func (cg *ConfigGenerator) addNativeHistogramConfig(cfg yaml.MapSlice, nhc monitoringv1.NativeHistogramConfig) yaml.MapSlice { + if reflect.ValueOf(nhc).IsZero() { + return cfg + } + + if nhc.NativeHistogramBucketLimit != nil { + cfg = cg.WithMinimumVersion("2.45.0").AppendMapItem(cfg, "native_histogram_bucket_limit", nhc.NativeHistogramBucketLimit) + } + + if nhc.NativeHistogramMinBucketFactor != nil { + cfg = cg.WithMinimumVersion("2.50.0").AppendMapItem(cfg, "native_histogram_min_bucket_factor", nhc.NativeHistogramMinBucketFactor.AsApproximateFloat64()) + } + + if nhc.ScrapeClassicHistograms != nil { + cfg = cg.WithMinimumVersion("2.45.0").AppendMapItem(cfg, "scrape_classic_histograms", nhc.ScrapeClassicHistograms) + } + + return cfg } // stringMapToMapSlice returns a yaml.MapSlice from a string map to ensure that // the output is deterministic. func stringMapToMapSlice[V any](m map[string]V) yaml.MapSlice { res := yaml.MapSlice{} - ks := make([]string, 0, len(m)) - - for k := range m { - ks = append(ks, k) - } - sort.Strings(ks) - for _, k := range ks { + for _, k := range util.SortedKeys(m) { res = append(res, yaml.MapItem{Key: k, Value: m[k]}) } return res } -func addSafeTLStoYaml(cfg yaml.MapSlice, namespace string, tls monitoringv1.SafeTLSConfig) yaml.MapSlice { - tlsConfig := yaml.MapSlice{} +func mergeSafeTLSConfigWithScrapeClass(tlsConfig *monitoringv1.SafeTLSConfig, scrapeClass monitoringv1.ScrapeClass) *monitoringv1.TLSConfig { + if tlsConfig == nil || reflect.ValueOf(*tlsConfig).IsZero() { + return mergeTLSConfigWithScrapeClass(nil, scrapeClass) + } - if tls.InsecureSkipVerify != nil { - tlsConfig = append(tlsConfig, yaml.MapItem{Key: "insecure_skip_verify", Value: *tls.InsecureSkipVerify}) + return mergeTLSConfigWithScrapeClass(&monitoringv1.TLSConfig{SafeTLSConfig: *tlsConfig}, scrapeClass) +} + +func mergeTLSConfigWithScrapeClass(tlsConfig *monitoringv1.TLSConfig, scrapeClass monitoringv1.ScrapeClass) *monitoringv1.TLSConfig { + if tlsConfig == nil { + return scrapeClass.TLSConfig } - if tls.CA.Secret != nil || tls.CA.ConfigMap != nil { - tlsConfig = append(tlsConfig, yaml.MapItem{Key: "ca_file", Value: path.Join(tlsAssetsDir, assets.TLSAsset(namespace, tls.CA))}) + if scrapeClass.TLSConfig == nil { + return tlsConfig } - if tls.Cert.Secret != nil || tls.Cert.ConfigMap != nil { - tlsConfig = append(tlsConfig, yaml.MapItem{Key: "cert_file", Value: path.Join(tlsAssetsDir, assets.TLSAsset(namespace, tls.Cert))}) + if tlsConfig.CAFile == "" && tlsConfig.SafeTLSConfig.CA == (monitoringv1.SecretOrConfigMap{}) { + tlsConfig.CAFile = scrapeClass.TLSConfig.CAFile } - if tls.KeySecret != nil { - tlsConfig = append(tlsConfig, yaml.MapItem{Key: "key_file", Value: path.Join(tlsAssetsDir, assets.TLSAsset(namespace, tls.KeySecret))}) + if tlsConfig.CertFile == "" && tlsConfig.SafeTLSConfig.Cert == (monitoringv1.SecretOrConfigMap{}) { + tlsConfig.CertFile = scrapeClass.TLSConfig.CertFile } - if ptr.Deref(tls.ServerName, "") != "" { - tlsConfig = append(tlsConfig, yaml.MapItem{Key: "server_name", Value: *tls.ServerName}) + if tlsConfig.KeyFile == "" && tlsConfig.SafeTLSConfig.KeySecret == nil { + tlsConfig.KeyFile = scrapeClass.TLSConfig.KeyFile } - return append(cfg, yaml.MapItem{Key: "tls_config", Value: tlsConfig}) + return tlsConfig } -func addTLStoYaml(cfg yaml.MapSlice, namespace string, tls *monitoringv1.TLSConfig) yaml.MapSlice { - if tls == nil { +func mergeAttachMetadataWithScrapeClass(attachMetadata *monitoringv1.AttachMetadata, scrapeClass monitoringv1.ScrapeClass, minimumVersion string) *attachMetadataConfig { + if attachMetadata == nil { + attachMetadata = scrapeClass.AttachMetadata + } + + if attachMetadata == nil { + return nil + } + + return &attachMetadataConfig{ + MinimumVersion: minimumVersion, + attachMetadata: attachMetadata, + } +} + +func (cg *ConfigGenerator) addBasicAuthToYaml( + cfg yaml.MapSlice, + store assets.StoreGetter, + basicAuth *monitoringv1.BasicAuth, +) yaml.MapSlice { + if basicAuth == nil { return cfg } - tlsConfig := addSafeTLStoYaml(yaml.MapSlice{}, namespace, tls.SafeTLSConfig)[0].Value.(yaml.MapSlice) + username, err := store.GetSecretKey(basicAuth.Username) + if err != nil { + cg.logger.Error("invalid username reference", "err", err) + } - if tls.CAFile != "" { - tlsConfig = append(tlsConfig, yaml.MapItem{Key: "ca_file", Value: tls.CAFile}) + password, err := store.GetSecretKey(basicAuth.Password) + if err != nil { + cg.logger.Error("invalid password reference", "err", err) } - if tls.CertFile != "" { - tlsConfig = append(tlsConfig, yaml.MapItem{Key: "cert_file", Value: tls.CertFile}) + auth := yaml.MapSlice{ + yaml.MapItem{Key: "username", Value: string(username)}, + yaml.MapItem{Key: "password", Value: string(password)}, } - if tls.KeyFile != "" { - tlsConfig = append(tlsConfig, yaml.MapItem{Key: "key_file", Value: tls.KeyFile}) + return cg.AppendMapItem(cfg, "basic_auth", auth) +} + +func (cg *ConfigGenerator) addSigv4ToYaml(cfg yaml.MapSlice, + assetStoreKey string, + store assets.StoreGetter, + sigv4 *monitoringv1.Sigv4, +) yaml.MapSlice { + if sigv4 == nil { + return cfg } - cfg = append(cfg, yaml.MapItem{Key: "tls_config", Value: tlsConfig}) + sigv4Cfg := yaml.MapSlice{} + if sigv4.Region != "" { + sigv4Cfg = append(sigv4Cfg, yaml.MapItem{Key: "region", Value: sigv4.Region}) + } - return cfg + if sigv4.AccessKey != nil && sigv4.SecretKey != nil { + var ak, sk []byte + + ak, err := store.GetSecretKey(*sigv4.AccessKey) + if err != nil { + cg.logger.Error("invalid SigV4 access key reference", "err", err) + } + + sk, err = store.GetSecretKey(*sigv4.SecretKey) + if err != nil { + cg.logger.Error("invalid SigV4 secret key reference", "err", err) + } + + if len(ak) > 0 && len(sk) > 0 { + sigv4Cfg = append(sigv4Cfg, + yaml.MapItem{Key: "access_key", Value: string(ak)}, + yaml.MapItem{Key: "secret_key", Value: string(sk)}, + ) + } + } + + if sigv4.Profile != "" { + sigv4Cfg = append(sigv4Cfg, yaml.MapItem{Key: "profile", Value: sigv4.Profile}) + } + + if sigv4.RoleArn != "" { + sigv4Cfg = append(sigv4Cfg, yaml.MapItem{Key: "role_arn", Value: sigv4.RoleArn}) + } + + return cg.WithKeyVals("component", strings.Split(assetStoreKey, "/")[0]).AppendMapItem(cfg, "sigv4", sigv4Cfg) } func mergeSafeTLSConfigWithScrapeClass(tlsConfig *monitoringv1.SafeTLSConfig, scrapeClass monitoringv1.ScrapeClass) *monitoringv1.TLSConfig { @@ -522,7 +661,7 @@ func (cg *ConfigGenerator) addSafeAuthorizationToYaml( if auth.Credentials != nil { b, err := store.GetSecretKey(*auth.Credentials) if err != nil { - level.Error(cg.logger).Log("err", fmt.Sprintf("invalid credentials ref: %s", err)) + cg.logger.Error("invalid credentials reference", "err", err) } else { authCfg = append(authCfg, yaml.MapItem{Key: "credentials", Value: string(b)}) } @@ -578,7 +717,7 @@ func (cg *ConfigGenerator) buildExternalLabels() yaml.MapSlice { for k, v := range cpf.ExternalLabels { if _, found := m[k]; found { - level.Warn(cg.logger).Log("msg", "ignoring external label because it is a reserved key", "key", k) + cg.logger.Warn("ignoring external label because it is a reserved key", "key", k) continue } m[k] = v @@ -596,12 +735,12 @@ func (cg *ConfigGenerator) addProxyConfigtoYaml( return cfg } - var cgProxyConfig = cg.WithMinimumVersion("2.43.0") - if proxyConfig.ProxyURL != nil { - cfg = cgProxyConfig.AppendMapItem(cfg, "proxy_url", *proxyConfig.ProxyURL) + cfg = cg.AppendMapItem(cfg, "proxy_url", *proxyConfig.ProxyURL) } + cgProxyConfig := cg.WithMinimumVersion("2.43.0") + if proxyConfig.NoProxy != nil { cfg = cgProxyConfig.AppendMapItem(cfg, "no_proxy", *proxyConfig.NoProxy) } @@ -627,6 +766,75 @@ func (cg *ConfigGenerator) addProxyConfigtoYaml( return cfg } +func (cg *ConfigGenerator) addSafeTLStoYaml( + cfg yaml.MapSlice, + store assets.StoreGetter, + safetls *monitoringv1.SafeTLSConfig, +) yaml.MapSlice { + + if safetls == nil { + return cfg + } + + safetlsConfig := yaml.MapSlice{} + + if safetls.InsecureSkipVerify != nil { + safetlsConfig = append(safetlsConfig, yaml.MapItem{Key: "insecure_skip_verify", Value: *safetls.InsecureSkipVerify}) + } + + if safetls.CA.Secret != nil || safetls.CA.ConfigMap != nil { + safetlsConfig = append(safetlsConfig, yaml.MapItem{Key: "ca_file", Value: path.Join(tlsAssetsDir, store.TLSAsset(safetls.CA))}) + } + + if safetls.Cert.Secret != nil || safetls.Cert.ConfigMap != nil { + safetlsConfig = append(safetlsConfig, yaml.MapItem{Key: "cert_file", Value: path.Join(tlsAssetsDir, store.TLSAsset(safetls.Cert))}) + } + + if safetls.KeySecret != nil { + safetlsConfig = append(safetlsConfig, yaml.MapItem{Key: "key_file", Value: path.Join(tlsAssetsDir, store.TLSAsset(safetls.KeySecret))}) + } + + if ptr.Deref(safetls.ServerName, "") != "" { + safetlsConfig = append(safetlsConfig, yaml.MapItem{Key: "server_name", Value: *safetls.ServerName}) + } + + if safetls.MinVersion != nil { + safetlsConfig = cg.WithMinimumVersion("2.35.0").AppendMapItem(safetlsConfig, "min_version", *safetls.MinVersion) + } + + if safetls.MaxVersion != nil { + safetlsConfig = cg.WithMinimumVersion("2.41.0").AppendMapItem(safetlsConfig, "max_version", *safetls.MaxVersion) + } + + return cg.AppendMapItem(cfg, "tls_config", safetlsConfig) +} + +func (cg *ConfigGenerator) addTLStoYaml( + cfg yaml.MapSlice, + store assets.StoreGetter, + tls *monitoringv1.TLSConfig, +) yaml.MapSlice { + if tls == nil { + return cfg + } + + tlsConfig := cg.addSafeTLStoYaml(yaml.MapSlice{}, store, &tls.SafeTLSConfig)[0].Value.(yaml.MapSlice) + + if tls.CAFile != "" { + tlsConfig = append(tlsConfig, yaml.MapItem{Key: "ca_file", Value: tls.CAFile}) + } + + if tls.CertFile != "" { + tlsConfig = append(tlsConfig, yaml.MapItem{Key: "cert_file", Value: tls.CertFile}) + } + + if tls.KeyFile != "" { + tlsConfig = append(tlsConfig, yaml.MapItem{Key: "key_file", Value: tls.KeyFile}) + } + + return cg.AppendMapItem(cfg, "tls_config", tlsConfig) +} + // CompareScrapeTimeoutToScrapeInterval validates value of scrapeTimeout based on scrapeInterval. func CompareScrapeTimeoutToScrapeInterval(scrapeTimeout, scrapeInterval monitoringv1.Duration) error { var si, st model.Duration @@ -649,13 +857,7 @@ func CompareScrapeTimeoutToScrapeInterval(scrapeTimeout, scrapeInterval monitori // GenerateServerConfiguration creates a serialized YAML representation of a Prometheus Server configuration using the provided resources. func (cg *ConfigGenerator) GenerateServerConfiguration( - evaluationInterval monitoringv1.Duration, - queryLogFile string, - ruleSelector *metav1.LabelSelector, - exemplars *monitoringv1.Exemplars, - tsdb monitoringv1.TSDBSpec, - alerting *monitoringv1.AlertingSpec, - remoteRead []monitoringv1.RemoteReadSpec, + p *monitoringv1.Prometheus, sMons map[string]*monitoringv1.ServiceMonitor, pMons map[string]*monitoringv1.PodMonitor, probes map[string]*monitoringv1.Probe, @@ -678,16 +880,19 @@ func (cg *ConfigGenerator) GenerateServerConfiguration( // Global config cfg := yaml.MapSlice{} globalItems := yaml.MapSlice{} - globalItems = cg.appendEvaluationInterval(globalItems, evaluationInterval) + globalItems = cg.appendEvaluationInterval(globalItems, p.Spec.EvaluationInterval) globalItems = cg.appendScrapeIntervals(globalItems) globalItems = cg.appendScrapeProtocols(globalItems) + globalItems = cg.appendRuleQueryOffset(globalItems, p.Spec.RuleQueryOffset) globalItems = cg.appendExternalLabels(globalItems) - globalItems = cg.appendQueryLogFile(globalItems, queryLogFile) + globalItems = cg.appendQueryLogFile(globalItems, p.Spec.QueryLogFile) globalItems = cg.appendScrapeLimits(globalItems) cfg = append(cfg, yaml.MapItem{Key: "global", Value: globalItems}) + // Runtime config + cfg = cg.appendRuntime(cfg, p.Spec.Runtime) // Rule Files config - cfg = cg.appendRuleFiles(cfg, ruleConfigMapNames, ruleSelector) + cfg = cg.appendRuleFiles(cfg, ruleConfigMapNames, p.Spec.RuleSelector) // Scrape config var ( @@ -714,44 +919,48 @@ func (cg *ConfigGenerator) GenerateServerConfiguration( }) // Storage config - cfg, err = cg.appendStorageSettingsConfig(cfg, exemplars, tsdb) + cfg, err = cg.appendStorageSettingsConfig(cfg, p.Spec.Exemplars) if err != nil { return nil, fmt.Errorf("generating storage_settings configuration failed: %w", err) } + s := store.ForNamespace(cg.prom.GetObjectMeta().GetNamespace()) + // Alerting config - cfg, err = cg.appendAlertingConfig(cfg, alerting, additionalAlertRelabelConfigs, additionalAlertManagerConfigs, store) + cfg, err = cg.appendAlertingConfig(cfg, p.Spec.Alerting, additionalAlertRelabelConfigs, additionalAlertManagerConfigs, s) if err != nil { return nil, fmt.Errorf("generating alerting configuration failed: %w", err) } // Remote write config if len(cpf.RemoteWrite) > 0 { - cfg = append(cfg, cg.generateRemoteWriteConfig(store)) + cfg = append(cfg, cg.generateRemoteWriteConfig(s)) } // Remote read config - if len(remoteRead) > 0 { - cfg = append(cfg, cg.generateRemoteReadConfig(remoteRead, store)) + if len(p.Spec.RemoteRead) > 0 { + cfg = append(cfg, cg.generateRemoteReadConfig(p.Spec.RemoteRead, s)) } - if cpf.TracingConfig != nil { - tracingcfg, err := cg.generateTracingConfig() - - if err != nil { - return nil, fmt.Errorf("generating tracing configuration failed: %w", err) - } + // OTLP config + cfg, err = cg.appendOTLPConfig(cfg) + if err != nil { + return nil, fmt.Errorf("failed to generate OTLP configuration: %w", err) + } - cfg = append(cfg, tracingcfg) + cfg, err = cg.appendTracingConfig(cfg, s) + if err != nil { + return nil, fmt.Errorf("failed to generate tracing configuration: %w", err) } return yaml.Marshal(cfg) } -func (cg *ConfigGenerator) appendStorageSettingsConfig(cfg yaml.MapSlice, exemplars *monitoringv1.Exemplars, tsdb monitoringv1.TSDBSpec) (yaml.MapSlice, error) { +func (cg *ConfigGenerator) appendStorageSettingsConfig(cfg yaml.MapSlice, exemplars *monitoringv1.Exemplars) (yaml.MapSlice, error) { var ( storage yaml.MapSlice cgStorage = cg.WithMinimumVersion("2.29.0") + tsdb = cg.prom.GetCommonPrometheusFields().TSDB ) if exemplars != nil && exemplars.MaxSize != nil { @@ -763,11 +972,11 @@ func (cg *ConfigGenerator) appendStorageSettingsConfig(cfg yaml.MapSlice, exempl }) } - if tsdb.OutOfOrderTimeWindow != "" { + if tsdb != nil && tsdb.OutOfOrderTimeWindow != nil { storage = cg.WithMinimumVersion("2.39.0").AppendMapItem(storage, "tsdb", yaml.MapSlice{ { Key: "out_of_order_time_window", - Value: tsdb.OutOfOrderTimeWindow, + Value: *tsdb.OutOfOrderTimeWindow, }, }) } @@ -784,7 +993,7 @@ func (cg *ConfigGenerator) appendAlertingConfig( alerting *monitoringv1.AlertingSpec, additionalAlertRelabelConfigs []byte, additionalAlertmanagerConfigs []byte, - store *assets.StoreBuilder, + store assets.StoreGetter, ) (yaml.MapSlice, error) { if alerting == nil && additionalAlertRelabelConfigs == nil && additionalAlertmanagerConfigs == nil { return cfg, nil @@ -846,6 +1055,187 @@ func initRelabelings() []yaml.MapSlice { } } +// BuildCommonPrometheusArgs builds a slice of arguments that are common between Prometheus Server and Agent. +func (cg *ConfigGenerator) BuildCommonPrometheusArgs() []monitoringv1.Argument { + cpf := cg.prom.GetCommonPrometheusFields() + promArgs := []monitoringv1.Argument{ + {Name: "web.console.templates", Value: "/etc/prometheus/consoles"}, + {Name: "web.console.libraries", Value: "/etc/prometheus/console_libraries"}, + {Name: "config.file", Value: path.Join(ConfOutDir, ConfigEnvsubstFilename)}, + } + + if ptr.Deref(cpf.ReloadStrategy, monitoringv1.HTTPReloadStrategyType) == monitoringv1.HTTPReloadStrategyType { + promArgs = append(promArgs, monitoringv1.Argument{Name: "web.enable-lifecycle"}) + } + + if cpf.Web != nil { + if cpf.Web.PageTitle != nil { + promArgs = cg.WithMinimumVersion("2.6.0").AppendCommandlineArgument(promArgs, monitoringv1.Argument{Name: "web.page-title", Value: *cpf.Web.PageTitle}) + } + + if cpf.Web.MaxConnections != nil { + promArgs = append(promArgs, monitoringv1.Argument{Name: "web.max-connections", Value: fmt.Sprintf("%d", *cpf.Web.MaxConnections)}) + } + } + + if cpf.EnableRemoteWriteReceiver { + promArgs = cg.WithMinimumVersion("2.33.0").AppendCommandlineArgument(promArgs, monitoringv1.Argument{Name: "web.enable-remote-write-receiver"}) + if len(cpf.RemoteWriteReceiverMessageVersions) > 0 { + versions := make([]string, 0, len(cpf.RemoteWriteReceiverMessageVersions)) + for _, v := range cpf.RemoteWriteReceiverMessageVersions { + versions = append(versions, toProtobufMessageVersion(v)) + } + promArgs = cg.WithMinimumVersion("2.54.0").AppendCommandlineArgument( + promArgs, + monitoringv1.Argument{ + Name: "web.remote-write-receiver.accepted-protobuf-messages", + Value: strings.Join(versions, ","), + }, + ) + } + } + + for _, rw := range cpf.RemoteWrite { + if ptr.Deref(rw.MessageVersion, monitoringv1.RemoteWriteMessageVersion1_0) == monitoringv1.RemoteWriteMessageVersion2_0 { + promArgs = cg.WithMinimumVersion("2.54.0").AppendCommandlineArgument(promArgs, monitoringv1.Argument{Name: "enable-feature", Value: "metadata-wal-records"}) + } + } + + if len(cpf.EnableFeatures) > 0 { + efs := make([]string, len(cpf.EnableFeatures)) + for i := range cpf.EnableFeatures { + efs[i] = string(cpf.EnableFeatures[i]) + } + promArgs = cg.WithMinimumVersion("2.25.0").AppendCommandlineArgument(promArgs, monitoringv1.Argument{Name: "enable-feature", Value: strings.Join(efs, ",")}) + } + + if cpf.ExternalURL != "" { + promArgs = append(promArgs, monitoringv1.Argument{Name: "web.external-url", Value: cpf.ExternalURL}) + } + + promArgs = append(promArgs, monitoringv1.Argument{Name: "web.route-prefix", Value: cpf.WebRoutePrefix()}) + + if cpf.LogLevel != "" && cpf.LogLevel != "info" { + promArgs = append(promArgs, monitoringv1.Argument{Name: "log.level", Value: cpf.LogLevel}) + } + + if cpf.LogFormat != "" && cpf.LogFormat != "logfmt" { + promArgs = cg.WithMinimumVersion("2.6.0").AppendCommandlineArgument(promArgs, monitoringv1.Argument{Name: "log.format", Value: cpf.LogFormat}) + } + + if cpf.ListenLocal { + promArgs = append(promArgs, monitoringv1.Argument{Name: "web.listen-address", Value: "127.0.0.1:9090"}) + } + + return promArgs +} + +func (cg *ConfigGenerator) BuildPodMetadata() (map[string]string, map[string]string) { + podAnnotations := map[string]string{ + "kubectl.kubernetes.io/default-container": "prometheus", + } + + podLabels := map[string]string{ + "app.kubernetes.io/version": cg.version.String(), + } + + podMetadata := cg.prom.GetCommonPrometheusFields().PodMetadata + if podMetadata != nil { + for k, v := range podMetadata.Labels { + podLabels[k] = v + } + + for k, v := range podMetadata.Annotations { + podAnnotations[k] = v + } + } + + return podAnnotations, podLabels +} + +// BuildProbes returns a tuple of 3 probe definitions: +// 1. startup probe +// 2. readiness probe +// 3. liveness probe +// +// The /-/ready handler returns OK only after the TSDB initialization has +// completed. The WAL replay can take a significant time for large setups +// hence we enable the startup probe with a generous failure threshold (15 +// minutes) to ensure that the readiness probe only comes into effect once +// Prometheus is effectively ready. +// We don't want to use the /-/healthy handler here because it returns OK as +// soon as the web server is started (irrespective of the WAL replay). +func (cg *ConfigGenerator) BuildProbes() (*v1.Probe, *v1.Probe, *v1.Probe) { + readyProbeHandler := cg.buildProbeHandler("/-/ready") + startupPeriodSeconds, startupFailureThreshold := getStatupProbePeriodSecondsAndFailureThreshold(cg.prom.GetCommonPrometheusFields().MaximumStartupDurationSeconds) + + startupProbe := &v1.Probe{ + ProbeHandler: readyProbeHandler, + TimeoutSeconds: ProbeTimeoutSeconds, + PeriodSeconds: startupPeriodSeconds, + FailureThreshold: startupFailureThreshold, + } + + readinessProbe := &v1.Probe{ + ProbeHandler: readyProbeHandler, + TimeoutSeconds: ProbeTimeoutSeconds, + PeriodSeconds: 5, + FailureThreshold: 3, + } + + livenessProbe := &v1.Probe{ + ProbeHandler: cg.buildProbeHandler("/-/healthy"), + TimeoutSeconds: ProbeTimeoutSeconds, + PeriodSeconds: 5, + FailureThreshold: 6, + } + + return startupProbe, readinessProbe, livenessProbe +} + +func (cg *ConfigGenerator) buildProbeHandler(probePath string) v1.ProbeHandler { + cpf := cg.prom.GetCommonPrometheusFields() + + probePath = path.Clean(cpf.WebRoutePrefix() + probePath) + handler := v1.ProbeHandler{} + if cpf.ListenLocal { + probeURL := url.URL{ + Scheme: "http", + Host: "localhost:9090", + Path: probePath, + } + handler.Exec = operator.ExecAction(probeURL.String()) + + return handler + } + + handler.HTTPGet = &v1.HTTPGetAction{ + Path: probePath, + Port: intstr.FromString(cpf.PortName), + } + if cpf.Web != nil && cpf.Web.TLSConfig != nil && cg.IsCompatible() { + handler.HTTPGet.Scheme = v1.URISchemeHTTPS + } + + return handler +} + +func getStatupProbePeriodSecondsAndFailureThreshold(maxStartupDurationSeconds *int32) (int32, int32) { + var ( + startupPeriodSeconds float64 = 15 + startupFailureThreshold float64 = 60 + ) + + maximumStartupDurationSeconds := float64(ptr.Deref(maxStartupDurationSeconds, 0)) + + if maximumStartupDurationSeconds >= 60 { + startupFailureThreshold = math.Ceil(maximumStartupDurationSeconds / 60) + startupPeriodSeconds = math.Ceil(maximumStartupDurationSeconds / startupFailureThreshold) + } + + return int32(startupPeriodSeconds), int32(startupFailureThreshold) +} + func (cg *ConfigGenerator) generatePodMonitorConfig( m *monitoringv1.PodMonitor, ep monitoringv1.PodMetricsEndpoint, @@ -865,13 +1255,7 @@ func (cg *ConfigGenerator) generatePodMonitorConfig( cfg = cg.AddHonorTimestamps(cfg, ep.HonorTimestamps) cfg = cg.AddTrackTimestampsStaleness(cfg, ep.TrackTimestampsStaleness) - var attachMetaConfig *attachMetadataConfig - if m.Spec.AttachMetadata != nil { - attachMetaConfig = &attachMetadataConfig{ - MinimumVersion: "2.35.0", - AttachMetadata: m.Spec.AttachMetadata, - } - } + attachMetaConfig := mergeAttachMetadataWithScrapeClass(m.Spec.AttachMetadata, scrapeClass, "2.35.0") s := store.ForNamespace(m.Namespace) @@ -902,15 +1286,15 @@ func (cg *ConfigGenerator) generatePodMonitorConfig( cfg = cg.WithMinimumVersion("2.35.0").AppendMapItem(cfg, "enable_http2", *ep.EnableHttp2) } - cfg = addTLStoYaml(cfg, m.Namespace, mergeSafeTLSConfigWithScrapeClass(ep.TLSConfig, scrapeClass)) + cfg = cg.addTLStoYaml(cfg, s, mergeSafeTLSConfigWithScrapeClass(ep.TLSConfig, scrapeClass)) //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if ep.BearerTokenSecret.Name != "" { - level.Debug(cg.logger).Log("msg", "'bearerTokenSecret' is deprecated, use 'authorization' instead.") + cg.logger.Debug("'bearerTokenSecret' is deprecated, use 'authorization' instead.") b, err := s.GetSecretKey(ep.BearerTokenSecret) if err != nil { - level.Error(cg.logger).Log("err", fmt.Sprintf("invalid bearer token secret ref: %s", err)) + cg.logger.Error("invalid bearer token secret reference", "err", err) } else { cfg = append(cfg, yaml.MapItem{Key: "bearer_token", Value: string(b)}) } @@ -927,15 +1311,9 @@ func (cg *ConfigGenerator) generatePodMonitorConfig( relabelings = append(relabelings, generateRunningFilter()) } - var labelKeys []string // Filter targets by pods selected by the monitor. // Exact label matches. - for k := range m.Spec.Selector.MatchLabels { - labelKeys = append(labelKeys, k) - } - sort.Strings(labelKeys) - - for _, k := range labelKeys { + for _, k := range util.SortedKeys(m.Spec.Selector.MatchLabels) { relabelings = append(relabelings, yaml.MapSlice{ {Key: "action", Value: "keep"}, {Key: "source_labels", Value: []string{"__meta_kubernetes_pod_label_" + sanitizeLabelName(k), "__meta_kubernetes_pod_labelpresent_" + sanitizeLabelName(k)}}, @@ -981,7 +1359,7 @@ func (cg *ConfigGenerator) generatePodMonitorConfig( {Key: "regex", Value: ep.Port}, }) } else if ep.TargetPort != nil { //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - level.Warn(cg.logger).Log("msg", "'targetPort' is deprecated, use 'port' instead.") + cg.logger.Warn("'targetPort' is deprecated, use 'port' instead.") //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if ep.TargetPort.StrVal != "" { relabelings = append(relabelings, yaml.MapSlice{ @@ -1062,7 +1440,11 @@ func (cg *ConfigGenerator) generatePodMonitorConfig( labeler := namespacelabeler.New(cpf.EnforcedNamespaceLabel, cpf.ExcludedFromEnforcement, false) relabelings = append(relabelings, generateRelabelConfig(labeler.GetRelabelingConfigs(m.TypeMeta, m.ObjectMeta, ep.RelabelConfigs))...) - relabelings = generateAddressShardingRelabelingRules(relabelings, shards) + // DaemonSet mode doesn't support sharding. + if !cg.daemonSet { + relabelings = generateAddressShardingRelabelingRules(relabelings, shards) + } + cfg = append(cfg, yaml.MapItem{Key: "relabel_configs", Value: relabelings}) cfg = cg.AddLimitsToYAML(cfg, sampleLimitKey, m.Spec.SampleLimit, cpf.EnforcedSampleLimit) @@ -1071,6 +1453,7 @@ func (cg *ConfigGenerator) generatePodMonitorConfig( cfg = cg.AddLimitsToYAML(cfg, labelNameLengthLimitKey, m.Spec.LabelNameLengthLimit, cpf.EnforcedLabelNameLengthLimit) cfg = cg.AddLimitsToYAML(cfg, labelValueLengthLimitKey, m.Spec.LabelValueLengthLimit, cpf.EnforcedLabelValueLengthLimit) cfg = cg.AddLimitsToYAML(cfg, keepDroppedTargetsKey, m.Spec.KeepDroppedTargets, cpf.EnforcedKeepDroppedTargets) + cfg = cg.addNativeHistogramConfig(cfg, m.Spec.NativeHistogramConfig) cfg = cg.AddScrapeProtocols(cfg, m.Spec.ScrapeProtocols) if bodySizeLimit := getLowerByteSize(m.Spec.BodySizeLimit, &cpf); !isByteSizeEmpty(bodySizeLimit) { @@ -1138,6 +1521,7 @@ func (cg *ConfigGenerator) generateProbeConfig( cfg = cg.AddLimitsToYAML(cfg, labelNameLengthLimitKey, m.Spec.LabelNameLengthLimit, cpf.EnforcedLabelNameLengthLimit) cfg = cg.AddLimitsToYAML(cfg, labelValueLengthLimitKey, m.Spec.LabelValueLengthLimit, cpf.EnforcedLabelValueLengthLimit) cfg = cg.AddLimitsToYAML(cfg, keepDroppedTargetsKey, m.Spec.KeepDroppedTargets, cpf.EnforcedKeepDroppedTargets) + cfg = cg.addNativeHistogramConfig(cfg, m.Spec.NativeHistogramConfig) cfg = cg.AddScrapeProtocols(cfg, m.Spec.ScrapeProtocols) if cpf.EnforcedBodySizeLimit != "" { @@ -1210,16 +1594,9 @@ func (cg *ConfigGenerator) generateProbeConfig( case m.Spec.Targets.Ingress != nil: // Generate kubernetes_sd_config section for the ingress resources. - // Filter targets by ingresses selected by the monitor. // Exact label matches. - labelKeys := make([]string, 0, len(m.Spec.Targets.Ingress.Selector.MatchLabels)) - for k := range m.Spec.Targets.Ingress.Selector.MatchLabels { - labelKeys = append(labelKeys, k) - } - sort.Strings(labelKeys) - - for _, k := range labelKeys { + for _, k := range util.SortedKeys(m.Spec.Targets.Ingress.Selector.MatchLabels) { relabelings = append(relabelings, yaml.MapSlice{ {Key: "action", Value: "keep"}, {Key: "source_labels", Value: []string{"__meta_kubernetes_ingress_label_" + sanitizeLabelName(k), "__meta_kubernetes_ingress_labelpresent_" + sanitizeLabelName(k)}}, @@ -1310,12 +1687,12 @@ func (cg *ConfigGenerator) generateProbeConfig( relabelings = generateAddressShardingRelabelingRulesForProbes(relabelings, shards) cfg = append(cfg, yaml.MapItem{Key: "relabel_configs", Value: relabelings}) - cfg = addTLStoYaml(cfg, m.Namespace, mergeSafeTLSConfigWithScrapeClass(m.Spec.TLSConfig, scrapeClass)) + cfg = cg.addTLStoYaml(cfg, s, mergeSafeTLSConfigWithScrapeClass(m.Spec.TLSConfig, scrapeClass)) if m.Spec.BearerTokenSecret.Name != "" { b, err := s.GetSecretKey(m.Spec.BearerTokenSecret) if err != nil { - level.Error(cg.logger).Log("err", fmt.Sprintf("invalid bearer token secret ref: %s", err)) + cg.logger.Error("invalid bearer token reference", "err", err) } else { cfg = append(cfg, yaml.MapItem{Key: "bearer_token", Value: string(b)}) } @@ -1357,20 +1734,11 @@ func (cg *ConfigGenerator) generateServiceMonitorConfig( cfg = cg.AddHonorTimestamps(cfg, ep.HonorTimestamps) cfg = cg.AddTrackTimestampsStaleness(cfg, ep.TrackTimestampsStaleness) - role := kubernetesSDRoleEndpoint - if cg.EndpointSliceSupported() { - role = kubernetesSDRoleEndpointSlice - } - - var attachMetaConfig *attachMetadataConfig - if m.Spec.AttachMetadata != nil { - attachMetaConfig = &attachMetadataConfig{ - MinimumVersion: "2.37.0", - AttachMetadata: m.Spec.AttachMetadata, - } - } + attachMetaConfig := mergeAttachMetadataWithScrapeClass(m.Spec.AttachMetadata, scrapeClass, "2.37.0") s := store.ForNamespace(m.Namespace) + + role := cg.endpointRoleFlavor() cfg = append(cfg, cg.generateK8SSDConfig(m.Spec.NamespaceSelector, m.Namespace, apiserverConfig, s, role, attachMetaConfig)) if ep.Interval != "" { @@ -1400,20 +1768,20 @@ func (cg *ConfigGenerator) generateServiceMonitorConfig( cfg = cg.addOAuth2ToYaml(cfg, s, ep.OAuth2) - cfg = addTLStoYaml(cfg, m.Namespace, mergeTLSConfigWithScrapeClass(ep.TLSConfig, scrapeClass)) + cfg = cg.addTLStoYaml(cfg, s, mergeTLSConfigWithScrapeClass(ep.TLSConfig, scrapeClass)) if ep.BearerTokenFile != "" { //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - level.Debug(cg.logger).Log("msg", "'bearerTokenFile' is deprecated, use 'authorization' instead.") + cg.logger.Debug("'bearerTokenFile' is deprecated, use 'authorization' instead.") cfg = append(cfg, yaml.MapItem{Key: "bearer_token_file", Value: ep.BearerTokenFile}) //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. } if ep.BearerTokenSecret != nil && ep.BearerTokenSecret.Name != "" { //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - level.Debug(cg.logger).Log("msg", "'bearerTokenSecret' is deprecated, use 'authorization' instead.") + cg.logger.Debug("'bearerTokenSecret' is deprecated, use 'authorization' instead.") //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. b, err := s.GetSecretKey(*ep.BearerTokenSecret) if err != nil { - level.Error(cg.logger).Log("err", fmt.Sprintf("invalid bearer token secret ref: %s", err)) + cg.logger.Error("invalid bearer token reference", "err", err) } else { cfg = append(cfg, yaml.MapItem{Key: "bearer_token", Value: string(b)}) } @@ -1426,15 +1794,8 @@ func (cg *ConfigGenerator) generateServiceMonitorConfig( relabelings := initRelabelings() // Filter targets by services selected by the monitor. - // Exact label matches. - var labelKeys []string - for k := range m.Spec.Selector.MatchLabels { - labelKeys = append(labelKeys, k) - } - sort.Strings(labelKeys) - - for _, k := range labelKeys { + for _, k := range util.SortedKeys(m.Spec.Selector.MatchLabels) { relabelings = append(relabelings, yaml.MapSlice{ {Key: "action", Value: "keep"}, {Key: "source_labels", Value: []string{"__meta_kubernetes_service_label_" + sanitizeLabelName(k), "__meta_kubernetes_service_labelpresent_" + sanitizeLabelName(k)}}, @@ -1475,7 +1836,7 @@ func (cg *ConfigGenerator) generateServiceMonitorConfig( // Filter targets based on correct port for the endpoint. if ep.Port != "" { sourceLabels := []string{"__meta_kubernetes_endpoint_port_name"} - if cg.EndpointSliceSupported() { + if role == kubernetesSDRoleEndpointSlice { sourceLabels = []string{"__meta_kubernetes_endpointslice_port_name"} } relabelings = append(relabelings, yaml.MapSlice{ @@ -1500,7 +1861,7 @@ func (cg *ConfigGenerator) generateServiceMonitorConfig( } sourceLabels := []string{"__meta_kubernetes_endpoint_address_target_kind", "__meta_kubernetes_endpoint_address_target_name"} - if cg.EndpointSliceSupported() { + if role == kubernetesSDRoleEndpointSlice { sourceLabels = []string{"__meta_kubernetes_endpointslice_address_target_kind", "__meta_kubernetes_endpointslice_address_target_name"} } @@ -1609,6 +1970,7 @@ func (cg *ConfigGenerator) generateServiceMonitorConfig( cfg = cg.AddLimitsToYAML(cfg, labelNameLengthLimitKey, m.Spec.LabelNameLengthLimit, cpf.EnforcedLabelNameLengthLimit) cfg = cg.AddLimitsToYAML(cfg, labelValueLengthLimitKey, m.Spec.LabelValueLengthLimit, cpf.EnforcedLabelValueLengthLimit) cfg = cg.AddLimitsToYAML(cfg, keepDroppedTargetsKey, m.Spec.KeepDroppedTargets, cpf.EnforcedKeepDroppedTargets) + cfg = cg.addNativeHistogramConfig(cfg, m.Spec.NativeHistogramConfig) cfg = cg.AddScrapeProtocols(cfg, m.Spec.ScrapeProtocols) if bodySizeLimit := getLowerByteSize(m.Spec.BodySizeLimit, &cpf); !isByteSizeEmpty(bodySizeLimit) { @@ -1662,7 +2024,7 @@ func (cg *ConfigGenerator) generateAddressShardingRelabelingRulesIfMissing(relab for i, relabeling := range relabelings { for _, relabelItem := range relabeling { if relabelItem.Key == "action" && relabelItem.Value == "hashmod" { - level.Debug(cg.logger).Log("msg", "found existing hashmod relabeling rule, skipping", "idx", i) + cg.logger.Debug("found existing hashmod relabeling rule, skipping", "idx", i) return relabelings } } @@ -1741,7 +2103,11 @@ func (cg *ConfigGenerator) getNamespacesFromNamespaceSelector(nsel monitoringv1. type attachMetadataConfig struct { MinimumVersion string - AttachMetadata *monitoringv1.AttachMetadata + attachMetadata *monitoringv1.AttachMetadata +} + +func (a *attachMetadataConfig) node() bool { + return ptr.Deref(a.attachMetadata.Node, false) } // generateK8SSDConfig generates a kubernetes_sd_configs entry. @@ -1782,24 +2148,43 @@ func (cg *ConfigGenerator) generateK8SSDConfig( //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if apiserverConfig.BearerToken != "" { - level.Warn(cg.logger).Log("msg", "'bearerToken' is deprecated, use 'authorization' instead.") + cg.logger.Warn("'bearerToken' is deprecated, use 'authorization' instead.") k8sSDConfig = append(k8sSDConfig, yaml.MapItem{Key: "bearer_token", Value: apiserverConfig.BearerToken}) } //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if apiserverConfig.BearerTokenFile != "" { - level.Debug(cg.logger).Log("msg", "'bearerTokenFile' is deprecated, use 'authorization' instead.") + cg.logger.Debug("'bearerTokenFile' is deprecated, use 'authorization' instead.") k8sSDConfig = append(k8sSDConfig, yaml.MapItem{Key: "bearer_token_file", Value: apiserverConfig.BearerTokenFile}) } k8sSDConfig = cg.addAuthorizationToYaml(k8sSDConfig, store, apiserverConfig.Authorization) - k8sSDConfig = addTLStoYaml(k8sSDConfig, namespace, apiserverConfig.TLSConfig) + k8sSDConfig = cg.addTLStoYaml(k8sSDConfig, store, apiserverConfig.TLSConfig) } if attachMetadataConfig != nil { - k8sSDConfig = cg.WithMinimumVersion(attachMetadataConfig.MinimumVersion).AppendMapItem(k8sSDConfig, "attach_metadata", yaml.MapSlice{ - {Key: "node", Value: attachMetadataConfig.AttachMetadata.Node}, + k8sSDConfig = cg.WithMinimumVersion(attachMetadataConfig.MinimumVersion).AppendMapItem( + k8sSDConfig, + "attach_metadata", + yaml.MapSlice{ + {Key: "node", Value: attachMetadataConfig.node()}, + }) + } + + // Specific configuration generated for DaemonSet mode. + if cg.daemonSet { + k8sSDConfig = cg.AppendMapItem(k8sSDConfig, "selectors", []yaml.MapSlice{ + { + { + Key: "role", + Value: "pod", + }, + { + Key: "field", + Value: "spec.nodeName=$(NODE_NAME)", + }, + }, }) } @@ -1811,7 +2196,7 @@ func (cg *ConfigGenerator) generateK8SSDConfig( } } -func (cg *ConfigGenerator) generateAlertmanagerConfig(alerting *monitoringv1.AlertingSpec, apiserverConfig *monitoringv1.APIServerConfig, store *assets.StoreBuilder) []yaml.MapSlice { +func (cg *ConfigGenerator) generateAlertmanagerConfig(alerting *monitoringv1.AlertingSpec, apiserverConfig *monitoringv1.APIServerConfig, store assets.StoreGetter) []yaml.MapSlice { if alerting == nil || len(alerting.Alertmanagers) == 0 { return nil } @@ -1840,21 +2225,22 @@ func (cg *ConfigGenerator) generateAlertmanagerConfig(alerting *monitoringv1.Ale cfg = cg.WithMinimumVersion("2.35.0").AppendMapItem(cfg, "enable_http2", *am.EnableHttp2) } - cfg = addTLStoYaml(cfg, cg.prom.GetObjectMeta().GetNamespace(), am.TLSConfig) + cfg = cg.addTLStoYaml(cfg, store, am.TLSConfig) - cfg = append(cfg, cg.generateK8SSDConfig(monitoringv1.NamespaceSelector{}, am.Namespace, apiserverConfig, s, kubernetesSDRoleEndpoint, nil)) + ns := ptr.Deref(am.Namespace, cg.prom.GetObjectMeta().GetNamespace()) + cfg = append(cfg, cg.generateK8SSDConfig(monitoringv1.NamespaceSelector{}, ns, apiserverConfig, store, cg.endpointRoleFlavor(), nil)) //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if am.BearerTokenFile != "" { - level.Debug(cg.logger).Log("msg", "'bearerTokenFile' is deprecated, use 'authorization' instead.") + cg.logger.Debug("'bearerTokenFile' is deprecated, use 'authorization' instead.") cfg = append(cfg, yaml.MapItem{Key: "bearer_token_file", Value: am.BearerTokenFile}) } - cfg = cg.WithMinimumVersion("2.26.0").addBasicAuthToYaml(cfg, s, am.BasicAuth) + cfg = cg.WithMinimumVersion("2.26.0").addBasicAuthToYaml(cfg, store, am.BasicAuth) - cfg = cg.addSafeAuthorizationToYaml(cfg, s, am.Authorization) + cfg = cg.addSafeAuthorizationToYaml(cfg, store, am.Authorization) - cfg = cg.WithMinimumVersion("2.48.0").addSigv4ToYaml(cfg, fmt.Sprintf("alertmanager/auth/%d", i), s, am.Sigv4) + cfg = cg.WithMinimumVersion("2.48.0").addSigv4ToYaml(cfg, fmt.Sprintf("alertmanager/auth/%d", i), store, am.Sigv4) if am.APIVersion == "v1" || am.APIVersion == "v2" { cfg = cg.WithMinimumVersion("2.11.0").AppendMapItem(cfg, "api_version", am.APIVersion) @@ -1869,9 +2255,13 @@ func (cg *ConfigGenerator) generateAlertmanagerConfig(alerting *monitoringv1.Ale }) if am.Port.StrVal != "" { + sourceLabels := []string{"__meta_kubernetes_endpoint_port_name"} + if cg.endpointRoleFlavor() == kubernetesSDRoleEndpointSlice { + sourceLabels = []string{"__meta_kubernetes_endpointslice_port_name"} + } relabelings = append(relabelings, yaml.MapSlice{ {Key: "action", Value: "keep"}, - {Key: "source_labels", Value: []string{"__meta_kubernetes_endpoint_port_name"}}, + {Key: "source_labels", Value: sourceLabels}, {Key: "regex", Value: am.Port.String()}, }) } else if am.Port.IntVal != 0 { @@ -1907,7 +2297,9 @@ func (cg *ConfigGenerator) generateAdditionalScrapeConfigs( if err != nil { return nil, fmt.Errorf("unmarshalling additional scrape configs failed: %w", err) } - if shards == 1 { + + // DaemonSet mode doesn't support sharding. + if cg.daemonSet || shards == 1 { return additionalScrapeConfigsYaml, nil } @@ -1934,7 +2326,11 @@ func (cg *ConfigGenerator) generateAdditionalScrapeConfigs( relabelings = append(relabelings, relabeling) } } - relabelings = cg.generateAddressShardingRelabelingRulesIfMissing(relabelings, shards) + // DaemonSet mode doesn't support sharding. + if !cg.daemonSet { + relabelings = cg.generateAddressShardingRelabelingRulesIfMissing(relabelings, shards) + } + addlScrapeConfig = append(addlScrapeConfig, otherConfigItems...) addlScrapeConfig = append(addlScrapeConfig, yaml.MapItem{Key: "relabel_configs", Value: relabelings}) addlScrapeConfigs = append(addlScrapeConfigs, addlScrapeConfig) @@ -1942,23 +2338,18 @@ func (cg *ConfigGenerator) generateAdditionalScrapeConfigs( return addlScrapeConfigs, nil } -func (cg *ConfigGenerator) generateRemoteReadConfig( - remoteRead []monitoringv1.RemoteReadSpec, - store *assets.StoreBuilder, -) yaml.MapItem { +func (cg *ConfigGenerator) generateRemoteReadConfig(remoteRead []monitoringv1.RemoteReadSpec, s assets.StoreGetter) yaml.MapItem { cfgs := []yaml.MapSlice{} objMeta := cg.prom.GetObjectMeta() s := store.ForNamespace(objMeta.GetNamespace()) for _, spec := range remoteRead { - // defaults - if spec.RemoteTimeout == "" { - spec.RemoteTimeout = "30s" - } - cfg := yaml.MapSlice{ {Key: "url", Value: spec.URL}, - {Key: "remote_timeout", Value: spec.RemoteTimeout}, + } + + if spec.RemoteTimeout != nil { + cfg = append(cfg, yaml.MapItem{Key: "remote_timeout", Value: *spec.RemoteTimeout}) } if len(spec.Headers) > 0 { @@ -1981,19 +2372,19 @@ func (cg *ConfigGenerator) generateRemoteReadConfig( //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if spec.BearerToken != "" { - level.Warn(cg.logger).Log("msg", "'bearerToken' is deprecated, use 'authorization' instead.") + cg.logger.Warn("'bearerToken' is deprecated, use 'authorization' instead.") cfg = append(cfg, yaml.MapItem{Key: "bearer_token", Value: spec.BearerToken}) } //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if spec.BearerTokenFile != "" { - level.Debug(cg.logger).Log("msg", "'bearerTokenFile' is deprecated, use 'authorization' instead.") + cg.logger.Debug("'bearerTokenFile' is deprecated, use 'authorization' instead.") cfg = append(cfg, yaml.MapItem{Key: "bearer_token_file", Value: spec.BearerTokenFile}) } cfg = cg.addOAuth2ToYaml(cfg, s, spec.OAuth2) - cfg = addTLStoYaml(cfg, objMeta.GetNamespace(), spec.TLSConfig) + cfg = cg.addTLStoYaml(cfg, s, spec.TLSConfig) cfg = cg.addAuthorizationToYaml(cfg, s, spec.Authorization) @@ -2027,13 +2418,13 @@ func (cg *ConfigGenerator) addOAuth2ToYaml( clientID, err := store.GetSecretOrConfigMapKey(oauth2.ClientID) if err != nil { - level.Error(cg.logger).Log("err", fmt.Sprintf("invalid clientID ref: %s", err)) + cg.logger.Error("invalid OAuth2 client ID reference", "err", err) return cfg } clientSecret, err := store.GetSecretKey(oauth2.ClientSecret) if err != nil { - level.Error(cg.logger).Log("err", fmt.Sprintf("invalid clientSecret ref: %s", err)) + cg.logger.Error("invalid OAuth2 client secret reference", "err", err) return cfg } @@ -2052,32 +2443,51 @@ func (cg *ConfigGenerator) addOAuth2ToYaml( oauth2Cfg = append(oauth2Cfg, yaml.MapItem{Key: "endpoint_params", Value: oauth2.EndpointParams}) } + oauth2Cfg = cg.WithMinimumVersion("2.43.0").addProxyConfigtoYaml(oauth2Cfg, store, oauth2.ProxyConfig) + oauth2Cfg = cg.WithMinimumVersion("2.43.0").addSafeTLStoYaml(oauth2Cfg, store, oauth2.TLSConfig) + return cg.WithMinimumVersion("2.27.0").AppendMapItem(cfg, "oauth2", oauth2Cfg) } -func (cg *ConfigGenerator) generateRemoteWriteConfig( - store *assets.StoreBuilder, -) yaml.MapItem { - cfgs := []yaml.MapSlice{} - cpf := cg.prom.GetCommonPrometheusFields() - objMeta := cg.prom.GetObjectMeta() +func toProtobufMessageVersion(mv monitoringv1.RemoteWriteMessageVersion) string { + switch mv { + case monitoringv1.RemoteWriteMessageVersion1_0: + return "prometheus.WriteRequest" + case monitoringv1.RemoteWriteMessageVersion2_0: + return "io.prometheus.write.v2.Request" + } - for i, spec := range cpf.RemoteWrite { - // defaults - if spec.RemoteTimeout == "" { - spec.RemoteTimeout = "30s" - } + // The API should allow only the values listed in the switch/case + // statement but in case something goes wrong, let's return remote + // write v1. + return "prometheus.WriteRequest" +} + +func (cg *ConfigGenerator) generateRemoteWriteConfig(s assets.StoreGetter) yaml.MapItem { + var ( + cfgs = []yaml.MapSlice{} + cpf = cg.prom.GetCommonPrometheusFields() + ) + for i, spec := range cpf.RemoteWrite { cfg := yaml.MapSlice{ {Key: "url", Value: spec.URL}, - {Key: "remote_timeout", Value: spec.RemoteTimeout}, } + + if spec.RemoteTimeout != nil { + cfg = append(cfg, yaml.MapItem{Key: "remote_timeout", Value: *spec.RemoteTimeout}) + } + if len(spec.Headers) > 0 { cfg = cg.WithMinimumVersion("2.15.0").AppendMapItem(cfg, "headers", stringMapToMapSlice(spec.Headers)) } - if spec.Name != "" { - cfg = cg.WithMinimumVersion("2.15.0").AppendMapItem(cfg, "name", spec.Name) + if ptr.Deref(spec.Name, "") != "" { + cfg = cg.WithMinimumVersion("2.15.0").AppendMapItem(cfg, "name", *spec.Name) + } + + if spec.MessageVersion != nil { + cfg = cg.WithMinimumVersion("2.54.0").AppendMapItem(cfg, "protobuf_message", toProtobufMessageVersion(*spec.MessageVersion)) } if spec.SendExemplars != nil { @@ -2127,24 +2537,23 @@ func (cg *ConfigGenerator) generateRemoteWriteConfig( } - s := store.ForNamespace(objMeta.GetNamespace()) cfg = cg.addBasicAuthToYaml(cfg, s, spec.BasicAuth) //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if spec.BearerToken != "" { - level.Warn(cg.logger).Log("msg", "'bearerToken' is deprecated, use 'authorization' instead.") + cg.logger.Warn("'bearerToken' is deprecated, use 'authorization' instead.") cfg = append(cfg, yaml.MapItem{Key: "bearer_token", Value: spec.BearerToken}) } //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if spec.BearerTokenFile != "" { - level.Debug(cg.logger).Log("msg", "'bearerTokenFile' is deprecated, use 'authorization' instead.") + cg.logger.Debug("'bearerTokenFile' is deprecated, use 'authorization' instead.") cfg = append(cfg, yaml.MapItem{Key: "bearer_token_file", Value: spec.BearerTokenFile}) } cfg = cg.addOAuth2ToYaml(cfg, s, spec.OAuth2) - cfg = addTLStoYaml(cfg, objMeta.GetNamespace(), spec.TLSConfig) + cfg = cg.addTLStoYaml(cfg, s, spec.TLSConfig) cfg = cg.addAuthorizationToYaml(cfg, s, spec.Authorization) @@ -2166,7 +2575,7 @@ func (cg *ConfigGenerator) generateRemoteWriteConfig( if spec.AzureAD.OAuth != nil { b, err := s.GetSecretKey(spec.AzureAD.OAuth.ClientSecret) if err != nil { - level.Error(cg.logger).Log("err", fmt.Sprintf("invalid Azure OAuth clientSecret ref: %s", err)) + cg.logger.Error("invalid Azure OAuth client secret", "err", err) } else { azureAd = cg.WithMinimumVersion("2.48.0").AppendMapItem(azureAd, "oauth", yaml.MapSlice{ {Key: "client_id", Value: spec.AzureAD.OAuth.ClientID}, @@ -2284,6 +2693,19 @@ func (cg *ConfigGenerator) appendScrapeProtocols(slice yaml.MapSlice) yaml.MapSl return cg.WithMinimumVersion("2.49.0").AppendMapItem(slice, "scrape_protocols", cpf.ScrapeProtocols) } +func (cg *ConfigGenerator) appendRuntime(slice yaml.MapSlice, runtime *monitoringv1.RuntimeConfig) yaml.MapSlice { + if runtime == nil || !cg.WithMinimumVersion("2.53.0").IsCompatible() { + return slice + } + + var runtimeSlice yaml.MapSlice + if runtime.GoGC != nil { + runtimeSlice = cg.AppendMapItem(runtimeSlice, "gogc", *runtime.GoGC) + } + + return cg.AppendMapItem(slice, "runtime", runtimeSlice) +} + func (cg *ConfigGenerator) appendEvaluationInterval(slice yaml.MapSlice, evaluationInterval monitoringv1.Duration) yaml.MapSlice { return append(slice, yaml.MapItem{Key: "evaluation_interval", Value: evaluationInterval}) } @@ -2291,7 +2713,7 @@ func (cg *ConfigGenerator) appendEvaluationInterval(slice yaml.MapSlice, evaluat func (cg *ConfigGenerator) appendGlobalLimits(slice yaml.MapSlice, limitKey string, limit *uint64, enforcedLimit *uint64) yaml.MapSlice { if ptr.Deref(limit, 0) > 0 { if ptr.Deref(enforcedLimit, 0) > 0 && *limit > *enforcedLimit { - level.Warn(cg.logger).Log("msg", fmt.Sprintf("%q is greater than the enforced limit, using enforced limit", limitKey), "limit", *limit, "enforced_limit", *enforcedLimit) + cg.logger.Warn(fmt.Sprintf("%q is greater than the enforced limit, using enforced limit", limitKey), "limit", *limit, "enforced_limit", *enforcedLimit) return cg.AppendMapItem(slice, limitKey, *enforcedLimit) } return cg.AppendMapItem(slice, limitKey, *limit) @@ -2320,7 +2742,6 @@ func (cg *ConfigGenerator) appendScrapeLimits(slice yaml.MapSlice) yaml.MapSlice slice = cg.WithMinimumVersion("2.45.0").appendGlobalLimits(slice, "label_name_length_limit", cpf.LabelNameLengthLimit, cpf.EnforcedLabelNameLengthLimit) slice = cg.WithMinimumVersion("2.45.0").appendGlobalLimits(slice, "label_value_length_limit", cpf.LabelValueLengthLimit, cpf.EnforcedLabelValueLengthLimit) slice = cg.WithMinimumVersion("2.47.0").appendGlobalLimits(slice, "keep_dropped_targets", cpf.KeepDroppedTargets, cpf.EnforcedKeepDroppedTargets) - return slice } @@ -2333,6 +2754,13 @@ func (cg *ConfigGenerator) appendExternalLabels(slice yaml.MapSlice) yaml.MapSli return slice } +func (cg *ConfigGenerator) appendRuleQueryOffset(slice yaml.MapSlice, ruleQueryOffset *monitoringv1.Duration) yaml.MapSlice { + if ruleQueryOffset == nil { + return slice + } + return cg.WithMinimumVersion("2.53.0").AppendMapItem(slice, "rule_query_offset", ruleQueryOffset) +} + func (cg *ConfigGenerator) appendQueryLogFile(slice yaml.MapSlice, queryLogFile string) yaml.MapSlice { if queryLogFile != "" { slice = cg.WithMinimumVersion("2.16.0").AppendMapItem(slice, "query_log_file", queryLogFilePath(queryLogFile)) @@ -2362,17 +2790,8 @@ func (cg *ConfigGenerator) appendServiceMonitorConfigs( apiserverConfig *monitoringv1.APIServerConfig, store *assets.StoreBuilder, shards int32) []yaml.MapSlice { - sMonIdentifiers := make([]string, len(serviceMonitors)) - i := 0 - for k := range serviceMonitors { - sMonIdentifiers[i] = k - i++ - } - // Sorting ensures, that we always generate the config in the same order. - sort.Strings(sMonIdentifiers) - - for _, identifier := range sMonIdentifiers { + for _, identifier := range util.SortedKeys(serviceMonitors) { for i, ep := range serviceMonitors[identifier].Spec.Endpoints { slices = append(slices, cg.WithKeyVals("service_monitor", identifier).generateServiceMonitorConfig( @@ -2395,17 +2814,8 @@ func (cg *ConfigGenerator) appendPodMonitorConfigs( apiserverConfig *monitoringv1.APIServerConfig, store *assets.StoreBuilder, shards int32) []yaml.MapSlice { - pMonIdentifiers := make([]string, len(podMonitors)) - i := 0 - for k := range podMonitors { - pMonIdentifiers[i] = k - i++ - } - - // Sorting ensures, that we always generate the config in the same order. - sort.Strings(pMonIdentifiers) - for _, identifier := range pMonIdentifiers { + for _, identifier := range util.SortedKeys(podMonitors) { for i, ep := range podMonitors[identifier].Spec.PodMetricsEndpoints { slices = append(slices, cg.WithKeyVals("pod_monitor", identifier).generatePodMonitorConfig( @@ -2427,17 +2837,8 @@ func (cg *ConfigGenerator) appendProbeConfigs( apiserverConfig *monitoringv1.APIServerConfig, store *assets.StoreBuilder, shards int32) []yaml.MapSlice { - probeIdentifiers := make([]string, len(probes)) - i := 0 - for k := range probes { - probeIdentifiers[i] = k - i++ - } - - // Sorting ensures, that we always generate the config in the same order. - sort.Strings(probeIdentifiers) - for _, identifier := range probeIdentifiers { + for _, identifier := range util.SortedKeys(probes) { slices = append(slices, cg.WithKeyVals("probe", identifier).generateProbeConfig( probes[identifier], @@ -2494,35 +2895,55 @@ func (cg *ConfigGenerator) GenerateAgentConfiguration( shards = shardsNumber(cg.prom) ) - scrapeConfigs = cg.appendServiceMonitorConfigs(scrapeConfigs, sMons, apiserverConfig, store, shards) scrapeConfigs = cg.appendPodMonitorConfigs(scrapeConfigs, pMons, apiserverConfig, store, shards) - scrapeConfigs = cg.appendProbeConfigs(scrapeConfigs, probes, apiserverConfig, store, shards) - scrapeConfigs, err := cg.appendScrapeConfigs(scrapeConfigs, sCons, store, shards) + scrapeConfigs, err := cg.appendAdditionalScrapeConfigs(scrapeConfigs, additionalScrapeConfigs, shards) if err != nil { - return nil, fmt.Errorf("generate scrape configs: %w", err) + return nil, fmt.Errorf("generate additional scrape configs: %w", err) } - scrapeConfigs, err = cg.appendAdditionalScrapeConfigs(scrapeConfigs, additionalScrapeConfigs, shards) - if err != nil { - return nil, fmt.Errorf("generate additional scrape configs: %w", err) + // Currently, DaemonSet mode doesn't support these. + if !cg.daemonSet { + scrapeConfigs = cg.appendServiceMonitorConfigs(scrapeConfigs, sMons, apiserverConfig, store, shards) + scrapeConfigs = cg.appendProbeConfigs(scrapeConfigs, probes, apiserverConfig, store, shards) + scrapeConfigs, err = cg.appendScrapeConfigs(scrapeConfigs, sCons, store, shards) + if err != nil { + return nil, fmt.Errorf("generate scrape configs: %w", err) + } } + cfg = append(cfg, yaml.MapItem{ Key: "scrape_configs", Value: scrapeConfigs, }) + // TSDB + tsdb := cpf.TSDB + if tsdb != nil && tsdb.OutOfOrderTimeWindow != nil { + var storage yaml.MapSlice + storage = cg.AppendMapItem(storage, "tsdb", yaml.MapSlice{ + { + Key: "out_of_order_time_window", + Value: *tsdb.OutOfOrderTimeWindow, + }, + }) + cfg = cg.WithMinimumVersion("2.54.0").AppendMapItem(cfg, "storage", storage) + } + // Remote write config + s := store.ForNamespace(cg.prom.GetObjectMeta().GetNamespace()) if len(cpf.RemoteWrite) > 0 { - cfg = append(cfg, cg.generateRemoteWriteConfig(store)) + cfg = append(cfg, cg.generateRemoteWriteConfig(s)) } - if cpf.TracingConfig != nil { - tracingcfg, err := cg.generateTracingConfig() - if err != nil { - return nil, fmt.Errorf("generating tracing configuration failed: %w", err) - } + // OTLP config + cfg, err = cg.appendOTLPConfig(cfg) + if err != nil { + return nil, fmt.Errorf("failed to generate OTLP configuration: %w", err) + } - cfg = append(cfg, tracingcfg) + cfg, err = cg.appendTracingConfig(cfg, s) + if err != nil { + return nil, fmt.Errorf("failed to generate tracing configuration: %w", err) } return yaml.Marshal(cfg) @@ -2533,17 +2954,8 @@ func (cg *ConfigGenerator) appendScrapeConfigs( scrapeConfigs map[string]*monitoringv1alpha1.ScrapeConfig, store *assets.StoreBuilder, shards int32) ([]yaml.MapSlice, error) { - scrapeConfigIdentifiers := make([]string, len(scrapeConfigs)) - i := 0 - for k := range scrapeConfigs { - scrapeConfigIdentifiers[i] = k - i++ - } - - // Sorting ensures, that we always generate the config in the same order. - sort.Strings(scrapeConfigIdentifiers) - for _, identifier := range scrapeConfigIdentifiers { + for _, identifier := range util.SortedKeys(scrapeConfigs) { cfgGenerator := cg.WithKeyVals("scrapeconfig", identifier) scrapeConfig, err := cfgGenerator.generateScrapeConfig(scrapeConfigs[identifier], store.ForNamespace(scrapeConfigs[identifier].GetNamespace()), shards) @@ -2633,7 +3045,9 @@ func (cg *ConfigGenerator) generateScrapeConfig( cfg = cg.addSafeAuthorizationToYaml(cfg, s, sc.Spec.Authorization) - cfg = addTLStoYaml(cfg, sc.Namespace, mergeSafeTLSConfigWithScrapeClass(sc.Spec.TLSConfig, scrapeClass)) + cfg = cg.addOAuth2ToYaml(cfg, s, sc.Spec.OAuth2) + + cfg = cg.addTLStoYaml(cfg, s, mergeSafeTLSConfigWithScrapeClass(sc.Spec.TLSConfig, scrapeClass)) cfg = cg.AddLimitsToYAML(cfg, sampleLimitKey, sc.Spec.SampleLimit, cpf.EnforcedSampleLimit) cfg = cg.AddLimitsToYAML(cfg, targetLimitKey, sc.Spec.TargetLimit, cpf.EnforcedTargetLimit) @@ -2641,6 +3055,7 @@ func (cg *ConfigGenerator) generateScrapeConfig( cfg = cg.AddLimitsToYAML(cfg, labelNameLengthLimitKey, sc.Spec.LabelNameLengthLimit, cpf.EnforcedLabelNameLengthLimit) cfg = cg.AddLimitsToYAML(cfg, labelValueLengthLimitKey, sc.Spec.LabelValueLengthLimit, cpf.EnforcedLabelValueLengthLimit) cfg = cg.AddLimitsToYAML(cfg, keepDroppedTargetsKey, sc.Spec.KeepDroppedTargets, cpf.EnforcedKeepDroppedTargets) + cfg = cg.addNativeHistogramConfig(cfg, sc.Spec.NativeHistogramConfig) if cpf.EnforcedBodySizeLimit != "" { cfg = cg.WithMinimumVersion("2.28.0").AppendMapItem(cfg, "body_size_limit", cpf.EnforcedBodySizeLimit) @@ -2695,12 +3110,16 @@ func (cg *ConfigGenerator) generateScrapeConfig( if len(sc.Spec.HTTPSDConfigs) > 0 { configs := make([][]yaml.MapItem, len(sc.Spec.HTTPSDConfigs)) for i, config := range sc.Spec.HTTPSDConfigs { - configs[i] = []yaml.MapItem{ - { - Key: "url", - Value: config.URL, - }, - } + configs[i] = cg.addBasicAuthToYaml(configs[i], s, config.BasicAuth) + configs[i] = cg.addSafeAuthorizationToYaml(configs[i], s, config.Authorization) + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) + configs[i] = cg.addProxyConfigtoYaml(configs[i], s, config.ProxyConfig) + configs[i] = cg.addOAuth2ToYaml(configs[i], s, config.OAuth2) + + configs[i] = append(configs[i], yaml.MapItem{ + Key: "url", + Value: config.URL, + }) if config.RefreshInterval != nil { configs[i] = append(configs[i], yaml.MapItem{ @@ -2709,15 +3128,19 @@ func (cg *ConfigGenerator) generateScrapeConfig( }) } - configs[i] = cg.addBasicAuthToYaml(configs[i], s, config.BasicAuth) - - configs[i] = cg.addSafeAuthorizationToYaml(configs[i], s, config.Authorization) + if config.FollowRedirects != nil { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "follow_redirects", + Value: config.FollowRedirects, + }) + } - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.Namespace, *config.TLSConfig) + if config.EnableHTTP2 != nil { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "enable_http2", + Value: config.EnableHTTP2, + }) } - - configs[i] = cg.addProxyConfigtoYaml(configs[i], s, config.ProxyConfig) } cfg = append(cfg, yaml.MapItem{ Key: "http_sd_configs", @@ -2737,10 +3160,13 @@ func (cg *ConfigGenerator) generateScrapeConfig( }, } } - configs[i] = append(configs[i], yaml.MapItem{ - Key: "role", - Value: strings.ToLower(string(config.Role)), - }) + + switch config.Role { + case monitoringv1alpha1.KubernetesRoleEndpointSlice: + configs[i] = cg.WithMinimumVersion("2.21.0").AppendMapItem(configs[i], "role", strings.ToLower(string(config.Role))) + default: + configs[i] = cg.AppendMapItem(configs[i], "role", strings.ToLower(string(config.Role))) + } configs[i] = cg.addBasicAuthToYaml(configs[i], s, config.BasicAuth) configs[i] = cg.addSafeAuthorizationToYaml(configs[i], s, config.Authorization) @@ -2761,9 +3187,7 @@ func (cg *ConfigGenerator) generateScrapeConfig( }) } - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.GetNamespace(), *config.TLSConfig) - } + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) if config.Namespaces != nil { namespaces := []yaml.MapItem{ @@ -2786,29 +3210,21 @@ func (cg *ConfigGenerator) generateScrapeConfig( }) } - selectors := make([][]yaml.MapItem, len(config.Selectors)) - for i, s := range config.Selectors { - selectors[i] = []yaml.MapItem{ - { - Key: "role", - Value: strings.ToLower(string(s.Role)), - }, - { - Key: "label", - Value: s.Label, - }, - { - Key: "field", - Value: s.Field, - }, + if len(config.Selectors) > 0 { + selectors := make([][]yaml.MapItem, len(config.Selectors)) + for i, s := range config.Selectors { + selectors[i] = cg.AppendMapItem(selectors[i], "role", strings.ToLower(string(s.Role))) + + if s.Label != nil { + selectors[i] = cg.AppendMapItem(selectors[i], "label", *s.Label) + } + + if s.Field != nil { + selectors[i] = cg.AppendMapItem(selectors[i], "field", *s.Field) + } } - } - if len(selectors) > 0 { - configs[i] = append(configs[i], yaml.MapItem{ - Key: "selectors", - Value: selectors, - }) + configs[i] = cg.WithMinimumVersion("2.17.0").AppendMapItem(configs[i], "selectors", selectors) } if config.AttachMetadata != nil { @@ -2818,7 +3234,7 @@ func (cg *ConfigGenerator) generateScrapeConfig( case "endpoints", "endpointslice": configs[i] = cg.WithMinimumVersion("2.37.0").AppendMapItem(configs[i], "attach_metadata", config.AttachMetadata) default: - level.Warn(cg.logger).Log("msg", fmt.Sprintf("ignoring attachMetadata not supported by Prometheus for role: %s", config.Role)) + cg.logger.Warn(fmt.Sprintf("ignoring attachMetadata not supported by Prometheus for role: %s", config.Role)) } } } @@ -2836,9 +3252,7 @@ func (cg *ConfigGenerator) generateScrapeConfig( configs[i] = cg.addSafeAuthorizationToYaml(configs[i], s, config.Authorization) configs[i] = cg.addOAuth2ToYaml(configs[i], s, config.Oauth2) - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.GetNamespace(), *config.TLSConfig) - } + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) configs[i] = append(configs[i], yaml.MapItem{ Key: "server", @@ -2953,13 +3367,17 @@ func (cg *ConfigGenerator) generateScrapeConfig( // DNSSDConfig if len(sc.Spec.DNSSDConfigs) > 0 { configs := make([][]yaml.MapItem, len(sc.Spec.DNSSDConfigs)) + + compatibilityMatrix := map[monitoringv1alpha1.DNSRecordType]string{ + monitoringv1alpha1.DNSRecordTypeNS: "2.49.0", + monitoringv1alpha1.DNSRecordTypeMX: "2.38.0", + } + for i, config := range sc.Spec.DNSSDConfigs { - configs[i] = []yaml.MapItem{ - { - Key: "names", - Value: config.Names, - }, - } + configs[i] = append(configs[i], yaml.MapItem{ + Key: "names", + Value: config.Names, + }) if config.RefreshInterval != nil { configs[i] = append(configs[i], yaml.MapItem{ @@ -2969,14 +3387,13 @@ func (cg *ConfigGenerator) generateScrapeConfig( } if config.Type != nil { - if *config.Type == "NS" { - configs[i] = cg.WithMinimumVersion("2.49.0").AppendMapItem(configs[i], "type", config.Type) - } else { - configs[i] = append(configs[i], yaml.MapItem{ - Key: "type", - Value: config.Type, - }) + typecg := cg + + if minVersion, found := compatibilityMatrix[*config.Type]; found { + typecg = typecg.WithMinimumVersion(minVersion) } + + configs[i] = typecg.AppendMapItem(configs[i], "type", config.Type) } if config.Port != nil { @@ -2996,13 +3413,13 @@ func (cg *ConfigGenerator) generateScrapeConfig( if len(sc.Spec.EC2SDConfigs) > 0 { configs := make([][]yaml.MapItem, len(sc.Spec.EC2SDConfigs)) for i, config := range sc.Spec.EC2SDConfigs { + configs[i] = cg.addProxyConfigtoYaml(configs[i], s, config.ProxyConfig) + if config.Region != nil { - configs[i] = []yaml.MapItem{ - { - Key: "region", - Value: config.Region, - }, - } + configs[i] = append(configs[i], yaml.MapItem{ + Key: "region", + Value: config.Region, + }) } if config.AccessKey != nil && config.SecretKey != nil { @@ -3049,11 +3466,20 @@ func (cg *ConfigGenerator) generateScrapeConfig( }) } - if config.Filters != nil { - configs[i] = append(configs[i], yaml.MapItem{ - Key: "filters", - Value: config.Filters, - }) + configs[i] = cg.WithMinimumVersion("2.3.0").addFiltersToYaml(configs[i], config.Filters) + + cgForHTTPClientConfig := cg.WithMinimumVersion("2.41.0") + + if config.FollowRedirects != nil { + configs[i] = cgForHTTPClientConfig.AppendMapItem(configs[i], "follow_redirects", config.FollowRedirects) + } + + if config.EnableHTTP2 != nil { + configs[i] = cgForHTTPClientConfig.AppendMapItem(configs[i], "enable_http2", config.EnableHTTP2) + } + + if config.TLSConfig != nil { + configs[i] = cgForHTTPClientConfig.addSafeTLStoYaml(configs[i], s, config.TLSConfig) } } cfg = append(cfg, yaml.MapItem{ @@ -3323,9 +3749,7 @@ func (cg *ConfigGenerator) generateScrapeConfig( }) } - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.Namespace, *config.TLSConfig) - } + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) } cfg = append(cfg, yaml.MapItem{ Key: "openstack_sd_configs", @@ -3354,9 +3778,8 @@ func (cg *ConfigGenerator) generateScrapeConfig( Value: config.EnableHTTP2, }) } - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.GetNamespace(), *config.TLSConfig) - } + + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) if config.Port != nil { configs[i] = append(configs[i], yaml.MapItem{ @@ -3406,9 +3829,7 @@ func (cg *ConfigGenerator) generateScrapeConfig( }) } - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.GetNamespace(), *config.TLSConfig) - } + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) if config.RefreshInterval != nil { configs[i] = append(configs[i], yaml.MapItem{ @@ -3460,9 +3881,7 @@ func (cg *ConfigGenerator) generateScrapeConfig( }) } - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.GetNamespace(), *config.TLSConfig) - } + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) if config.RefreshInterval != nil { configs[i] = append(configs[i], yaml.MapItem{ @@ -3493,15 +3912,14 @@ func (cg *ConfigGenerator) generateScrapeConfig( configs[i] = cg.addOAuth2ToYaml(configs[i], s, config.OAuth2) configs[i] = cg.addProxyConfigtoYaml(configs[i], s, config.ProxyConfig) configs[i] = cg.addBasicAuthToYaml(configs[i], s, config.BasicAuth) + configs[i] = cg.addFiltersToYaml(configs[i], config.Filters) configs[i] = append(configs[i], yaml.MapItem{ Key: "host", Value: config.Host, }) - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.GetNamespace(), *config.TLSConfig) - } + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) if config.Port != nil { configs[i] = append(configs[i], yaml.MapItem{ @@ -3515,27 +3933,12 @@ func (cg *ConfigGenerator) generateScrapeConfig( Key: "host_networking_host", Value: config.HostNetworkingHost}) } - if config.Filters != nil { - // first create a yaml map of the filters - filterYamlMap := []yaml.MapSlice{} - for _, dockerFilter := range *config.Filters { - filterYamlMap = append(filterYamlMap, yaml.MapSlice{ - { - Key: "name", - Value: dockerFilter.Name, - }, - { - Key: "values", - Value: dockerFilter.Values, - }}) - } - - // then add the yaml map to the filter map item - configs[i] = append(configs[i], yaml.MapItem{ - Key: "filters", - Value: filterYamlMap, - }) + if config.MatchFirstNetwork != nil { + // ref: https://github.com/prometheus/prometheus/pull/14654 + configs[i] = cg.WithMinimumVersion("2.54.1").AppendMapItem(configs[i], + "match_first_network", + config.MatchFirstNetwork) } if config.RefreshInterval != nil { @@ -3575,9 +3978,7 @@ func (cg *ConfigGenerator) generateScrapeConfig( configs[i] = cg.addOAuth2ToYaml(configs[i], s, config.OAuth2) configs[i] = cg.addProxyConfigtoYaml(configs[i], s, config.ProxyConfig) - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.GetNamespace(), *config.TLSConfig) - } + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) if config.Port != nil { configs[i] = append(configs[i], yaml.MapItem{ @@ -3658,9 +4059,7 @@ func (cg *ConfigGenerator) generateScrapeConfig( }) } - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.GetNamespace(), *config.TLSConfig) - } + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) if config.Port != nil { configs[i] = append(configs[i], yaml.MapItem{ @@ -3745,9 +4144,7 @@ func (cg *ConfigGenerator) generateScrapeConfig( }) } - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.GetNamespace(), *config.TLSConfig) - } + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) } cfg = append(cfg, yaml.MapItem{ Key: "nomad_sd_configs", @@ -3763,15 +4160,14 @@ func (cg *ConfigGenerator) generateScrapeConfig( configs[i] = cg.addSafeAuthorizationToYaml(configs[i], s, config.Authorization) configs[i] = cg.addOAuth2ToYaml(configs[i], s, config.OAuth2) configs[i] = cg.addProxyConfigtoYaml(configs[i], s, config.ProxyConfig) + configs[i] = cg.addFiltersToYaml(configs[i], config.Filters) configs[i] = append(configs[i], yaml.MapItem{ Key: "host", Value: config.Host, }) - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.GetNamespace(), *config.TLSConfig) - } + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) configs[i] = append(configs[i], yaml.MapItem{ Key: "role", @@ -3785,27 +4181,6 @@ func (cg *ConfigGenerator) generateScrapeConfig( }) } - if len(config.Filters) > 0 { - filterYamlMap := []yaml.MapSlice{} - for _, dockerswarmFilter := range config.Filters { - filterYamlMap = append(filterYamlMap, yaml.MapSlice{ - { - Key: "name", - Value: dockerswarmFilter.Name, - }, - { - Key: "values", - Value: dockerswarmFilter.Values, - }}) - } - - configs[i] = append(configs[i], yaml.MapItem{ - Key: "filters", - Value: filterYamlMap, - }) - - } - if config.RefreshInterval != nil { configs[i] = append(configs[i], yaml.MapItem{ Key: "refresh_interval", @@ -3881,9 +4256,7 @@ func (cg *ConfigGenerator) generateScrapeConfig( }) } - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.GetNamespace(), *config.TLSConfig) - } + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) if config.EnableHTTP2 != nil { configs[i] = append(configs[i], yaml.MapItem{ @@ -3965,9 +4338,7 @@ func (cg *ConfigGenerator) generateScrapeConfig( }) } - if config.TLSConfig != nil { - configs[i] = addSafeTLStoYaml(configs[i], sc.GetNamespace(), *config.TLSConfig) - } + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) if config.FollowRedirects != nil { configs[i] = append(configs[i], yaml.MapItem{ @@ -4016,7 +4387,7 @@ func (cg *ConfigGenerator) generateScrapeConfig( case monitoringv1alpha1.DedicatedServer: configs[i] = append(configs[i], yaml.MapItem{Key: "service", Value: "dedicated_server"}) default: - level.Warn(cg.logger).Log("msg", fmt.Sprintf("ignoring service not supported by Prometheus: %s", string(config.Service))) + cg.logger.Warn(fmt.Sprintf("ignoring service not supported by Prometheus: %s", string(config.Service))) } if config.Endpoint != nil { @@ -4032,7 +4403,6 @@ func (cg *ConfigGenerator) generateScrapeConfig( Value: config.RefreshInterval, }) } - } cfg = append(cfg, yaml.MapItem{ @@ -4041,6 +4411,146 @@ func (cg *ConfigGenerator) generateScrapeConfig( }) } + // ScalewaySDConfig + if len(sc.Spec.ScalewaySDConfigs) > 0 { + configs := make([][]yaml.MapItem, len(sc.Spec.ScalewaySDConfigs)) + for i, config := range sc.Spec.ScalewaySDConfigs { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "access_key", + Value: config.AccessKey, + }) + + value, _ := s.GetSecretKey(config.SecretKey) + configs[i] = append(configs[i], yaml.MapItem{ + Key: "secret_key", + Value: string(value), + }) + + configs[i] = append(configs[i], yaml.MapItem{ + Key: "project_id", + Value: config.ProjectID, + }) + + configs[i] = append(configs[i], yaml.MapItem{ + Key: "role", + Value: strings.ToLower(string(config.Role)), + }) + + if config.Port != nil { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "port", + Value: config.Port, + }) + } + + if config.ApiURL != nil { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "api_url", + Value: *config.ApiURL, + }) + } + + if config.Zone != nil { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "zone", + Value: config.Zone, + }) + } + + if config.NameFilter != nil { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "name_filter", + Value: config.NameFilter, + }) + } + + if len(config.TagsFilter) > 0 { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "tags_filter", + Value: config.TagsFilter, + }) + } + + if config.RefreshInterval != nil { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "refresh_interval", + Value: config.RefreshInterval, + }) + } + + configs[i] = cg.addProxyConfigtoYaml(configs[i], s, config.ProxyConfig) + + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) + + if config.FollowRedirects != nil { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "follow_redirects", + Value: config.FollowRedirects, + }) + } + + if config.EnableHTTP2 != nil { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "enable_http2", + Value: config.EnableHTTP2, + }) + } + } + + cfg = append(cfg, yaml.MapItem{ + Key: "scaleway_sd_configs", + Value: configs, + }) + } + + // IonosSDConfig + if len(sc.Spec.IonosSDConfigs) > 0 { + configs := make([][]yaml.MapItem, len(sc.Spec.IonosSDConfigs)) + for i, config := range sc.Spec.IonosSDConfigs { + configs[i] = cg.addSafeAuthorizationToYaml(configs[i], s, &config.Authorization) + configs[i] = cg.addProxyConfigtoYaml(configs[i], s, config.ProxyConfig) + configs[i] = cg.addSafeTLStoYaml(configs[i], s, config.TLSConfig) + + configs[i] = append(configs[i], yaml.MapItem{ + Key: "datacenter_id", + Value: config.DataCenterID, + }) + + if config.FollowRedirects != nil { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "follow_redirects", + Value: config.FollowRedirects, + }) + } + + if config.EnableHTTP2 != nil { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "enable_http2", + Value: config.EnableHTTP2, + }) + } + + if config.Port != nil { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "port", + Value: config.Port, + }) + } + + if config.RefreshInterval != nil { + configs[i] = append(configs[i], yaml.MapItem{ + Key: "refresh_interval", + Value: config.RefreshInterval, + }) + } + } + + cfg = append(cfg, yaml.MapItem{ + Key: "ionos_sd_configs", + Value: configs, + }) + } + if len(sc.Spec.RelabelConfigs) > 0 { relabelings = append(relabelings, generateRelabelConfig(labeler.GetRelabelingConfigs(sc.TypeMeta, sc.ObjectMeta, sc.Spec.RelabelConfigs))...) } @@ -4064,33 +4574,57 @@ func (cg *ConfigGenerator) generateScrapeConfig( return cfg, nil } -func (cg *ConfigGenerator) generateTracingConfig() (yaml.MapItem, error) { - cfg := yaml.MapSlice{} - objMeta := cg.prom.GetObjectMeta() +func (cg *ConfigGenerator) appendOTLPConfig(cfg yaml.MapSlice) (yaml.MapSlice, error) { + otlpConfig := cg.prom.GetCommonPrometheusFields().OTLP + if otlpConfig == nil { + return cfg, nil + } + + if cg.version.LT(semver.MustParse("2.55.0")) { + return cfg, fmt.Errorf("OTLP configuration is only supported from Prometheus version 2.55.0") + } + return append( + cfg, + yaml.MapItem{ + Key: "otlp", + Value: yaml.MapSlice{ + { + Key: "promote_resource_attributes", + Value: otlpConfig.PromoteResourceAttributes, + }, + }, + }), nil +} + +func (cg *ConfigGenerator) appendTracingConfig(cfg yaml.MapSlice, s assets.StoreGetter) (yaml.MapSlice, error) { tracingConfig := cg.prom.GetCommonPrometheusFields().TracingConfig + if tracingConfig == nil { + return cfg, nil + } - cfg = append(cfg, yaml.MapItem{ + var tracing yaml.MapSlice + tracing = append(tracing, yaml.MapItem{ Key: "endpoint", Value: tracingConfig.Endpoint, }) if tracingConfig.ClientType != nil { - cfg = append(cfg, yaml.MapItem{ + tracing = append(tracing, yaml.MapItem{ Key: "client_type", Value: tracingConfig.ClientType, }) } if tracingConfig.SamplingFraction != nil { - cfg = append(cfg, yaml.MapItem{ + tracing = append(tracing, yaml.MapItem{ Key: "sampling_fraction", Value: tracingConfig.SamplingFraction.AsApproximateFloat64(), }) } if tracingConfig.Insecure != nil { - cfg = append(cfg, yaml.MapItem{ + tracing = append(tracing, yaml.MapItem{ Key: "insecure", Value: tracingConfig.Insecure, }) @@ -4105,70 +4639,34 @@ func (cg *ConfigGenerator) generateTracingConfig() (yaml.MapItem, error) { }) } - cfg = append(cfg, yaml.MapItem{ + tracing = append(tracing, yaml.MapItem{ Key: "headers", Value: headers, }) } if tracingConfig.Compression != nil { - cfg = append(cfg, yaml.MapItem{ + tracing = append(tracing, yaml.MapItem{ Key: "compression", Value: tracingConfig.Compression, }) } if tracingConfig.Timeout != nil { - cfg = append(cfg, yaml.MapItem{ + tracing = append(tracing, yaml.MapItem{ Key: "timeout", Value: tracingConfig.Timeout, }) } - if tracingConfig.TLSConfig != nil { - cfg = addTLStoYaml(cfg, objMeta.GetNamespace(), tracingConfig.TLSConfig) - } - - return yaml.MapItem{ - Key: "tracing", - Value: cfg, - }, nil -} - -func validateProxyConfig(ctx context.Context, pc monitoringv1.ProxyConfig, store *assets.StoreBuilder, namespace string) error { - if reflect.ValueOf(pc).IsZero() { - return nil - } - - proxyFromEnvironmentDefined := ptr.Deref(pc.ProxyFromEnvironment, false) - proxyURLDefined := ptr.Deref(pc.ProxyURL, "") != "" - noProxyDefined := ptr.Deref(pc.NoProxy, "") != "" - - if len(pc.ProxyConnectHeader) > 0 && (!proxyFromEnvironmentDefined && !proxyURLDefined) { - return fmt.Errorf("if proxyConnectHeader is configured, proxyUrl or proxyFromEnvironment must also be configured") - } - - if proxyFromEnvironmentDefined && proxyURLDefined { - return fmt.Errorf("if proxyFromEnvironment is configured, proxyUrl must not be configured") - } - - if proxyFromEnvironmentDefined && noProxyDefined { - return fmt.Errorf("if proxyFromEnvironment is configured, noProxy must not be configured") - } - - if !proxyURLDefined && noProxyDefined { - return fmt.Errorf("if noProxy is configured, proxyUrl must also be configured") - } - - for k, v := range pc.ProxyConnectHeader { - for index, s := range v { - if _, err := store.GetSecretKey(ctx, namespace, s); err != nil { - return fmt.Errorf("header[%s]: index[%d] %w", k, index, err) - } - } - } + tracing = cg.addTLStoYaml(tracing, s, tracingConfig.TLSConfig) - return nil + return append( + cfg, + yaml.MapItem{ + Key: "tracing", + Value: tracing, + }), nil } func (cg *ConfigGenerator) getScrapeClassOrDefault(name *string) monitoringv1.ScrapeClass { @@ -4209,3 +4707,29 @@ func getLowerByteSize(v *monitoringv1.ByteSize, cpf *monitoringv1.CommonPromethe func isByteSizeEmpty(v *monitoringv1.ByteSize) bool { return v == nil || *v == "" } + +func (cg *ConfigGenerator) addFiltersToYaml(cfg yaml.MapSlice, filters []monitoringv1alpha1.Filter) yaml.MapSlice { + if len(filters) == 0 { + return cfg + } + + // Sort the filters by name to generate deterministic config. + slices.SortStableFunc(filters, func(a, b monitoringv1alpha1.Filter) int { + return cmp.Compare(a.Name, b.Name) + }) + + filtersYamlMap := []yaml.MapSlice{} + for _, filter := range filters { + filtersYamlMap = append(filtersYamlMap, yaml.MapSlice{ + { + Key: "name", + Value: filter.Name, + }, + { + Key: "values", + Value: filter.Values, + }}) + } + + return cg.AppendMapItem(cfg, "filters", filtersYamlMap) +} diff --git a/pkg/prometheus/promcfg_test.go b/pkg/prometheus/promcfg_test.go index c04e4f5e40b..f77a42e756f 100644 --- a/pkg/prometheus/promcfg_test.go +++ b/pkg/prometheus/promcfg_test.go @@ -16,11 +16,10 @@ package prometheus import ( "fmt" + "log/slog" "os" "testing" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/stretchr/testify/require" "gopkg.in/yaml.v2" "gotest.tools/v3/golden" @@ -45,6 +44,11 @@ func defaultPrometheus() *monitoringv1.Prometheus { }, Spec: monitoringv1.PrometheusSpec{ CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + PodMonitorSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "group": "group1", + }, + }, ProbeSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{ "group": "group1", @@ -64,9 +68,16 @@ func mustNewConfigGenerator(t *testing.T, p *monitoringv1.Prometheus) *ConfigGen if p == nil { p = &monitoringv1.Prometheus{} } - logger := level.NewFilter(log.NewLogfmtLogger(os.Stdout), level.AllowWarn()) + logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + Level: slog.LevelWarn, + })) + + opts := []ConfigGeneratorOption{} + if p.Spec.ServiceDiscoveryRole != nil && *p.Spec.ServiceDiscoveryRole == monitoringv1.EndpointSliceRole { + opts = append(opts, WithEndpointSliceSupport()) + } - cg, err := NewConfigGenerator(log.With(logger, "test", t.Name()), p, false) + cg, err := NewConfigGenerator(logger.With("test", t.Name()), p, opts...) require.NoError(t, err) return cg @@ -98,6 +109,7 @@ func TestConfigGeneration(t *testing.T) { func TestGlobalSettings(t *testing.T) { var ( expectedBodySizeLimit monitoringv1.ByteSize = "1000MB" + expectedRuleQueryOffset monitoringv1.Duration = "30s" expectedSampleLimit uint64 = 10000 expectedTargetLimit uint64 = 1000 expectedLabelLimit uint64 = 50 @@ -113,6 +125,7 @@ func TestGlobalSettings(t *testing.T) { for _, tc := range []struct { Scenario string + RuleQueryOffset *monitoringv1.Duration EvaluationInterval monitoringv1.Duration ScrapeInterval monitoringv1.Duration ScrapeTimeout monitoringv1.Duration @@ -227,10 +240,29 @@ func TestGlobalSettings(t *testing.T) { ScrapeProtocols: expectedscrapeProtocols, Golden: "valid_global_config_with_scrape_protocols.golden", }, + { + Scenario: "valid global config without rule query offset if prometheus version less required", + Version: "v2.52.0", + ScrapeInterval: "30s", + EvaluationInterval: "30s", + RuleQueryOffset: &expectedRuleQueryOffset, + Golden: "valid_global_config_without_rule_query_offset.golden", + }, + { + Scenario: "valid global config with rule query offset if prometheus version meets the requirement", + Version: "v2.53.0", + ScrapeInterval: "30s", + EvaluationInterval: "30s", + RuleQueryOffset: &expectedRuleQueryOffset, + Golden: "valid_global_config_with_rule_query_offset.golden", + }, } { p := &monitoringv1.Prometheus{ - ObjectMeta: metav1.ObjectMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "example", + Namespace: "test", + }, Spec: monitoringv1.PrometheusSpec{ CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ ScrapeInterval: tc.ScrapeInterval, @@ -250,6 +282,7 @@ func TestGlobalSettings(t *testing.T) { KeepDroppedTargets: tc.KeepDroppedTargets, }, EvaluationInterval: tc.EvaluationInterval, + RuleQueryOffset: tc.RuleQueryOffset, QueryLogFile: tc.QueryLogFile, }, } @@ -257,13 +290,7 @@ func TestGlobalSettings(t *testing.T) { cg := mustNewConfigGenerator(t, p) t.Run(fmt.Sprintf("case %s", tc.Scenario), func(t *testing.T) { cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{}, nil, nil, @@ -393,7 +420,7 @@ func TestNamespaceSetCorrectly(t *testing.T) { if tc.ServiceMonitor.Spec.AttachMetadata != nil { attachMetaConfig = &attachMetadataConfig{ MinimumVersion: "2.37.0", - AttachMetadata: tc.ServiceMonitor.Spec.AttachMetadata, + attachMetadata: tc.ServiceMonitor.Spec.AttachMetadata, } } @@ -436,7 +463,7 @@ func TestNamespaceSetCorrectlyForPodMonitor(t *testing.T) { attachMetadataConfig := &attachMetadataConfig{ MinimumVersion: "2.35.0", - AttachMetadata: pm.Spec.AttachMetadata, + attachMetadata: pm.Spec.AttachMetadata, } c := cg.generateK8SSDConfig(pm.Spec.NamespaceSelector, pm.Namespace, nil, assets.NewTestStoreBuilder().ForNamespace(pm.Namespace), kubernetesSDRolePod, attachMetadataConfig) @@ -452,13 +479,7 @@ func TestProbeStaticTargetsConfigGenerationWithLabelEnforce(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, map[string]*monitoringv1.Probe{ @@ -514,13 +535,7 @@ func TestProbeStaticTargetsConfigGenerationWithJobName(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, map[string]*monitoringv1.Probe{ @@ -567,13 +582,7 @@ func TestProbeStaticTargetsConfigGenerationWithoutModule(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, map[string]*monitoringv1.Probe{ @@ -619,13 +628,7 @@ func TestProbeIngressSDConfigGeneration(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, map[string]*monitoringv1.Probe{ @@ -684,13 +687,7 @@ func TestProbeIngressSDConfigGenerationWithShards(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, map[string]*monitoringv1.Probe{ @@ -748,13 +745,7 @@ func TestProbeIngressSDConfigGenerationWithLabelEnforce(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, map[string]*monitoringv1.Probe{ @@ -825,11 +816,13 @@ func TestK8SSDConfigGeneration(t *testing.T) { testcases := []struct { apiServerConfig *monitoringv1.APIServerConfig store *assets.StoreBuilder + role string golden string }{ { apiServerConfig: nil, store: assets.NewTestStoreBuilder(), + role: "endpoints", golden: "K8SSDConfigGenerationFirst.golden", }, { @@ -864,8 +857,15 @@ func TestK8SSDConfigGeneration(t *testing.T) { }, }, ), + role: "endpoints", golden: "K8SSDConfigGenerationTwo.golden", }, + { + apiServerConfig: nil, + store: assets.NewTestStoreBuilder(), + role: "endpointslice", + golden: "K8SSDConfigGenerationThree.golden", + }, { apiServerConfig: &monitoringv1.APIServerConfig{ Host: "example.com", @@ -897,6 +897,7 @@ func TestK8SSDConfigGeneration(t *testing.T) { }, }, store: assets.NewTestStoreBuilder(), + role: "endpoints", golden: "K8SSDConfigGenerationTLSConfig.golden", }, } @@ -917,7 +918,7 @@ func TestK8SSDConfigGeneration(t *testing.T) { if sm.Spec.AttachMetadata != nil { attachMetaConfig = &attachMetadataConfig{ MinimumVersion: "2.37.0", - AttachMetadata: sm.Spec.AttachMetadata, + attachMetadata: sm.Spec.AttachMetadata, } } c := cg.generateK8SSDConfig( @@ -925,7 +926,7 @@ func TestK8SSDConfigGeneration(t *testing.T) { sm.Namespace, tc.apiServerConfig, tc.store.ForNamespace(sm.Namespace), - kubernetesSDRoleEndpoint, + tc.role, attachMetaConfig, ) s, err := yaml.Marshal(yaml.MapSlice{c}) @@ -940,7 +941,7 @@ func TestAlertmanagerBearerToken(t *testing.T) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "alertmanager-main", - Namespace: "default", + Namespace: ptr.To("default"), Port: intstr.FromString("web"), BearerTokenFile: "/some/file/on/disk", }, @@ -949,13 +950,7 @@ func TestAlertmanagerBearerToken(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -1003,7 +998,7 @@ func TestAlertmanagerBasicAuth(t *testing.T) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "alertmanager-main", - Namespace: "default", + Namespace: ptr.To("default"), Port: intstr.FromString("web"), BasicAuth: &monitoringv1.BasicAuth{ Username: v1.SecretKeySelector{ @@ -1028,13 +1023,7 @@ func TestAlertmanagerBasicAuth(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -1056,9 +1045,7 @@ func TestAlertmanagerBasicAuth(t *testing.T) { nil, nil, ) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) golden.Assert(t, string(cfg), tc.golden) } @@ -1087,7 +1074,7 @@ func TestAlertmanagerSigv4(t *testing.T) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "alertmanager-main", - Namespace: "default", + Namespace: ptr.To("default"), Port: intstr.FromString("web"), Sigv4: &monitoringv1.Sigv4{ Profile: "profilename", @@ -1112,13 +1099,7 @@ func TestAlertmanagerSigv4(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -1140,9 +1121,7 @@ func TestAlertmanagerSigv4(t *testing.T) { nil, nil, ) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) golden.Assert(t, string(cfg), tc.golden) } } @@ -1153,7 +1132,7 @@ func TestAlertmanagerAPIVersion(t *testing.T) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "alertmanager-main", - Namespace: "default", + Namespace: ptr.To("default"), Port: intstr.FromString("web"), APIVersion: "v2", }, @@ -1162,13 +1141,7 @@ func TestAlertmanagerAPIVersion(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -1189,7 +1162,7 @@ func TestAlertmanagerTimeoutConfig(t *testing.T) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "alertmanager-main", - Namespace: "default", + Namespace: ptr.To("default"), Port: intstr.FromString("web"), APIVersion: "v2", Timeout: ptr.To(monitoringv1.Duration("60s")), @@ -1199,13 +1172,7 @@ func TestAlertmanagerTimeoutConfig(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -1253,7 +1220,7 @@ func TestAlertmanagerEnableHttp2(t *testing.T) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "alertmanager-main", - Namespace: "default", + Namespace: ptr.To("default"), Port: intstr.FromString("web"), APIVersion: "v2", EnableHttp2: ptr.To(tc.enableHTTP2), @@ -1263,13 +1230,7 @@ func TestAlertmanagerEnableHttp2(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -1293,7 +1254,7 @@ func TestAlertmanagerRelabelConfigs(t *testing.T) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "alertmanager-main", - Namespace: "default", + Namespace: ptr.To("default"), Port: intstr.FromString("web"), APIVersion: "v2", RelabelConfigs: []monitoringv1.RelabelConfig{ @@ -1320,13 +1281,7 @@ func TestAlertmanagerRelabelConfigs(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -1366,7 +1321,7 @@ func TestAlertmanagerAlertRelabelConfigs(t *testing.T) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "alertmanager-main", - Namespace: "default", + Namespace: ptr.To("default"), Port: intstr.FromString("web"), APIVersion: "v2", AlertRelabelConfigs: []monitoringv1.RelabelConfig{ @@ -1381,13 +1336,7 @@ func TestAlertmanagerAlertRelabelConfigs(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -1411,13 +1360,7 @@ func TestAdditionalScrapeConfigs(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -1468,7 +1411,7 @@ func TestAdditionalAlertRelabelConfigs(t *testing.T) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "alertmanager-main", - Namespace: "default", + Namespace: ptr.To("default"), Port: intstr.FromString("web"), }, }, @@ -1476,13 +1419,7 @@ func TestAdditionalAlertRelabelConfigs(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -1502,13 +1439,7 @@ func TestNoEnforcedNamespaceLabelServiceMonitor(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "test": { ObjectMeta: metav1.ObjectMeta{ @@ -1568,17 +1499,12 @@ func TestNoEnforcedNamespaceLabelServiceMonitor(t *testing.T) { func TestServiceMonitorWithEndpointSliceEnable(t *testing.T) { p := defaultPrometheus() p.Spec.CommonPrometheusFields.EnforcedNamespaceLabel = "ns-key" + p.Spec.CommonPrometheusFields.ServiceDiscoveryRole = ptr.To(monitoringv1.EndpointSliceRole) cg := mustNewConfigGenerator(t, p) - cg.endpointSliceSupported = true + cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "test": { ObjectMeta: metav1.ObjectMeta{ @@ -1642,13 +1568,7 @@ func TestEnforcedNamespaceLabelPodMonitor(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{ "testpodmonitor1": { @@ -1711,13 +1631,7 @@ func TestEnforcedNamespaceLabelOnExcludedPodMonitor(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{ "testpodmonitor1": { @@ -1777,13 +1691,7 @@ func TestEnforcedNamespaceLabelServiceMonitor(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "test": { ObjectMeta: metav1.ObjectMeta{ @@ -1854,13 +1762,7 @@ func TestEnforcedNamespaceLabelOnExcludedServiceMonitor(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "test": { ObjectMeta: metav1.ObjectMeta{ @@ -1924,7 +1826,7 @@ func TestAdditionalAlertmanagers(t *testing.T) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "alertmanager-main", - Namespace: "default", + Namespace: ptr.To("default"), Port: intstr.FromString("web"), }, }, @@ -1933,13 +1835,7 @@ func TestAdditionalAlertmanagers(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -1962,13 +1858,7 @@ func TestSettingHonorTimestampsInServiceMonitor(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": { ObjectMeta: metav1.ObjectMeta{ @@ -2005,13 +1895,7 @@ func TestSettingHonorTimestampsInPodMonitor(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{ "testpodmonitor1": { @@ -2048,13 +1932,7 @@ func TestSettingTrackTimestampsStalenessInServiceMonitor(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": { ObjectMeta: metav1.ObjectMeta{ @@ -2091,13 +1969,7 @@ func TestSettingTrackTimestampsStalenessInPodMonitor(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{ "testpodmonitor1": { @@ -2161,13 +2033,7 @@ func TestSettingScrapeProtocolsInServiceMonitor(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": { ObjectMeta: metav1.ObjectMeta{ @@ -2234,13 +2100,7 @@ func TestSettingScrapeProtocolsInPodMonitor(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{ "testpodmonitor1": { @@ -2281,13 +2141,7 @@ func TestHonorTimestampsOverriding(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": { ObjectMeta: metav1.ObjectMeta{ @@ -2324,21 +2178,12 @@ func TestSettingHonorLabels(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": { ObjectMeta: metav1.ObjectMeta{ Name: "testservicemonitor1", Namespace: "default", - Labels: map[string]string{ - "group": "group1", - }, }, Spec: monitoringv1.ServiceMonitorSpec{ TargetLabels: []string{"example", "env"}, @@ -2371,13 +2216,7 @@ func TestHonorLabelsOverriding(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": { ObjectMeta: metav1.ObjectMeta{ @@ -2417,13 +2256,7 @@ func TestTargetLabels(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": { ObjectMeta: metav1.ObjectMeta{ @@ -2476,6 +2309,32 @@ func TestEndpointOAuth2(t *testing.T) { "param1": "value1", "param2": "value2", }, + TLSConfig: &monitoringv1.SafeTLSConfig{ + InsecureSkipVerify: ptr.To(true), + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "ca2", + }, + }, + }, + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://no-proxy.com"), + NoProxy: ptr.To("0.0.0.0"), + ProxyFromEnvironment: ptr.To(false), + ProxyConnectHeader: map[string][]v1.SecretKeySelector{ + "header": { + { + LocalObjectReference: v1.LocalObjectReference{ + Name: "foo", + }, + Key: "proxy-header", + }, + }, + }, + }, } s := assets.NewTestStoreBuilder( @@ -2497,6 +2356,28 @@ func TestEndpointOAuth2(t *testing.T) { "client_secret": []byte("test_client_secret"), }, }, + &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "proxy-header": []byte("value"), + "token": []byte("value"), + "Username": []byte("kube-admin"), + "Password": []byte("password"), + }, + }, + &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "foo", + Namespace: "default", + }, + Data: map[string][]byte{ + "proxy-header": []byte("value"), + "token": []byte("value"), + }, + }, ) testCases := []struct { @@ -2584,13 +2465,7 @@ func TestEndpointOAuth2(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, tt.sMons, tt.pMons, tt.probes, @@ -2612,13 +2487,7 @@ func TestPodTargetLabels(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": { ObjectMeta: metav1.ObjectMeta{ @@ -2657,13 +2526,7 @@ func TestPodTargetLabelsFromPodMonitor(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{ "testpodmonitor1": { @@ -2703,13 +2566,7 @@ func TestPodTargetLabelsFromPodMonitorAndGlobal(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{ "testpodmonitor1": { @@ -2748,13 +2605,7 @@ func TestEmptyEndpointPorts(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "test": { ObjectMeta: metav1.ObjectMeta{ @@ -2800,7 +2651,7 @@ func generateTestConfig(t *testing.T, version string) ([]byte, error) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "alertmanager-main", - Namespace: "default", + Namespace: ptr.To("default"), Port: intstr.FromString("web"), }, }, @@ -2843,13 +2694,7 @@ func generateTestConfig(t *testing.T, version string) ([]byte, error) { } cg := mustNewConfigGenerator(t, p) return cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, makeServiceMonitors(), makePodMonitors(), nil, @@ -3419,13 +3264,7 @@ func TestSampleLimits(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": &serviceMonitor, }, @@ -3534,13 +3373,7 @@ func TestTargetLimits(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": &serviceMonitor, }, @@ -3752,13 +3585,7 @@ func TestRemoteReadConfig(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -4037,7 +3864,7 @@ func TestRemoteWriteConfig(t *testing.T) { version: "v2.26.0", remoteWrite: monitoringv1.RemoteWriteSpec{ URL: "http://example.com", - RemoteTimeout: "1s", + RemoteTimeout: ptr.To(monitoringv1.Duration("1s")), Sigv4: nil, }, golden: "RemoteWriteConfig_v2.26.0_3.golden", @@ -4047,7 +3874,7 @@ func TestRemoteWriteConfig(t *testing.T) { remoteWrite: monitoringv1.RemoteWriteSpec{ URL: "http://example.com", Sigv4: &monitoringv1.Sigv4{}, - RemoteTimeout: "1s", + RemoteTimeout: ptr.To(monitoringv1.Duration("1s")), }, golden: "RemoteWriteConfig_v2.26.0_4.golden", }, @@ -4202,6 +4029,22 @@ func TestRemoteWriteConfig(t *testing.T) { }, golden: "RemoteWriteConfig_v2.43.0_ProxyConfigWithMutiValues.golden", }, + { + version: "v2.53.0", + remoteWrite: monitoringv1.RemoteWriteSpec{ + URL: "http://example.com", + MessageVersion: ptr.To(monitoringv1.RemoteWriteMessageVersion2_0), + }, + golden: "RemoteWriteConfig_v2.53.0_MessageVersion2.golden", + }, + { + version: "v2.54.0", + remoteWrite: monitoringv1.RemoteWriteSpec{ + URL: "http://example.com", + MessageVersion: ptr.To(monitoringv1.RemoteWriteMessageVersion2_0), + }, + golden: "RemoteWriteConfig_v2.54.0_MessageVersion2.golden", + }, } { t.Run(fmt.Sprintf("i=%d,version=%s", i, tc.version), func(t *testing.T) { p := defaultPrometheus() @@ -4280,13 +4123,7 @@ func TestRemoteWriteConfig(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -4399,13 +4236,7 @@ func TestLabelLimits(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": &serviceMonitor, }, @@ -4512,13 +4343,7 @@ func TestLabelNameLengthLimits(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{ "testpodmonitor1": &podMonitor, @@ -4637,13 +4462,7 @@ func TestLabelValueLengthLimits(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, map[string]*monitoringv1.Probe{ @@ -4716,13 +4535,86 @@ func TestKeepDroppedTargets(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, + map[string]*monitoringv1.ServiceMonitor{ + "testservicemonitor1": &serviceMonitor, + }, + nil, + nil, + nil, + &assets.StoreBuilder{}, + nil, + nil, + nil, + nil, + ) + require.NoError(t, err) + golden.Assert(t, string(cfg), tc.golden) + }) + } +} + +func TestNativeHistogramConfig(t *testing.T) { + for _, tc := range []struct { + version string + nativeHistogramConfig monitoringv1.NativeHistogramConfig + golden string + }{ + { + version: "v2.54.0", + nativeHistogramConfig: monitoringv1.NativeHistogramConfig{ + NativeHistogramBucketLimit: ptr.To(uint64(10)), + ScrapeClassicHistograms: ptr.To(true), + NativeHistogramMinBucketFactor: ptr.To(resource.MustParse("12.124")), + }, + golden: "NativeHistogramConfig.golden", + }, + { + version: "v2.46.0", + nativeHistogramConfig: monitoringv1.NativeHistogramConfig{ + NativeHistogramBucketLimit: ptr.To(uint64(10)), + ScrapeClassicHistograms: ptr.To(true), + NativeHistogramMinBucketFactor: ptr.To(resource.MustParse("12.124")), + }, + golden: "NativeHistogramConfigWithMissNativeHistogramMinBucketFactor.golden", + }, + { + version: "v2.44.0", + nativeHistogramConfig: monitoringv1.NativeHistogramConfig{ + NativeHistogramBucketLimit: ptr.To(uint64(10)), + ScrapeClassicHistograms: ptr.To(true), + NativeHistogramMinBucketFactor: ptr.To(resource.MustParse("12.124")), + }, + golden: "NativeHistogramConfigWithMissALL.golden", + }, + } { + t.Run(fmt.Sprintf("version=%s", tc.version), func(t *testing.T) { + p := defaultPrometheus() + p.Spec.CommonPrometheusFields.Version = tc.version + + serviceMonitor := monitoringv1.ServiceMonitor{ + ObjectMeta: metav1.ObjectMeta{ + Name: "testservicemonitor1", + Namespace: "default", + Labels: map[string]string{ + "group": "group1", + }, + }, + Spec: monitoringv1.ServiceMonitorSpec{ + Endpoints: []monitoringv1.Endpoint{ + { + Port: "web", + Interval: "30s", + }, + }, + }, + } + + serviceMonitor.Spec.NativeHistogramConfig = tc.nativeHistogramConfig + + cg := mustNewConfigGenerator(t, p) + cfg, err := cg.GenerateServerConfiguration( + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": &serviceMonitor, }, @@ -4801,13 +4693,7 @@ func TestBodySizeLimits(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": &serviceMonitor, }, @@ -4837,13 +4723,7 @@ func TestMatchExpressionsServiceMonitor(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "test": { ObjectMeta: metav1.ObjectMeta{ @@ -4936,13 +4816,7 @@ func TestServiceMonitorEndpointFollowRedirects(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": &serviceMonitor, }, @@ -5014,13 +4888,7 @@ func TestPodMonitorEndpointFollowRedirects(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{ "testpodmonitor1": &podMonitor, @@ -5091,13 +4959,7 @@ func TestServiceMonitorEndpointEnableHttp2(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "testservicemonitor1": &serviceMonitor, }, @@ -5121,13 +4983,7 @@ func TestPodMonitorPhaseFilter(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{ "testpodmonitor1": { @@ -5212,13 +5068,7 @@ func TestPodMonitorEndpointEnableHttp2(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{ "testpodmonitor1": &podMonitor, @@ -5237,6 +5087,59 @@ func TestPodMonitorEndpointEnableHttp2(t *testing.T) { } } +func TestRuntimeConfig(t *testing.T) { + for _, tc := range []struct { + Scenario string + Version string + Runtime *monitoringv1.RuntimeConfig + Golden string + }{ + { + Scenario: "Runtime GoGC is set to 25", + Version: "v2.53.0", + Runtime: &monitoringv1.RuntimeConfig{ + GoGC: ptr.To(int32(25)), + }, + Golden: "RuntimeConfig_GoGC25.golden", + }, + { + Scenario: "Runtime GoGC is set to 25 but unsupported Prometheus Version", + Version: "v2.52.0", + Runtime: &monitoringv1.RuntimeConfig{ + GoGC: ptr.To(int32(25)), + }, + Golden: "RuntimeConfig_GoGC_Not_Set.golden", + }, + { + Scenario: "Runtime GoGC not specified", + Golden: "RuntimeConfig_GoGC_Not_Set.golden", + }, + } { + t.Run(fmt.Sprintf("case %s", tc.Scenario), func(t *testing.T) { + p := defaultPrometheus() + if tc.Version != "" { + p.Spec.CommonPrometheusFields.Version = tc.Version + } + p.Spec.Runtime = tc.Runtime + cg := mustNewConfigGenerator(t, p) + cfg, err := cg.GenerateServerConfiguration( + p, + nil, + nil, + nil, + nil, + &assets.StoreBuilder{}, + nil, + nil, + nil, + nil, + ) + require.NoError(t, err) + golden.Assert(t, string(cfg), tc.Golden) + }) + } +} + func TestStorageSettingMaxExemplars(t *testing.T) { for _, tc := range []struct { Scenario string @@ -5275,13 +5178,7 @@ func TestStorageSettingMaxExemplars(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -5314,7 +5211,7 @@ func TestTSDBConfig(t *testing.T) { name: "TSDB config < v2.39.0", version: "v2.38.0", tsdb: &monitoringv1.TSDBSpec{ - OutOfOrderTimeWindow: monitoringv1.Duration("10m"), + OutOfOrderTimeWindow: ptr.To(monitoringv1.Duration("10m")), }, golden: "TSDB_config_less_than_v2.39.0.golden", }, @@ -5322,7 +5219,7 @@ func TestTSDBConfig(t *testing.T) { name: "TSDB config >= v2.39.0", tsdb: &monitoringv1.TSDBSpec{ - OutOfOrderTimeWindow: monitoringv1.Duration("10m"), + OutOfOrderTimeWindow: ptr.To(monitoringv1.Duration("10m")), }, golden: "TSDB_config_greater_than_or_equal_to_v2.39.0.golden", }, @@ -5333,18 +5230,12 @@ func TestTSDBConfig(t *testing.T) { p.Spec.CommonPrometheusFields.Version = tc.version } if tc.tsdb != nil { - p.Spec.TSDB = *tc.tsdb + p.Spec.TSDB = tc.tsdb } cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, nil, nil, nil, @@ -5361,18 +5252,85 @@ func TestTSDBConfig(t *testing.T) { } } +func TestTSDBConfigPrometheusAgent(t *testing.T) { + for _, tc := range []struct { + name string + p *monitoringv1.Prometheus + version string + tsdb *monitoringv1.TSDBSpec + golden string + }{ + { + name: "PrometheusAgent no TSDB config", + golden: "PrometheusAgent_no_TSDB_config.golden", + }, + { + name: "PrometheusAgent TSDB config < v2.54.0", + version: "v2.53.0", + tsdb: &monitoringv1.TSDBSpec{ + OutOfOrderTimeWindow: ptr.To(monitoringv1.Duration("10m")), + }, + golden: "PrometheusAgent_TSDB_config_less_than_v2.53.0.golden", + }, + { + + name: "PrometheusAgent TSDB config >= v2.54.0", + version: "v2.54.0", + tsdb: &monitoringv1.TSDBSpec{ + OutOfOrderTimeWindow: ptr.To(monitoringv1.Duration("10m")), + }, + golden: "PrometheusAgent_TSDB_config_greater_than_or_equal_to_v2.54.0.golden", + }, + } { + t.Run(tc.name, func(t *testing.T) { + p := defaultPrometheus() + if tc.version != "" { + p.Spec.CommonPrometheusFields.Version = tc.version + } + if tc.tsdb != nil { + p.Spec.TSDB = tc.tsdb + } + + cg := mustNewConfigGenerator(t, p) + cfg, err := cg.GenerateAgentConfiguration( + nil, + nil, + nil, + nil, + &assets.StoreBuilder{}, + nil, + ) + require.NoError(t, err) + golden.Assert(t, string(cfg), tc.golden) + }) + } +} + +func TestPromAgentDaemonSetPodMonitorConfig(t *testing.T) { + p := defaultPrometheus() + cg := mustNewConfigGenerator(t, p) + cg.daemonSet = true + pmons := map[string]*monitoringv1.PodMonitor{ + "pm": defaultPodMonitor(), + } + cfg, err := cg.GenerateAgentConfiguration( + nil, + pmons, + nil, + nil, + &assets.StoreBuilder{}, + nil, + ) + require.NoError(t, err) + golden.Assert(t, string(cfg), "PromAgentDaemonSetPodMonitorConfig.golden") +} + func TestGenerateRelabelConfig(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{ "test": { ObjectMeta: metav1.ObjectMeta{ @@ -5528,13 +5486,7 @@ func TestProbeSpecConfig(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, pbs, @@ -5602,7 +5554,7 @@ func TestScrapeConfigSpecConfig(t *testing.T) { StaticConfigs: []monitoringv1alpha1.StaticConfig{ { Targets: []monitoringv1alpha1.Target{"http://localhost:9100"}, - Labels: map[monitoringv1.LabelName]string{ + Labels: map[string]string{ "label1": "value1", }, }, @@ -5619,7 +5571,7 @@ func TestScrapeConfigSpecConfig(t *testing.T) { StaticConfigs: []monitoringv1alpha1.StaticConfig{ { Targets: []monitoringv1alpha1.Target{"http://localhost:9100"}, - Labels: map[monitoringv1.LabelName]string{ + Labels: map[string]string{ "label1": "value1_sharded", }, }, @@ -5646,7 +5598,7 @@ func TestScrapeConfigSpecConfig(t *testing.T) { StaticConfigs: []monitoringv1alpha1.StaticConfig{ { Targets: []monitoringv1alpha1.Target{"http://localhost:9100"}, - Labels: map[monitoringv1.LabelName]string{ + Labels: map[string]string{ "label1": "value1", }, }, @@ -6028,35 +5980,64 @@ func TestScrapeConfigSpecConfig(t *testing.T) { DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ { Names: []string{"node.demo.do.prometheus.io"}, - Type: ptr.To("A"), - Port: ptr.To(9100), + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeA), + Port: ptr.To(int32(9100)), }, }, }, golden: "ScrapeConfigSpecConfig_DNSSD_ARecord.golden", }, { - name: "dns_sd_config-ns-record", + name: "dns_sd_config-ns-record", + version: "v2.49.0", scSpec: monitoringv1alpha1.ScrapeConfigSpec{ DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ { Names: []string{"node.demo.do.prometheus.io"}, - Type: ptr.To("NS"), - Port: ptr.To(9100), + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeNS), + Port: ptr.To(int32(9100)), }, }, }, golden: "ScrapeConfigSpecConfig_DNSSD_NSRecord.golden", }, { - name: "dns_sd_config-ns-record-old-version", + name: "dns_sd_config-ns-record-unsupported-version", version: "v2.48.0", scSpec: monitoringv1alpha1.ScrapeConfigSpec{ DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ { Names: []string{"node.demo.do.prometheus.io"}, - Type: ptr.To("NS"), - Port: ptr.To(9100), + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeNS), + Port: ptr.To(int32(9100)), + }, + }, + }, + golden: "ScrapeConfigSpecConfig_DNSSD_NSRecord_OldVersion.golden", + }, + { + name: "dns_sd_config-mx-record", + version: "v2.39.0", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"node.demo.do.prometheus.io"}, + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeMX), + Port: ptr.To(int32(9100)), + }, + }, + }, + golden: "ScrapeConfigSpecConfig_DNSSD_MXRecord.golden", + }, + { + name: "dns_sd_config-mx-record-unsupported-version", + version: "v2.28.0", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"node.demo.do.prometheus.io"}, + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeNS), + Port: ptr.To(int32(9100)), }, }, }, @@ -6136,13 +6117,7 @@ func TestScrapeConfigSpecConfig(t *testing.T) { ) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -6158,20 +6133,232 @@ func TestScrapeConfigSpecConfig(t *testing.T) { }) } } - -func TestScrapeConfigSpecConfigWithKubernetesSD(t *testing.T) { +func TestScrapeConfigSpecConfigWithHTTPSD(t *testing.T) { for _, tc := range []struct { - name string - scSpec monitoringv1alpha1.ScrapeConfigSpec - golden string + name string + scSpec monitoringv1alpha1.ScrapeConfigSpec + golden string + version string }{ { - name: "kubernetes_sd_config", + name: "http_sd_config_with_proxy_config", scSpec: monitoringv1alpha1.ScrapeConfigSpec{ - KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + HTTPSDConfigs: []monitoringv1alpha1.HTTPSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), - ProxyConfig: monitoringv1.ProxyConfig{ + URL: "http://localhost:9100/sd.json", + FollowRedirects: ptr.To(true), + EnableHTTP2: ptr.To(true), + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://no-proxy.com"), + NoProxy: ptr.To("0.0.0.0"), + ProxyFromEnvironment: ptr.To(false), + ProxyConnectHeader: map[string][]v1.SecretKeySelector{ + "header": { + { + LocalObjectReference: v1.LocalObjectReference{ + Name: "foo", + }, + Key: "proxy-header", + }, + }, + }, + }, + }, + }, + }, + golden: "ScrapeConfigSpecConfig_HTTPSD_with_ProxyConfig.golden", + }, + { + name: "http_sd_config_basic_auth", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + HTTPSDConfigs: []monitoringv1alpha1.HTTPSDConfig{ + { + URL: "http://localhost:9100/sd.json", + BasicAuth: &monitoringv1.BasicAuth{ + Username: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "Username", + }, + Password: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "Password", + }, + }, + }, + }, + }, + golden: "ScrapeConfigSpecConfig_HTTPSD_with_BasicAuth.golden", + }, { + name: "http_sd_config_authorization", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + HTTPSDConfigs: []monitoringv1alpha1.HTTPSDConfig{ + { + URL: "http://localhost:9100/sd.json", + Authorization: &monitoringv1.SafeAuthorization{ + Credentials: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "token", + }, + }, + }, + }, + }, + golden: "ScrapeConfigSpecConfig_HTTPSD_with_Authorization.golden", + }, { + name: "http_sd_config_oauth", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + HTTPSDConfigs: []monitoringv1alpha1.HTTPSDConfig{ + { + URL: "http://localhost:9100/sd.json", + OAuth2: &monitoringv1.OAuth2{ + ClientID: monitoringv1.SecretOrConfigMap{ + ConfigMap: &v1.ConfigMapKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "oauth2", + }, + Key: "client_id", + }, + }, + ClientSecret: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "oauth2", + }, + Key: "client_secret", + }, + TokenURL: "http://test.url", + Scopes: []string{"scope 1", "scope 2"}, + EndpointParams: map[string]string{ + "param1": "value1", + "param2": "value2", + }, + }, + }, + }, + }, + golden: "ScrapeConfigSpecConfig_HTTPSD_with_OAuth.golden", + }, { + name: "http_sd_config_tls", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + HTTPSDConfigs: []monitoringv1alpha1.HTTPSDConfig{ + { + URL: "http://localhost:9100/sd.json", + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "ca", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "cert", + }, + }, + KeySecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "private-key", + }, + }, + }, + }, + }, + golden: "ScrapeConfigSpecConfig_HTTPSD_with_TLSConfig.golden", + }, + } { + t.Run(tc.name, func(t *testing.T) { + store := assets.NewTestStoreBuilder( + &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "proxy-header": []byte("value"), + "token": []byte("value"), + "Username": []byte("kube-admin"), + "Password": []byte("password"), + }, + }, + &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "oauth2", + Namespace: "default", + }, + Data: map[string]string{ + "client_id": "client-id", + }, + }, + &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "oauth2", + Namespace: "default", + }, + Data: map[string][]byte{ + "client_secret": []byte("client-secret"), + }, + }, + ) + + scs := map[string]*monitoringv1alpha1.ScrapeConfig{ + "sc": { + ObjectMeta: metav1.ObjectMeta{ + Name: "testscrapeconfig1", + Namespace: "default", + }, + Spec: tc.scSpec, + }, + } + + p := defaultPrometheus() + p.Spec.Version = tc.version + + cg := mustNewConfigGenerator(t, p) + cfg, err := cg.GenerateServerConfiguration( + p, + nil, + nil, + nil, + scs, + store, + nil, + nil, + nil, + nil, + ) + require.NoError(t, err) + golden.Assert(t, string(cfg), tc.golden) + }) + + } +} + +func TestScrapeConfigSpecConfigWithKubernetesSD(t *testing.T) { + for _, tc := range []struct { + name string + scSpec monitoringv1alpha1.ScrapeConfigSpec + golden string + version string + }{ + { + name: "kubernetes_sd_config", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: monitoringv1alpha1.KubernetesRoleNode, + ProxyConfig: monitoringv1.ProxyConfig{ ProxyURL: ptr.To("http://no-proxy.com"), NoProxy: ptr.To("0.0.0.0"), ProxyFromEnvironment: ptr.To(true), @@ -6198,7 +6385,7 @@ func TestScrapeConfigSpecConfigWithKubernetesSD(t *testing.T) { scSpec: monitoringv1alpha1.ScrapeConfigSpec{ KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Pod"), + Role: monitoringv1alpha1.KubernetesRolePod, Namespaces: &monitoringv1alpha1.NamespaceDiscovery{ IncludeOwnNamespace: ptr.To(true), Names: []string{"ns1", "ns2"}, @@ -6213,7 +6400,7 @@ func TestScrapeConfigSpecConfigWithKubernetesSD(t *testing.T) { scSpec: monitoringv1alpha1.ScrapeConfigSpec{ KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Pod"), + Role: monitoringv1alpha1.KubernetesRolePod, Namespaces: &monitoringv1alpha1.NamespaceDiscovery{ Names: []string{"ns1", "ns2"}, }, @@ -6227,7 +6414,7 @@ func TestScrapeConfigSpecConfigWithKubernetesSD(t *testing.T) { scSpec: monitoringv1alpha1.ScrapeConfigSpec{ KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Pod"), + Role: monitoringv1alpha1.KubernetesRolePod, AttachMetadata: &monitoringv1alpha1.AttachMetadata{ Node: ptr.To(true), }, @@ -6241,7 +6428,7 @@ func TestScrapeConfigSpecConfigWithKubernetesSD(t *testing.T) { scSpec: monitoringv1alpha1.ScrapeConfigSpec{ KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Service"), + Role: monitoringv1alpha1.KubernetesRoleService, AttachMetadata: &monitoringv1alpha1.AttachMetadata{ Node: ptr.To(true), }, @@ -6255,25 +6442,44 @@ func TestScrapeConfigSpecConfigWithKubernetesSD(t *testing.T) { scSpec: monitoringv1alpha1.ScrapeConfigSpec{ KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), + Role: monitoringv1alpha1.KubernetesRoleNode, + Selectors: []monitoringv1alpha1.K8SSelectorConfig{ + { + Role: monitoringv1alpha1.KubernetesRolePod, + Label: ptr.To("component=executor"), + }, + }, + }, + }, + }, + version: "2.18.0", + golden: "ScrapeConfigSpecConfig_K8SSD_with_Selectors.golden", + }, + { + name: "kubernetes_sd_config_with_selectors_unsupported_version", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: monitoringv1alpha1.KubernetesRoleNode, Selectors: []monitoringv1alpha1.K8SSelectorConfig{ { - Role: "node", - Label: "type=infra", - Field: "spec.unschedulable=false", + Role: monitoringv1alpha1.KubernetesRoleNode, + Label: ptr.To("type=infra"), + Field: ptr.To("spec.unschedulable=false"), }, }, }, }, }, - golden: "ScrapeConfigSpecConfig_K8SSD_with_Selectors.golden", + version: "2.16.0", + golden: "ScrapeConfigSpecConfig_K8SSD_with_Selectors_Unsupported_Version.golden", }, { name: "kubernetes_sd_config_basic_auth", scSpec: monitoringv1alpha1.ScrapeConfigSpec{ KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), + Role: monitoringv1alpha1.KubernetesRoleNode, BasicAuth: &monitoringv1.BasicAuth{ Username: v1.SecretKeySelector{ LocalObjectReference: v1.LocalObjectReference{ @@ -6297,7 +6503,7 @@ func TestScrapeConfigSpecConfigWithKubernetesSD(t *testing.T) { scSpec: monitoringv1alpha1.ScrapeConfigSpec{ KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), + Role: monitoringv1alpha1.KubernetesRoleNode, Authorization: &monitoringv1.SafeAuthorization{ Credentials: &v1.SecretKeySelector{ LocalObjectReference: v1.LocalObjectReference{ @@ -6315,7 +6521,7 @@ func TestScrapeConfigSpecConfigWithKubernetesSD(t *testing.T) { scSpec: monitoringv1alpha1.ScrapeConfigSpec{ KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), + Role: monitoringv1alpha1.KubernetesRoleNode, OAuth2: &monitoringv1.OAuth2{ ClientID: monitoringv1.SecretOrConfigMap{ ConfigMap: &v1.ConfigMapKeySelector{ @@ -6347,7 +6553,7 @@ func TestScrapeConfigSpecConfigWithKubernetesSD(t *testing.T) { scSpec: monitoringv1alpha1.ScrapeConfigSpec{ KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), + Role: monitoringv1alpha1.KubernetesRoleNode, TLSConfig: &monitoringv1.SafeTLSConfig{ CA: monitoringv1.SecretOrConfigMap{ Secret: &v1.SecretKeySelector{ @@ -6422,15 +6628,11 @@ func TestScrapeConfigSpecConfigWithKubernetesSD(t *testing.T) { } p := defaultPrometheus() + p.Spec.Version = tc.version + cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -6670,13 +6872,7 @@ func TestScrapeConfigSpecConfigWithConsulSD(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -6709,6 +6905,7 @@ func TestScrapeConfigSpecConfigWithEC2SD(t *testing.T) { name string scSpec monitoringv1alpha1.ScrapeConfigSpec golden string + version string expectedErr bool }{ { @@ -6730,7 +6927,7 @@ func TestScrapeConfigSpecConfigWithEC2SD(t *testing.T) { Key: "secretKey", }, RefreshInterval: ptr.To(monitoringv1.Duration("30s")), - Port: ptr.To(9100), + Port: ptr.To(int32(9100)), }, }, }, @@ -6744,7 +6941,7 @@ func TestScrapeConfigSpecConfigWithEC2SD(t *testing.T) { Region: ptr.To("us-east-1"), RoleARN: ptr.To("arn:aws:iam::123456789:role/prometheus-role"), RefreshInterval: ptr.To(monitoringv1.Duration("30s")), - Port: ptr.To(9100), + Port: ptr.To(int32(9100)), }, }, }, @@ -6758,8 +6955,33 @@ func TestScrapeConfigSpecConfigWithEC2SD(t *testing.T) { Region: ptr.To("us-east-1"), RoleARN: ptr.To("arn:aws:iam::123456789:role/prometheus-role"), RefreshInterval: ptr.To(monitoringv1.Duration("30s")), - Port: ptr.To(9100), - Filters: []*monitoringv1alpha1.EC2Filter{ + Port: ptr.To(int32(9100)), + Filters: []monitoringv1alpha1.Filter{ + { + Name: "tag:environment", + Values: []string{"prod"}, + }, + { + Name: "tag:service", + Values: []string{"web", "db"}, + }, + }, + }, + }, + }, + version: "2.3.0", + golden: "ScrapeConfigSpecConfig_EC2SDConfigFilters.golden", + }, + { + name: "ec2_sd_config_valid_with_filters_unsupported_version", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + Region: ptr.To("us-east-1"), + RoleARN: ptr.To("arn:aws:iam::123456789:role/prometheus-role"), + RefreshInterval: ptr.To(monitoringv1.Duration("30s")), + Port: ptr.To(int32(9100)), + Filters: []monitoringv1alpha1.Filter{ { Name: "tag:environment", Values: []string{"prod"}, @@ -6772,7 +6994,8 @@ func TestScrapeConfigSpecConfigWithEC2SD(t *testing.T) { }, }, }, - golden: "ScrapeConfigSpecConfig_EC2SDConfigFilters.golden", + version: "2.2.0", + golden: "ScrapeConfigSpecConfig_EC2SDConfigFilters_Unsupported_Version.golden", }, { name: "ec2_sd_config_invalid", @@ -6804,10 +7027,114 @@ func TestScrapeConfigSpecConfigWithEC2SD(t *testing.T) { }, golden: "ScrapeConfigSpecConfig_EC2SDConfigEmpty.golden", }, - } { - t.Run(tc.name, func(t *testing.T) { - scs := map[string]*monitoringv1alpha1.ScrapeConfig{ - "sc": { + { + name: "ec2_sd_config_proxyconfig", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + Region: ptr.To("us-east-1"), + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://no-proxy.com"), + NoProxy: ptr.To("0.0.0.0"), + ProxyFromEnvironment: ptr.To(true), + ProxyConnectHeader: map[string][]v1.SecretKeySelector{ + "header": { + { + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "proxy-header", + }, + }, + }, + }, + RefreshInterval: (*monitoringv1.Duration)(ptr.To("30s")), + FollowRedirects: ptr.To(true), + EnableHTTP2: ptr.To(true), + }, + }, + }, + golden: "ScrapeConfigSpecConfig_EC2SD_withProxyConfig.golden", + }, + { + name: "ec2_sd_config_http_and_tls", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + Region: ptr.To("us-east-1"), + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "ca", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "cert", + }, + }, + KeySecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "private-key", + }, + }, + FollowRedirects: ptr.To(true), + EnableHTTP2: ptr.To(true), + }, + }, + }, + version: "2.41.0", + golden: "ScrapeConfigSpecConfig_EC2SD_with_TLSConfig.golden", + }, + { + name: "ec2_sd_config_http_and_tls_unsupported_version", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + Region: ptr.To("us-east-1"), + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "ca", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "cert", + }, + }, + KeySecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "private-key", + }, + }, + FollowRedirects: ptr.To(true), + EnableHTTP2: ptr.To(true), + }, + }, + }, + version: "2.31.0", + golden: "ScrapeConfigSpecConfig_EC2SD_with_TLSConfig_Unsupported_Version.golden", + }} { + t.Run(tc.name, func(t *testing.T) { + scs := map[string]*monitoringv1alpha1.ScrapeConfig{ + "sc": { ObjectMeta: metav1.ObjectMeta{ Name: "testscrapeconfig1", Namespace: "default", @@ -6817,15 +7144,11 @@ func TestScrapeConfigSpecConfigWithEC2SD(t *testing.T) { } p := defaultPrometheus() + p.Spec.Version = tc.version + cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -6924,13 +7247,7 @@ func TestScrapeConfigSpecConfigWithAzureSD(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -6994,13 +7311,7 @@ func TestScrapeConfigSpecConfigWithGCESD(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -7101,13 +7412,7 @@ func TestScrapeConfigSpecConfigWithOpenStackSD(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -7290,13 +7595,7 @@ func TestScrapeConfigSpecConfigWithDigitalOceanSD(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -7315,9 +7614,10 @@ func TestScrapeConfigSpecConfigWithDigitalOceanSD(t *testing.T) { func TestScrapeConfigSpecConfigWithDockerSDConfig(t *testing.T) { for _, tc := range []struct { - name string - scSpec monitoringv1alpha1.ScrapeConfigSpec - golden string + name string + version string + scSpec monitoringv1alpha1.ScrapeConfigSpec + golden string }{ { name: "docker_sd_config_with_authorization", @@ -7353,11 +7653,13 @@ func TestScrapeConfigSpecConfigWithDockerSDConfig(t *testing.T) { Port: ptr.To(9100), RefreshInterval: ptr.To(monitoringv1.Duration("30s")), HostNetworkingHost: ptr.To("localhost"), - Filters: &[]monitoringv1alpha1.DockerFilter{ + Filters: []monitoringv1alpha1.Filter{ {Name: "dummy_label_1", Values: []string{"dummy_value_1"}}, {Name: "dummy_label_2", Values: []string{"dummy_value_2", "dummy_value_3"}}, + {Name: "a_dummy_label_1", + Values: []string{"dummy_value_2", "dummy_value_3"}}, }, TLSConfig: &monitoringv1.SafeTLSConfig{ CA: monitoringv1.SecretOrConfigMap{ @@ -7416,7 +7718,7 @@ func TestScrapeConfigSpecConfigWithDockerSDConfig(t *testing.T) { "param2": "value2", }, }, - Filters: &[]monitoringv1alpha1.DockerFilter{ + Filters: []monitoringv1alpha1.Filter{ {Name: "dummy_label_1", Values: []string{"dummy_value_1"}}, {Name: "dummy_label_2", @@ -7457,7 +7759,7 @@ func TestScrapeConfigSpecConfigWithDockerSDConfig(t *testing.T) { DockerSDConfigs: []monitoringv1alpha1.DockerSDConfig{ { Host: "hostAddress", - Filters: &[]monitoringv1alpha1.DockerFilter{ + Filters: []monitoringv1alpha1.Filter{ {Name: "dummy_label_1", Values: []string{"dummy_value_1"}}, {Name: "dummy_label_2", @@ -7506,6 +7808,120 @@ func TestScrapeConfigSpecConfigWithDockerSDConfig(t *testing.T) { }, golden: "ScrapeConfigSpecConfig_DockerSD_with_BasicAuth.golden", }, + { + name: "docker_sd_config_match_first_network", + version: "v2.54.1", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DockerSDConfigs: []monitoringv1alpha1.DockerSDConfig{ + { + Host: "hostAddress", + Filters: []monitoringv1alpha1.Filter{ + {Name: "dummy_label_1", + Values: []string{"dummy_value_1"}}, + {Name: "dummy_label_2", + Values: []string{"dummy_value_2", "dummy_value_3"}}, + }, + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "ca", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "cert", + }, + }, + KeySecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "private-key", + }, + }, + BasicAuth: &monitoringv1.BasicAuth{ + Username: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "foo", + }, + Key: "username", + }, + Password: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "foo", + }, + Key: "password", + }, + }, + MatchFirstNetwork: ptr.To(true), + }, + }, + }, + golden: "ScrapeConfigSpecConfig_DockerSD_with_MatchFirstNetwork.golden", + }, + { + name: "docker_sd_config_match_first_network_with_old_verison", + version: "v2.53.0", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DockerSDConfigs: []monitoringv1alpha1.DockerSDConfig{ + { + Host: "hostAddress", + Filters: []monitoringv1alpha1.Filter{ + {Name: "dummy_label_1", + Values: []string{"dummy_value_1"}}, + {Name: "dummy_label_2", + Values: []string{"dummy_value_2", "dummy_value_3"}}, + }, + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "ca", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "cert", + }, + }, + KeySecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "private-key", + }, + }, + BasicAuth: &monitoringv1.BasicAuth{ + Username: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "foo", + }, + Key: "username", + }, + Password: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "foo", + }, + Key: "password", + }, + }, + MatchFirstNetwork: ptr.To(true), + }, + }, + }, + golden: "ScrapeConfigSpecConfig_DockerSD_with_MatchFirstNetwork_OldVersion.golden", + }, } { t.Run(tc.name, func(t *testing.T) { store := assets.NewTestStoreBuilder( @@ -7551,15 +7967,12 @@ func TestScrapeConfigSpecConfigWithDockerSDConfig(t *testing.T) { } p := defaultPrometheus() + if tc.version != "" { + p.Spec.CommonPrometheusFields.Version = tc.version + } cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -7750,13 +8163,7 @@ func TestScrapeConfigSpecConfigWithLinodeSDConfig(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -7965,13 +8372,7 @@ func TestScrapeConfigSpecConfigWithHetznerSD(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -7988,15 +8389,85 @@ func TestScrapeConfigSpecConfigWithHetznerSD(t *testing.T) { } } -func TestTracingConfig(t *testing.T) { - samplingTwo := resource.MustParse("0.5") +func TestOTLPConfig(t *testing.T) { testCases := []struct { - tracingConfig *monitoringv1.PrometheusTracingConfig - name string - expectedErr bool - golden string - }{ - { + otlpConfig *monitoringv1.OTLPConfig + name string + version string + expectedErr bool + golden string + }{ + { + name: "Config promote resource attributes", + version: "v2.55.0", + otlpConfig: &monitoringv1.OTLPConfig{ + PromoteResourceAttributes: []string{"aa", "bb", "cc"}, + }, + golden: "OTLPConfig_Config_promote_resource_attributes.golden", + expectedErr: false, + }, + { + name: "Config promote resource attributes with old version", + version: "v2.53.0", + otlpConfig: &monitoringv1.OTLPConfig{ + PromoteResourceAttributes: []string{"aa", "bb", "cc"}, + }, + expectedErr: true, + }, + { + name: "Config Empty attributes", + version: "v2.55.0", + otlpConfig: &monitoringv1.OTLPConfig{ + PromoteResourceAttributes: []string{}, + }, + expectedErr: false, + golden: "OTLPConfig_Config_empty_attributes.golden", + }, + } + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + store := assets.NewTestStoreBuilder() + p := defaultPrometheus() + + if tc.version != "" { + p.Spec.CommonPrometheusFields.Version = tc.version + } + + p.Spec.CommonPrometheusFields.OTLP = tc.otlpConfig + + cg := mustNewConfigGenerator(t, p) + + cfg, err := cg.GenerateServerConfiguration( + p, + nil, + nil, + nil, + nil, + store, + nil, + nil, + nil, + nil, + ) + if tc.expectedErr { + require.Error(t, err) + } else { + require.NoError(t, err) + golden.Assert(t, string(cfg), tc.golden) + } + }) + } +} + +func TestTracingConfig(t *testing.T) { + samplingTwo := resource.MustParse("0.5") + testCases := []struct { + tracingConfig *monitoringv1.PrometheusTracingConfig + name string + expectedErr bool + golden string + }{ + { name: "Config only with endpoint", tracingConfig: &monitoringv1.PrometheusTracingConfig{ Endpoint: "https://otel-collector.default.svc.local:3333", @@ -8023,6 +8494,7 @@ func TestTracingConfig(t *testing.T) { } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { + store := assets.NewTestStoreBuilder() p := defaultPrometheus() p.Spec.CommonPrometheusFields.TracingConfig = tc.tracingConfig @@ -8030,18 +8502,12 @@ func TestTracingConfig(t *testing.T) { cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, - nil, + p, nil, nil, nil, nil, + store, nil, nil, nil, @@ -8174,6 +8640,49 @@ func TestScrapeConfigSpecConfigWithKumaSD(t *testing.T) { }, }, golden: "ScrapeConfigSpecConfig_KumaSD_with_TLSConfig.golden", + }, { + name: "kuma_sd_config_tls_tlsversion", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KumaSDConfigs: []monitoringv1alpha1.KumaSDConfig{ + { + Authorization: &monitoringv1.SafeAuthorization{ + Credentials: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "credential", + }, + }, + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "ca", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "cert", + }, + }, + KeySecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "key", + }, + MaxVersion: ptr.To(monitoringv1.TLSVersion12), + MinVersion: ptr.To(monitoringv1.TLSVersion10), + }, + }, + }, + }, + golden: "ScrapeConfigSpecConfig_KumaSD_with_TLSConfig_TLSVersion.golden", }} { t.Run(tc.name, func(t *testing.T) { store := assets.NewTestStoreBuilder( @@ -8221,13 +8730,7 @@ func TestScrapeConfigSpecConfigWithKumaSD(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -8400,14 +8903,14 @@ func TestScrapeClass(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - prometheus := defaultPrometheus() + p := defaultPrometheus() serviceMonitor := defaultServiceMonitor() podMonitor := defaultPodMonitor() probe := defaultProbe() scrapeConfig := defaultScrapeConfig() for _, sc := range tc.scrapeClass { - prometheus.Spec.ScrapeClasses = append(prometheus.Spec.ScrapeClasses, sc) + p.Spec.ScrapeClasses = append(p.Spec.ScrapeClasses, sc) if !ptr.Deref(sc.Default, false) { serviceMonitor.Spec.ScrapeClassName = ptr.To(sc.Name) podMonitor.Spec.ScrapeClassName = ptr.To(sc.Name) @@ -8416,16 +8919,10 @@ func TestScrapeClass(t *testing.T) { } } - cg := mustNewConfigGenerator(t, prometheus) + cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - prometheus.Spec.EvaluationInterval, - prometheus.Spec.QueryLogFile, - prometheus.Spec.RuleSelector, - prometheus.Spec.Exemplars, - prometheus.Spec.TSDB, - prometheus.Spec.Alerting, - prometheus.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{"monitor": serviceMonitor}, map[string]*monitoringv1.PodMonitor{"monitor": podMonitor}, map[string]*monitoringv1.Probe{"monitor": probe}, @@ -8523,11 +9020,11 @@ func TestServiceMonitorScrapeClassWithDefaultTLS(t *testing.T) { } for _, tc := range testCases { - prometheus := defaultPrometheus() + p := defaultPrometheus() serviceMonitor := defaultServiceMonitor() for _, sc := range tc.scrapeClass { - prometheus.Spec.ScrapeClasses = append(prometheus.Spec.ScrapeClasses, sc) + p.Spec.ScrapeClasses = append(p.Spec.ScrapeClasses, sc) if sc.Default == nil { serviceMonitor.Spec.ScrapeClassName = ptr.To(sc.Name) } @@ -8535,16 +9032,10 @@ func TestServiceMonitorScrapeClassWithDefaultTLS(t *testing.T) { serviceMonitor.Spec.Endpoints[0].TLSConfig = tc.tlsConfig - cg := mustNewConfigGenerator(t, prometheus) + cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - prometheus.Spec.EvaluationInterval, - prometheus.Spec.QueryLogFile, - prometheus.Spec.RuleSelector, - prometheus.Spec.Exemplars, - prometheus.Spec.TSDB, - prometheus.Spec.Alerting, - prometheus.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{"monitor": serviceMonitor}, nil, nil, @@ -8637,27 +9128,21 @@ func TestPodMonitorScrapeClassWithDefaultTLS(t *testing.T) { } for _, tc := range testCases { - prometheus := defaultPrometheus() + p := defaultPrometheus() podMonitor := defaultPodMonitor() for _, sc := range tc.scrapeClass { - prometheus.Spec.ScrapeClasses = append(prometheus.Spec.ScrapeClasses, sc) + p.Spec.ScrapeClasses = append(p.Spec.ScrapeClasses, sc) if sc.Default == nil { podMonitor.Spec.ScrapeClassName = ptr.To(sc.Name) } } podMonitor.Spec.PodMetricsEndpoints[0].TLSConfig = tc.tlsConfig - cg := mustNewConfigGenerator(t, prometheus) + cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - prometheus.Spec.EvaluationInterval, - prometheus.Spec.QueryLogFile, - prometheus.Spec.RuleSelector, - prometheus.Spec.Exemplars, - prometheus.Spec.TSDB, - prometheus.Spec.Alerting, - prometheus.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{"monitor": podMonitor}, nil, @@ -8674,7 +9159,10 @@ func TestPodMonitorScrapeClassWithDefaultTLS(t *testing.T) { } func TestNewConfigGeneratorWithMultipleDefaultScrapeClass(t *testing.T) { - logger := level.NewFilter(log.NewLogfmtLogger(os.Stdout), level.AllowWarn()) + logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + Level: slog.LevelWarn, + })) + p := defaultPrometheus() p.Spec.ScrapeClasses = []monitoringv1.ScrapeClass{ { @@ -8696,7 +9184,7 @@ func TestNewConfigGeneratorWithMultipleDefaultScrapeClass(t *testing.T) { }, }, } - _, err := NewConfigGenerator(log.With(logger, "test", "NewConfigGeneratorWithMultipleDefaultScrapeClass"), p, false) + _, err := NewConfigGenerator(logger.With("test", "NewConfigGeneratorWithMultipleDefaultScrapeClass"), p) require.Error(t, err) require.Equal(t, "failed to parse scrape classes: multiple default scrape classes defined", err.Error()) } @@ -8936,13 +9424,7 @@ func TestScrapeConfigSpecConfigWithEurekaSD(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -9125,13 +9607,7 @@ func TestScrapeConfigSpecConfigWithNomadSD(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -9187,7 +9663,7 @@ func TestScrapeConfigSpecConfigWithDockerswarmSD(t *testing.T) { FollowRedirects: ptr.To(true), EnableHTTP2: ptr.To(true), RefreshInterval: (*monitoringv1.Duration)(ptr.To("30s")), - Filters: []monitoringv1alpha1.DockerSwarmFilter{ + Filters: []monitoringv1alpha1.Filter{ { Name: "foo", Values: []string{"bar"}, @@ -9366,13 +9842,7 @@ func TestScrapeConfigSpecConfigWithDockerswarmSD(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -9601,13 +10071,7 @@ func TestScrapeConfigSpecConfigWithPuppetDBSD(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -9889,13 +10353,7 @@ func TestScrapeConfigSpecConfigWithLightSailSD(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -9973,13 +10431,7 @@ func TestScrapeConfigSpecConfigWithOVHCloudSD(t *testing.T) { p := defaultPrometheus() cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - nil, - nil, - p.Spec.TSDB, - nil, - nil, + p, nil, nil, nil, @@ -9996,49 +10448,347 @@ func TestScrapeConfigSpecConfigWithOVHCloudSD(t *testing.T) { } } -func TestServiceMonitorWithDefaultScrapeClassRelabelings(t *testing.T) { - prometheus := defaultPrometheus() - serviceMonitor := defaultServiceMonitor() - scrapeClasses := []monitoringv1.ScrapeClass{ +func TestScrapeConfigSpecConfigWithScalewaySD(t *testing.T) { + for _, tc := range []struct { + name string + scSpec monitoringv1alpha1.ScrapeConfigSpec + golden string + }{ { - Name: "default", - Default: ptr.To(true), - Relabelings: []monitoringv1.RelabelConfig{ - { - Action: "replace", - SourceLabels: []monitoringv1.LabelName{"__meta_kubernetes_pod_app_name"}, - TargetLabel: "app", + name: "scaleway_sd_config", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + ScalewaySDConfigs: []monitoringv1alpha1.ScalewaySDConfig{ + { + AccessKey: "AccessKey", + SecretKey: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "credential", + }, + ProjectID: "1", + Role: monitoringv1alpha1.ScalewayRoleInstance, + Zone: ptr.To("beijing-1"), + Port: ptr.To(int32(23456)), + ApiURL: ptr.To("https://api.scaleway.com/"), + NameFilter: ptr.To("name"), + TagsFilter: []string{"aa", "bb"}, + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://no-proxy.com"), + NoProxy: ptr.To("0.0.0.0"), + ProxyFromEnvironment: ptr.To(true), + ProxyConnectHeader: map[string][]v1.SecretKeySelector{ + "header": { + { + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "proxy-header", + }, + }, + }, + }, + FollowRedirects: ptr.To(true), + EnableHTTP2: ptr.To(true), + RefreshInterval: (*monitoringv1.Duration)(ptr.To("30s")), + }, }, }, - }, - { - Name: "not-default", - Relabelings: []monitoringv1.RelabelConfig{ - { - Action: "replace", - SourceLabels: []monitoringv1.LabelName{"__meta_kubernetes_pod_node_name"}, - TargetLabel: "node", + golden: "ScrapeConfigSpecConfig_ScaleWaySD.golden", + }, { + name: "scaleway_sd_config_tls", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + ScalewaySDConfigs: []monitoringv1alpha1.ScalewaySDConfig{ + { + AccessKey: "AccessKey", + SecretKey: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "credential", + }, + ProjectID: "1", + Role: monitoringv1alpha1.ScalewayRoleInstance, + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "ca", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "cert", + }, + }, + KeySecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "private-key", + }, + }, + }, }, }, - }, - } - - prometheus.Spec.ScrapeClasses = scrapeClasses - cg := mustNewConfigGenerator(t, prometheus) + golden: "ScrapeConfigSpecConfig_ScaleWaySD_with_TLSConfig.golden", + }} { + t.Run(tc.name, func(t *testing.T) { + store := assets.NewTestStoreBuilder( + &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "proxy-header": []byte("value"), + "token": []byte("value"), + "credential": []byte("value"), + }, + }, + &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "oauth2", + Namespace: "default", + }, + Data: map[string]string{ + "client_id": "client-id", + }, + }, + &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "oauth2", + Namespace: "default", + }, + Data: map[string][]byte{ + "client_secret": []byte("client-secret"), + }, + }, + ) - cfg, err := cg.GenerateServerConfiguration( - prometheus.Spec.EvaluationInterval, - prometheus.Spec.QueryLogFile, - prometheus.Spec.RuleSelector, - prometheus.Spec.Exemplars, - prometheus.Spec.TSDB, - prometheus.Spec.Alerting, - prometheus.Spec.RemoteRead, - map[string]*monitoringv1.ServiceMonitor{"monitor": serviceMonitor}, - nil, - nil, - nil, - &assets.StoreBuilder{}, + scs := map[string]*monitoringv1alpha1.ScrapeConfig{ + "sc": { + ObjectMeta: metav1.ObjectMeta{ + Name: "testscrapeconfig1", + Namespace: "default", + }, + Spec: tc.scSpec, + }, + } + + p := defaultPrometheus() + cg := mustNewConfigGenerator(t, p) + cfg, err := cg.GenerateServerConfiguration( + p, + nil, + nil, + nil, + scs, + store, + nil, + nil, + nil, + nil, + ) + require.NoError(t, err) + golden.Assert(t, string(cfg), tc.golden) + }) + } +} + +func TestScrapeConfigSpecConfigWithIonosSD(t *testing.T) { + for _, tc := range []struct { + name string + scSpec monitoringv1alpha1.ScrapeConfigSpec + golden string + }{ + { + name: "ionos_sd_config", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + IonosSDConfigs: []monitoringv1alpha1.IonosSDConfig{ + { + DataCenterID: "11111111-1111-1111-1111-111111111111", + Authorization: monitoringv1.SafeAuthorization{ + Credentials: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "credential", + }, + }, + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://no-proxy.com"), + NoProxy: ptr.To("0.0.0.0"), + ProxyFromEnvironment: ptr.To(true), + ProxyConnectHeader: map[string][]v1.SecretKeySelector{ + "header": { + { + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "proxy-header", + }, + }, + }, + }, + FollowRedirects: ptr.To(true), + EnableHTTP2: ptr.To(true), + Port: ptr.To(int32(9100)), + RefreshInterval: (*monitoringv1.Duration)(ptr.To("30s")), + }, + }, + }, + golden: "ScrapeConfigSpecConfig_IonosSD.golden", + }, + { + name: "ionos_sd_config_tls", + scSpec: monitoringv1alpha1.ScrapeConfigSpec{ + IonosSDConfigs: []monitoringv1alpha1.IonosSDConfig{ + { + DataCenterID: "11111111-1111-1111-1111-111111111111", + Authorization: monitoringv1.SafeAuthorization{ + Credentials: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "credential", + }, + }, + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "ca", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "cert", + }, + }, + KeySecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "private-key", + }, + }, + }, + }, + }, + golden: "ScrapeConfigSpecConfig_IonosSD_withTLSConfig.golden", + }, + } { + t.Run(tc.name, func(t *testing.T) { + store := assets.NewTestStoreBuilder( + &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "proxy-header": []byte("value"), + "token": []byte("value"), + "credential": []byte("value"), + }, + }, + &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "oauth2", + Namespace: "default", + }, + Data: map[string]string{ + "client_id": "client-id", + }, + }, + &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "oauth2", + Namespace: "default", + }, + Data: map[string][]byte{ + "client_secret": []byte("client-secret"), + }, + }, + ) + + scs := map[string]*monitoringv1alpha1.ScrapeConfig{ + "sc": { + ObjectMeta: metav1.ObjectMeta{ + Name: "testscrapeconfig1", + Namespace: "default", + }, + Spec: tc.scSpec, + }, + } + + p := defaultPrometheus() + cg := mustNewConfigGenerator(t, p) + cfg, err := cg.GenerateServerConfiguration( + p, + nil, + nil, + nil, + scs, + store, + nil, + nil, + nil, + nil, + ) + require.NoError(t, err) + golden.Assert(t, string(cfg), tc.golden) + }) + } +} + +func TestServiceMonitorWithDefaultScrapeClassRelabelings(t *testing.T) { + p := defaultPrometheus() + serviceMonitor := defaultServiceMonitor() + scrapeClasses := []monitoringv1.ScrapeClass{ + { + Name: "default", + Default: ptr.To(true), + Relabelings: []monitoringv1.RelabelConfig{ + { + Action: "replace", + SourceLabels: []monitoringv1.LabelName{"__meta_kubernetes_pod_app_name"}, + TargetLabel: "app", + }, + }, + }, + { + Name: "not-default", + Relabelings: []monitoringv1.RelabelConfig{ + { + Action: "replace", + SourceLabels: []monitoringv1.LabelName{"__meta_kubernetes_pod_node_name"}, + TargetLabel: "node", + }, + }, + }, + } + + p.Spec.ScrapeClasses = scrapeClasses + cg := mustNewConfigGenerator(t, p) + + cfg, err := cg.GenerateServerConfiguration( + p, + map[string]*monitoringv1.ServiceMonitor{"monitor": serviceMonitor}, + nil, + nil, + nil, + &assets.StoreBuilder{}, nil, nil, nil, @@ -10049,7 +10799,7 @@ func TestServiceMonitorWithDefaultScrapeClassRelabelings(t *testing.T) { } func TestServiceMonitorWithNonDefaultScrapeClassRelabelings(t *testing.T) { - prometheus := defaultPrometheus() + p := defaultPrometheus() serviceMonitor := defaultServiceMonitor() sc := monitoringv1.ScrapeClass{ Name: "test-extra-relabelings-scrape-class", @@ -10062,18 +10812,12 @@ func TestServiceMonitorWithNonDefaultScrapeClassRelabelings(t *testing.T) { }, } - prometheus.Spec.ScrapeClasses = append(prometheus.Spec.ScrapeClasses, sc) + p.Spec.ScrapeClasses = append(p.Spec.ScrapeClasses, sc) serviceMonitor.Spec.ScrapeClassName = ptr.To(sc.Name) - cg := mustNewConfigGenerator(t, prometheus) + cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - prometheus.Spec.EvaluationInterval, - prometheus.Spec.QueryLogFile, - prometheus.Spec.RuleSelector, - prometheus.Spec.Exemplars, - prometheus.Spec.TSDB, - prometheus.Spec.Alerting, - prometheus.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{"monitor": serviceMonitor}, nil, nil, @@ -10089,7 +10833,7 @@ func TestServiceMonitorWithNonDefaultScrapeClassRelabelings(t *testing.T) { } func TestPodMonitorWithDefaultScrapeClassRelabelings(t *testing.T) { - prometheus := defaultPrometheus() + p := defaultPrometheus() podMonitor := defaultPodMonitor() scrapeClasses := []monitoringv1.ScrapeClass{ { @@ -10115,17 +10859,11 @@ func TestPodMonitorWithDefaultScrapeClassRelabelings(t *testing.T) { }, } - prometheus.Spec.ScrapeClasses = scrapeClasses - cg := mustNewConfigGenerator(t, prometheus) + p.Spec.ScrapeClasses = scrapeClasses + cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - prometheus.Spec.EvaluationInterval, - prometheus.Spec.QueryLogFile, - prometheus.Spec.RuleSelector, - prometheus.Spec.Exemplars, - prometheus.Spec.TSDB, - prometheus.Spec.Alerting, - prometheus.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{"monitor": podMonitor}, nil, @@ -10141,7 +10879,7 @@ func TestPodMonitorWithDefaultScrapeClassRelabelings(t *testing.T) { } func TestPodMonitorWithNonDefaultScrapeClassRelabelings(t *testing.T) { - prometheus := defaultPrometheus() + p := defaultPrometheus() podMonitor := defaultPodMonitor() sc := monitoringv1.ScrapeClass{ Name: "test-extra-relabelings-scrape-class", @@ -10154,18 +10892,12 @@ func TestPodMonitorWithNonDefaultScrapeClassRelabelings(t *testing.T) { }, } - prometheus.Spec.ScrapeClasses = append(prometheus.Spec.ScrapeClasses, sc) + p.Spec.ScrapeClasses = append(p.Spec.ScrapeClasses, sc) podMonitor.Spec.ScrapeClassName = ptr.To(sc.Name) - cg := mustNewConfigGenerator(t, prometheus) + cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - prometheus.Spec.EvaluationInterval, - prometheus.Spec.QueryLogFile, - prometheus.Spec.RuleSelector, - prometheus.Spec.Exemplars, - prometheus.Spec.TSDB, - prometheus.Spec.Alerting, - prometheus.Spec.RemoteRead, + p, nil, map[string]*monitoringv1.PodMonitor{"monitor": podMonitor}, nil, @@ -10296,20 +11028,104 @@ func TestScrapeClassMetricRelabelings(t *testing.T) { }, } { t.Run(tc.name, func(t *testing.T) { - prometheus := defaultPrometheus() - prometheus.Spec.CommonPrometheusFields.EnforcedNamespaceLabel = "namespace" + p := defaultPrometheus() + p.Spec.CommonPrometheusFields.EnforcedNamespaceLabel = "namespace" + + p.Spec.ScrapeClasses = tc.scrapeClasses + cg := mustNewConfigGenerator(t, p) + + cfg, err := cg.GenerateServerConfiguration( + p, + tc.serviceMonitors, + tc.podMonitors, + tc.probes, + tc.scrapeConfigs, + &assets.StoreBuilder{}, + nil, + nil, + nil, + nil, + ) + require.NoError(t, err) + golden.Assert(t, string(cfg), tc.goldenFile) + }) + } +} + +func TestScrapeClassAttachMetadata(t *testing.T) { + serviceMonitorWithNonDefaultScrapeClass := defaultServiceMonitor() + serviceMonitorWithNonDefaultScrapeClass.Spec.ScrapeClassName = ptr.To("test-attachmetadata-scrape-class") + podMonitorWithNonDefaultScrapeClass := defaultPodMonitor() + podMonitorWithNonDefaultScrapeClass.Spec.ScrapeClassName = ptr.To("test-attachmetadata-scrape-class") + for _, tc := range []struct { + name string + scrapeClasses []monitoringv1.ScrapeClass + serviceMonitors map[string]*monitoringv1.ServiceMonitor + podMonitors map[string]*monitoringv1.PodMonitor + probes map[string]*monitoringv1.Probe + scrapeConfigs map[string]*monitoringv1alpha1.ScrapeConfig + goldenFile string + }{ + { + name: "ServiceMonitor with default ScrapeClass AttachMetadata", + scrapeClasses: []monitoringv1.ScrapeClass{ + { + Name: "default", + Default: ptr.To(true), + AttachMetadata: &monitoringv1.AttachMetadata{Node: ptr.To(true)}, + }, + }, + serviceMonitors: map[string]*monitoringv1.ServiceMonitor{"monitor": defaultServiceMonitor()}, + goldenFile: "serviceMonitorObjectWithDefaultScrapeClassWithAttachMetadata.golden", + }, + { + name: "ServiceMonitor with non-default ScrapeClass AttachMetadata", + scrapeClasses: []monitoringv1.ScrapeClass{ + { + Name: "test-attachmetadata-scrape-class", + AttachMetadata: &monitoringv1.AttachMetadata{Node: ptr.To(true)}, + }, + }, + serviceMonitors: map[string]*monitoringv1.ServiceMonitor{"monitor": serviceMonitorWithNonDefaultScrapeClass}, + goldenFile: "serviceMonitorObjectWithNonDefaultScrapeClassWithAttachMetadata.golden", + }, + { + name: "PodMonitor with default ScrapeClass AttachMetadata", + scrapeClasses: []monitoringv1.ScrapeClass{ + { + Name: "default", + Default: ptr.To(true), + AttachMetadata: &monitoringv1.AttachMetadata{Node: ptr.To(true)}, + }, + { + Name: "not-default", + AttachMetadata: &monitoringv1.AttachMetadata{Node: ptr.To(true)}, + }, + }, + podMonitors: map[string]*monitoringv1.PodMonitor{"monitor": defaultPodMonitor()}, + goldenFile: "podMonitorObjectWithDefaultScrapeClassWithAttachMetadata.golden", + }, + { + name: "PodMonitor with non-default ScrapeClass AttachMetadata", + scrapeClasses: []monitoringv1.ScrapeClass{ + { + Name: "test-attachmetadata-scrape-class", + AttachMetadata: &monitoringv1.AttachMetadata{Node: ptr.To(true)}, + }, + }, + podMonitors: map[string]*monitoringv1.PodMonitor{"monitor": podMonitorWithNonDefaultScrapeClass}, + goldenFile: "podMonitorObjectWithNonDefaultScrapeClassWithAttachMetadata.golden", + }, + } { + t.Run(tc.name, func(t *testing.T) { + p := defaultPrometheus() + p.Spec.CommonPrometheusFields.EnforcedNamespaceLabel = "namespace" - prometheus.Spec.ScrapeClasses = tc.scrapeClasses - cg := mustNewConfigGenerator(t, prometheus) + p.Spec.ScrapeClasses = tc.scrapeClasses + cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - prometheus.Spec.EvaluationInterval, - prometheus.Spec.QueryLogFile, - prometheus.Spec.RuleSelector, - prometheus.Spec.Exemplars, - prometheus.Spec.TSDB, - prometheus.Spec.Alerting, - prometheus.Spec.RemoteRead, + p, tc.serviceMonitors, tc.podMonitors, tc.probes, @@ -10320,6 +11136,7 @@ func TestScrapeClassMetricRelabelings(t *testing.T) { nil, nil, ) + require.NoError(t, err) golden.Assert(t, string(cfg), tc.goldenFile) }) @@ -10329,6 +11146,7 @@ func TestScrapeClassMetricRelabelings(t *testing.T) { func TestGenerateAlertmanagerConfig(t *testing.T) { for _, tc := range []struct { alerting *monitoringv1.AlertingSpec + sdRole *monitoringv1.ServiceDiscoveryRole golden string }{ { @@ -10340,7 +11158,8 @@ func TestGenerateAlertmanagerConfig(t *testing.T) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "foo", - Namespace: "other", + Namespace: ptr.To("other"), + Port: intstr.FromString("web"), }, }, }, @@ -10351,7 +11170,8 @@ func TestGenerateAlertmanagerConfig(t *testing.T) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "foo", - Namespace: "default", + Namespace: ptr.To("default"), + Port: intstr.FromString("web"), TLSConfig: &monitoringv1.TLSConfig{ SafeTLSConfig: monitoringv1.SafeTLSConfig{ CA: monitoringv1.SecretOrConfigMap{ @@ -10388,7 +11208,8 @@ func TestGenerateAlertmanagerConfig(t *testing.T) { Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { Name: "foo", - Namespace: "other", + Namespace: ptr.To("other"), + Port: intstr.FromString("web"), TLSConfig: &monitoringv1.TLSConfig{ SafeTLSConfig: monitoringv1.SafeTLSConfig{ CA: monitoringv1.SecretOrConfigMap{ @@ -10420,6 +11241,19 @@ func TestGenerateAlertmanagerConfig(t *testing.T) { }, golden: "AlertmanagerConfigTLSconfigOtherNamespace.golden", }, + { + alerting: &monitoringv1.AlertingSpec{ + Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ + { + Name: "foo", + Namespace: ptr.To("default"), + Port: intstr.FromString("web"), + }, + }, + }, + sdRole: ptr.To(monitoringv1.EndpointSliceRole), + golden: "AlertmanagerConfigEndpointSlice.golden", + }, } { t.Run("", func(t *testing.T) { p := &monitoringv1.Prometheus{ @@ -10429,18 +11263,15 @@ func TestGenerateAlertmanagerConfig(t *testing.T) { }, Spec: monitoringv1.PrometheusSpec{ Alerting: tc.alerting, + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + ServiceDiscoveryRole: tc.sdRole, + }, }, } cg := mustNewConfigGenerator(t, p) cfg, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, map[string]*monitoringv1.ServiceMonitor{}, nil, nil, @@ -10457,3 +11288,209 @@ func TestGenerateAlertmanagerConfig(t *testing.T) { }) } } + +func TestAlertmanagerTLSConfig(t *testing.T) { + for _, tc := range []struct { + name string + version string + alerting *monitoringv1.AlertingSpec + golden string + }{ + { + name: "Valid Prom Version with TLSConfig", + version: "2.26.0", + alerting: &monitoringv1.AlertingSpec{ + Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ + { + Name: "foo", + Namespace: ptr.To("other"), + TLSConfig: &monitoringv1.TLSConfig{ + SafeTLSConfig: monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "ca", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "cert", + }, + }, + KeySecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "private-key", + }, + MaxVersion: ptr.To(monitoringv1.TLSVersion12), + MinVersion: ptr.To(monitoringv1.TLSVersion10), + }, + }, + }, + }, + }, + golden: "AlertmanagerTLSConfig_Valid_Prom_TLSConfig.golden", + }, + { + name: "Invalid Prom Version with TLSConfig MinVersion", + version: "2.36.0", + alerting: &monitoringv1.AlertingSpec{ + Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ + { + Name: "foo", + Namespace: ptr.To("other"), + TLSConfig: &monitoringv1.TLSConfig{ + SafeTLSConfig: monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "ca", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "cert", + }, + }, + KeySecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "private-key", + }, + MinVersion: ptr.To(monitoringv1.TLSVersion10), + }, + }, + }, + }, + }, + golden: "AlertmanagerTLSConfig_Valid_Prom_TLSConfig_MinVersion.golden", + }, + { + name: "Invalid Prom Version with TLSConfig MaxVersion", + version: "2.41.0", + alerting: &monitoringv1.AlertingSpec{ + + Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ + { + Name: "foo", + Namespace: ptr.To("other"), + TLSConfig: &monitoringv1.TLSConfig{ + SafeTLSConfig: monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "ca", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "cert", + }, + }, + KeySecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "private-key", + }, + MaxVersion: ptr.To(monitoringv1.TLSVersion12), + }, + }, + }, + }, + }, + golden: "AlertmanagerTLSConfig_Valid_Prom_TLSConfig_MaxVersion.golden", + }, + { + name: "Invalid Prom Version with TLSConfig MaxVersion and MinVersion", + version: "2.51.0", + alerting: &monitoringv1.AlertingSpec{ + + Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ + { + Name: "foo", + Namespace: ptr.To("other"), + TLSConfig: &monitoringv1.TLSConfig{ + SafeTLSConfig: monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "ca", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "cert", + }, + }, + KeySecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "tls", + }, + Key: "private-key", + }, + MaxVersion: ptr.To(monitoringv1.TLSVersion12), + MinVersion: ptr.To(monitoringv1.TLSVersion10), + }, + }, + }, + }, + }, + golden: "AlertmanagerTLSConfig_Valid_Prom_TLSConfig_MaxVersion_MinVersion.golden", + }, + } { + + p := &monitoringv1.Prometheus{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "default", + }, + Spec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Version: tc.version, + }, + Alerting: tc.alerting, + }, + } + + cg := mustNewConfigGenerator(t, p) + cfg, err := cg.GenerateServerConfiguration( + p, + map[string]*monitoringv1.ServiceMonitor{}, + nil, + nil, + nil, + assets.NewTestStoreBuilder(), + nil, + nil, + nil, + nil, + ) + + require.NoError(t, err) + golden.Assert(t, string(cfg), tc.golden) + + } +} diff --git a/pkg/prometheus/resource_selector.go b/pkg/prometheus/resource_selector.go index 024c6a5d3e9..c23e808011f 100644 --- a/pkg/prometheus/resource_selector.go +++ b/pkg/prometheus/resource_selector.go @@ -18,14 +18,13 @@ import ( "context" "errors" "fmt" + "log/slog" "net/url" "regexp" "strings" "github.com/asaskevich/govalidator" "github.com/blang/semver/v4" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/prometheus/common/model" "github.com/prometheus/prometheus/model/relabel" v1 "k8s.io/api/core/v1" @@ -44,8 +43,9 @@ import ( ) type ResourceSelector struct { - l log.Logger + l *slog.Logger p monitoringv1.PrometheusInterface + version semver.Version store *assets.StoreBuilder namespaceInformers cache.SharedIndexInformer metrics *operator.Metrics @@ -56,16 +56,23 @@ type ResourceSelector struct { type ListAllByNamespaceFn func(namespace string, selector labels.Selector, appendFn cache.AppendFunc) error -func NewResourceSelector(l log.Logger, p monitoringv1.PrometheusInterface, store *assets.StoreBuilder, namespaceInformers cache.SharedIndexInformer, metrics *operator.Metrics, eventRecorder record.EventRecorder) *ResourceSelector { +func NewResourceSelector(l *slog.Logger, p monitoringv1.PrometheusInterface, store *assets.StoreBuilder, namespaceInformers cache.SharedIndexInformer, metrics *operator.Metrics, eventRecorder record.EventRecorder) (*ResourceSelector, error) { + promVersion := operator.StringValOrDefault(p.GetCommonPrometheusFields().Version, operator.DefaultPrometheusVersion) + version, err := semver.ParseTolerant(promVersion) + if err != nil { + return nil, fmt.Errorf("failed to parse Prometheus version: %w", err) + } + return &ResourceSelector{ l: l, p: p, + version: version, store: store, namespaceInformers: namespaceInformers, metrics: metrics, eventRecorder: eventRecorder, accessor: operator.NewAccessor(l), - } + }, nil } // SelectServiceMonitors selects ServiceMonitors based on the selectors in the Prometheus CR and filters them @@ -98,7 +105,7 @@ func (rs *ResourceSelector) SelectServiceMonitors(ctx context.Context, listFn Li } } - level.Debug(rs.l).Log("msg", "filtering namespaces to select ServiceMonitors from", "namespaces", strings.Join(namespaces, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) + rs.l.Debug("filtering namespaces to select ServiceMonitors from", "namespaces", strings.Join(namespaces, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) for _, ns := range namespaces { err := listFn(ns, servMonSelector, func(obj interface{}) { @@ -106,7 +113,7 @@ func (rs *ResourceSelector) SelectServiceMonitors(ctx context.Context, listFn Li if ok { svcMon := obj.(*monitoringv1.ServiceMonitor).DeepCopy() if err := k8sutil.AddTypeInformationToObject(svcMon); err != nil { - level.Error(rs.l).Log("msg", "failed to set ServiceMonitor type information", "namespace", ns, "err", err) + rs.l.Error("failed to set ServiceMonitor type information", "namespace", ns, "err", err) return } serviceMonitors[k] = svcMon @@ -123,8 +130,7 @@ func (rs *ResourceSelector) SelectServiceMonitors(ctx context.Context, listFn Li var err error rejectFn := func(sm *monitoringv1.ServiceMonitor, err error) { rejected++ - level.Warn(rs.l).Log( - "msg", "skipping servicemonitor", + rs.l.Warn("skipping servicemonitor", "error", err.Error(), "servicemonitor", namespaceAndName, "namespace", objMeta.GetNamespace(), @@ -176,12 +182,12 @@ func (rs *ResourceSelector) SelectServiceMonitors(ctx context.Context, listFn Li break } - if err = ValidateRelabelConfigs(rs.p, endpoint.RelabelConfigs); err != nil { + if err = rs.ValidateRelabelConfigs(endpoint.RelabelConfigs); err != nil { rejectFn(sm, fmt.Errorf("relabelConfigs: %w", err)) break } - if err = ValidateRelabelConfigs(rs.p, endpoint.MetricRelabelConfigs); err != nil { + if err = rs.ValidateRelabelConfigs(endpoint.MetricRelabelConfigs); err != nil { rejectFn(sm, fmt.Errorf("metricRelabelConfigs: %w", err)) break } @@ -208,7 +214,7 @@ func (rs *ResourceSelector) SelectServiceMonitors(ctx context.Context, listFn Li for k := range res { smKeys = append(smKeys, k) } - level.Debug(rs.l).Log("msg", "selected ServiceMonitors", "servicemonitors", strings.Join(smKeys, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) + rs.l.Debug("selected ServiceMonitors", "servicemonitors", strings.Join(smKeys, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) if pKey, ok := rs.accessor.MetaNamespaceKey(rs.p); ok { rs.metrics.SetSelectedResources(pKey, monitoringv1.ServiceMonitorsKind, len(res)) @@ -218,6 +224,11 @@ func (rs *ResourceSelector) SelectServiceMonitors(ctx context.Context, listFn Li return res, nil } +func (rs *ResourceSelector) ValidateRelabelConfigs(rcs []monitoringv1.RelabelConfig) error { + lcv := &LabelConfigValidator{v: rs.version} + return lcv.Validate(rcs) +} + func testForArbitraryFSAccess(e monitoringv1.Endpoint) error { //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if e.BearerTokenFile != "" { @@ -246,9 +257,25 @@ func validateScrapeIntervalAndTimeout(p monitoringv1.PrometheusInterface, scrape return CompareScrapeTimeoutToScrapeInterval(scrapeTimeout, scrapeInterval) } -func ValidateRelabelConfigs(p monitoringv1.PrometheusInterface, rcs []monitoringv1.RelabelConfig) error { +type LabelConfigValidator struct { + v semver.Version +} + +func NewLabelConfigValidator(p monitoringv1.PrometheusInterface) (*LabelConfigValidator, error) { + promVersion := operator.StringValOrDefault(p.GetCommonPrometheusFields().Version, operator.DefaultPrometheusVersion) + v, err := semver.ParseTolerant(promVersion) + if err != nil { + return nil, fmt.Errorf("failed to parse Prometheus version: %w", err) + } + + return &LabelConfigValidator{ + v: v, + }, nil +} + +func (lcv *LabelConfigValidator) Validate(rcs []monitoringv1.RelabelConfig) error { for i, rc := range rcs { - if err := validateRelabelConfig(p, rc); err != nil { + if err := lcv.validate(rc); err != nil { return fmt.Errorf("[%d]: %w", i, err) } } @@ -256,17 +283,11 @@ func ValidateRelabelConfigs(p monitoringv1.PrometheusInterface, rcs []monitoring return nil } -func validateRelabelConfig(p monitoringv1.PrometheusInterface, rc monitoringv1.RelabelConfig) error { +func (lcv *LabelConfigValidator) validate(rc monitoringv1.RelabelConfig) error { relabelTarget := regexp.MustCompile(`^(?:(?:[a-zA-Z_]|\$(?:\{\w+\}|\w+))+\w*)+$`) - promVersion := operator.StringValOrDefault(p.GetCommonPrometheusFields().Version, operator.DefaultPrometheusVersion) - - version, err := semver.ParseTolerant(promVersion) - if err != nil { - return fmt.Errorf("failed to parse Prometheus version: %w", err) - } - minimumVersionCaseActions := version.GTE(semver.MustParse("2.36.0")) - minimumVersionEqualActions := version.GTE(semver.MustParse("2.41.0")) + minimumVersionCaseActions := lcv.v.GTE(semver.MustParse("2.36.0")) + minimumVersionEqualActions := lcv.v.GTE(semver.MustParse("2.41.0")) if rc.Action == "" { rc.Action = string(relabel.Replace) } @@ -381,7 +402,7 @@ func (rs *ResourceSelector) SelectPodMonitors(ctx context.Context, listFn ListAl } } - level.Debug(rs.l).Log("msg", "filtering namespaces to select PodMonitors from", "namespaces", strings.Join(namespaces, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) + rs.l.Debug("filtering namespaces to select PodMonitors from", "namespaces", strings.Join(namespaces, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) for _, ns := range namespaces { err := listFn(ns, podMonSelector, func(obj interface{}) { @@ -389,7 +410,7 @@ func (rs *ResourceSelector) SelectPodMonitors(ctx context.Context, listFn ListAl if ok { podMon := obj.(*monitoringv1.PodMonitor).DeepCopy() if err := k8sutil.AddTypeInformationToObject(podMon); err != nil { - level.Error(rs.l).Log("msg", "failed to set PodMonitor type information", "namespace", ns, "err", err) + rs.l.Error("failed to set PodMonitor type information", "namespace", ns, "err", err) return } podMonitors[k] = podMon @@ -406,8 +427,7 @@ func (rs *ResourceSelector) SelectPodMonitors(ctx context.Context, listFn ListAl var err error rejectFn := func(pm *monitoringv1.PodMonitor, err error) { rejected++ - level.Warn(rs.l).Log( - "msg", "skipping podmonitor", + rs.l.Warn("skipping podmonitor", "error", err.Error(), "podmonitor", namespaceAndName, "namespace", objMeta.GetNamespace(), @@ -452,12 +472,12 @@ func (rs *ResourceSelector) SelectPodMonitors(ctx context.Context, listFn ListAl break } - if err = ValidateRelabelConfigs(rs.p, endpoint.RelabelConfigs); err != nil { + if err = rs.ValidateRelabelConfigs(endpoint.RelabelConfigs); err != nil { rejectFn(pm, fmt.Errorf("relabelConfigs: %w", err)) break } - if err = ValidateRelabelConfigs(rs.p, endpoint.MetricRelabelConfigs); err != nil { + if err = rs.ValidateRelabelConfigs(endpoint.MetricRelabelConfigs); err != nil { rejectFn(pm, fmt.Errorf("metricRelabelConfigs: %w", err)) break } @@ -484,7 +504,7 @@ func (rs *ResourceSelector) SelectPodMonitors(ctx context.Context, listFn ListAl for k := range res { pmKeys = append(pmKeys, k) } - level.Debug(rs.l).Log("msg", "selected PodMonitors", "podmonitors", strings.Join(pmKeys, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) + rs.l.Debug("selected PodMonitors", "podmonitors", strings.Join(pmKeys, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) if pKey, ok := rs.accessor.MetaNamespaceKey(rs.p); ok { rs.metrics.SetSelectedResources(pKey, monitoringv1.PodMonitorsKind, len(res)) @@ -524,14 +544,14 @@ func (rs *ResourceSelector) SelectProbes(ctx context.Context, listFn ListAllByNa } } - level.Debug(rs.l).Log("msg", "filtering namespaces to select Probes from", "namespaces", strings.Join(namespaces, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) + rs.l.Debug("filtering namespaces to select Probes from", "namespaces", strings.Join(namespaces, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) for _, ns := range namespaces { err := listFn(ns, bMonSelector, func(obj interface{}) { if k, ok := rs.accessor.MetaNamespaceKey(obj); ok { probe := obj.(*monitoringv1.Probe).DeepCopy() if err := k8sutil.AddTypeInformationToObject(probe); err != nil { - level.Error(rs.l).Log("msg", "failed to set Probe type information", "namespace", ns, "err", err) + rs.l.Error("failed to set Probe type information", "namespace", ns, "err", err) return } probes[k] = probe @@ -548,8 +568,7 @@ func (rs *ResourceSelector) SelectProbes(ctx context.Context, listFn ListAllByNa for probeName, probe := range probes { rejectFn := func(probe *monitoringv1.Probe, err error) { rejected++ - level.Warn(rs.l).Log( - "msg", "skipping probe", + rs.l.Warn("skipping probe", "error", err.Error(), "probe", probeName, "namespace", objMeta.GetNamespace(), @@ -602,14 +621,14 @@ func (rs *ResourceSelector) SelectProbes(ctx context.Context, listFn ListAllByNa continue } - if err = ValidateRelabelConfigs(rs.p, probe.Spec.MetricRelabelConfigs); err != nil { + if err = rs.ValidateRelabelConfigs(probe.Spec.MetricRelabelConfigs); err != nil { err = fmt.Errorf("metricRelabelConfigs: %w", err) rejectFn(probe, err) continue } if probe.Spec.Targets.StaticConfig != nil { - if err = ValidateRelabelConfigs(rs.p, probe.Spec.Targets.StaticConfig.RelabelConfigs); err != nil { + if err = rs.ValidateRelabelConfigs(probe.Spec.Targets.StaticConfig.RelabelConfigs); err != nil { err = fmt.Errorf("targets.staticConfig.relabelConfigs: %w", err) rejectFn(probe, err) continue @@ -617,7 +636,7 @@ func (rs *ResourceSelector) SelectProbes(ctx context.Context, listFn ListAllByNa } if probe.Spec.Targets.Ingress != nil { - if err = ValidateRelabelConfigs(rs.p, probe.Spec.Targets.Ingress.RelabelConfigs); err != nil { + if err = rs.ValidateRelabelConfigs(probe.Spec.Targets.Ingress.RelabelConfigs); err != nil { err = fmt.Errorf("targets.ingress.relabelConfigs: %w", err) rejectFn(probe, err) continue @@ -642,7 +661,7 @@ func (rs *ResourceSelector) SelectProbes(ctx context.Context, listFn ListAllByNa for k := range res { probeKeys = append(probeKeys, k) } - level.Debug(rs.l).Log("msg", "selected Probes", "probes", strings.Join(probeKeys, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) + rs.l.Debug("selected Probes", "probes", strings.Join(probeKeys, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) if pKey, ok := rs.accessor.MetaNamespaceKey(rs.p); ok { rs.metrics.SetSelectedResources(pKey, monitoringv1.ProbesKind, len(res)) @@ -674,6 +693,7 @@ func validateProberURL(url string) error { return fmt.Errorf("invalid port: %q", hostPort[1]) } } + return nil } @@ -686,6 +706,7 @@ func validateServer(server string) error { if len(parsedURL.Scheme) == 0 || len(parsedURL.Host) == 0 { return fmt.Errorf("must not be empty and have a scheme: %s", server) } + return nil } @@ -719,14 +740,14 @@ func (rs *ResourceSelector) SelectScrapeConfigs(ctx context.Context, listFn List } } - level.Debug(rs.l).Log("msg", "filtering namespaces to select ScrapeConfigs from", "namespaces", strings.Join(namespaces, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) + rs.l.Debug("filtering namespaces to select ScrapeConfigs from", "namespaces", strings.Join(namespaces, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) for _, ns := range namespaces { err := listFn(ns, sConSelector, func(obj interface{}) { if k, ok := rs.accessor.MetaNamespaceKey(obj); ok { scrapeConfig := obj.(*monitoringv1alpha1.ScrapeConfig).DeepCopy() if err := k8sutil.AddTypeInformationToObject(scrapeConfig); err != nil { - level.Error(rs.l).Log("msg", "failed to set ScrapeConfig type information", "namespace", ns, "err", err) + rs.l.Error("failed to set ScrapeConfig type information", "namespace", ns, "err", err) return } scrapeConfigs[k] = scrapeConfig @@ -743,8 +764,7 @@ func (rs *ResourceSelector) SelectScrapeConfigs(ctx context.Context, listFn List for scName, sc := range scrapeConfigs { rejectFn := func(sc *monitoringv1alpha1.ScrapeConfig, err error) { rejected++ - level.Warn(rs.l).Log( - "msg", "skipping scrapeconfig", + rs.l.Warn("skipping scrapeconfig", "error", err.Error(), "scrapeconfig", scName, "namespace", objMeta.GetNamespace(), @@ -758,7 +778,7 @@ func (rs *ResourceSelector) SelectScrapeConfigs(ctx context.Context, listFn List continue } - if err = ValidateRelabelConfigs(rs.p, sc.Spec.RelabelConfigs); err != nil { + if err = rs.ValidateRelabelConfigs(sc.Spec.RelabelConfigs); err != nil { rejectFn(sc, fmt.Errorf("relabelConfigs: %w", err)) continue } @@ -773,6 +793,11 @@ func (rs *ResourceSelector) SelectScrapeConfigs(ctx context.Context, listFn List continue } + if err = rs.store.AddOAuth2(ctx, sc.GetNamespace(), sc.Spec.OAuth2); err != nil { + rejectFn(sc, err) + continue + } + if err = rs.store.AddSafeTLSConfig(ctx, sc.GetNamespace(), sc.Spec.TLSConfig); err != nil { rejectFn(sc, err) continue @@ -792,16 +817,23 @@ func (rs *ResourceSelector) SelectScrapeConfigs(ctx context.Context, listFn List continue } - if err = validateProxyConfig(ctx, sc.Spec.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err = addProxyConfigToStore(ctx, sc.Spec.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { rejectFn(sc, err) continue } - if err = ValidateRelabelConfigs(rs.p, sc.Spec.MetricRelabelConfigs); err != nil { + if err = rs.ValidateRelabelConfigs(sc.Spec.MetricRelabelConfigs); err != nil { rejectFn(sc, fmt.Errorf("metricRelabelConfigs: %w", err)) continue } + // The Kubernetes API can't do the validation (for now) because kubebuilder validation markers don't work on map keys with custom type. + // https://github.com/prometheus-operator/prometheus-operator/issues/6889 + if err = rs.validateStaticConfig(sc); err != nil { + rejectFn(sc, fmt.Errorf("staticConfigs: %w", err)) + continue + } + if err = rs.validateHTTPSDConfigs(ctx, sc); err != nil { rejectFn(sc, fmt.Errorf("httpSDConfigs: %w", err)) continue @@ -892,6 +924,16 @@ func (rs *ResourceSelector) SelectScrapeConfigs(ctx context.Context, listFn List continue } + if err = rs.validateScalewaySDConfigs(ctx, sc); err != nil { + rejectFn(sc, fmt.Errorf("ScalewaySDConfigs: %w", err)) + continue + } + + if err = rs.validateIonosSDConfigs(ctx, sc); err != nil { + rejectFn(sc, fmt.Errorf("IonosSDConfigs: %w", err)) + continue + } + res[scName] = sc } @@ -899,7 +941,7 @@ func (rs *ResourceSelector) SelectScrapeConfigs(ctx context.Context, listFn List for k := range res { scrapeConfigKeys = append(scrapeConfigKeys, k) } - level.Debug(rs.l).Log("msg", "selected ScrapeConfigs", "scrapeConfig", strings.Join(scrapeConfigKeys, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) + rs.l.Debug("selected ScrapeConfigs", "scrapeConfig", strings.Join(scrapeConfigKeys, ","), "namespace", objMeta.GetNamespace(), "prometheus", objMeta.GetName()) if sKey, ok := rs.accessor.MetaNamespaceKey(rs.p); ok { rs.metrics.SetSelectedResources(sKey, monitoringv1alpha1.ScrapeConfigsKind, len(res)) @@ -927,7 +969,7 @@ func (rs *ResourceSelector) validateKubernetesSDConfigs(ctx context.Context, sc return fmt.Errorf("[%d]: %w", i, err) } - if err := validateProxyConfig(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { return fmt.Errorf("[%d]: %w", i, err) } @@ -966,15 +1008,20 @@ func (rs *ResourceSelector) validateKubernetesSDConfigs(ctx context.Context, sc } for _, s := range config.Selectors { - if _, err := fields.ParseSelector(s.Field); err != nil { - return fmt.Errorf("[%d]: %w", i, err) + if s.Field != nil { + if _, err := fields.ParseSelector(*s.Field); err != nil { + return fmt.Errorf("[%d]: %w", i, err) + } } - if _, err := labels.Parse(s.Label); err != nil { - return fmt.Errorf("[%d]: %w", i, err) + if s.Label != nil { + if _, err := labels.Parse(*s.Label); err != nil { + return fmt.Errorf("[%d]: %w", i, err) + } } } } + return nil } @@ -998,15 +1045,24 @@ func (rs *ResourceSelector) validateConsulSDConfigs(ctx context.Context, sc *mon } } - if err := validateProxyConfig(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { return fmt.Errorf("[%d]: %w", i, err) } } + return nil } func (rs *ResourceSelector) validateHTTPSDConfigs(ctx context.Context, sc *monitoringv1alpha1.ScrapeConfig) error { + if rs.version.LT(semver.MustParse("2.28.0")) { + return fmt.Errorf("HTTP SD configuration is only supported for Prometheus version >= 2.28.0") + } + for i, config := range sc.Spec.HTTPSDConfigs { + if _, err := url.Parse(config.URL); err != nil { + return fmt.Errorf("[%d]: %w", i, err) + } + if err := rs.store.AddBasicAuth(ctx, sc.GetNamespace(), config.BasicAuth); err != nil { return fmt.Errorf("[%d]: %w", i, err) } @@ -1015,11 +1071,15 @@ func (rs *ResourceSelector) validateHTTPSDConfigs(ctx context.Context, sc *monit return fmt.Errorf("[%d]: %w", i, err) } + if err := rs.store.AddOAuth2(ctx, sc.GetNamespace(), config.OAuth2); err != nil { + return fmt.Errorf("[%d]: %w", i, err) + } + if err := rs.store.AddSafeTLSConfig(ctx, sc.GetNamespace(), config.TLSConfig); err != nil { return fmt.Errorf("[%d]: %w", i, err) } - if err := validateProxyConfig(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { return fmt.Errorf("[%d]: %w", i, err) } } @@ -1035,6 +1095,7 @@ func (rs *ResourceSelector) validateDNSSDConfigs(sc *monitoringv1alpha1.ScrapeCo } } } + return nil } @@ -1051,20 +1112,23 @@ func (rs *ResourceSelector) validateEC2SDConfigs(ctx context.Context, sc *monito return fmt.Errorf("[%d]: %w", i, err) } } + + if err := rs.store.AddSafeTLSConfig(ctx, sc.GetNamespace(), config.TLSConfig); err != nil { + return fmt.Errorf("[%d]: %w", i, err) + } + + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + return fmt.Errorf("[%d]: %w", i, err) + } } + return nil } func (rs *ResourceSelector) validateAzureSDConfigs(ctx context.Context, sc *monitoringv1alpha1.ScrapeConfig) error { - promVersion := operator.StringValOrDefault(rs.p.GetCommonPrometheusFields().Version, operator.DefaultPrometheusVersion) - version, err := semver.ParseTolerant(promVersion) - if err != nil { - return fmt.Errorf("failed to parse Prometheus version: %w", err) - } - for i, config := range sc.Spec.AzureSDConfigs { authMethod := ptr.Deref(config.AuthenticationMethod, "") - if authMethod == "SDK" && !version.GTE(semver.MustParse("2.52.0")) { + if authMethod == "SDK" && rs.version.LT(semver.MustParse("2.52.0")) { return fmt.Errorf("[%d]: SDK authentication is only supported from Prometheus version 2.52.0", i) } @@ -1089,6 +1153,7 @@ func (rs *ResourceSelector) validateAzureSDConfigs(ctx context.Context, sc *moni return fmt.Errorf("[%d]: %w", i, err) } } + return nil } @@ -1123,7 +1188,7 @@ func (rs *ResourceSelector) validateDigitalOceanSDConfigs(ctx context.Context, s return fmt.Errorf("[%d]: %w", i, err) } - if err := validateProxyConfig(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { return fmt.Errorf("[%d]: %w", i, err) } } @@ -1154,7 +1219,7 @@ func (rs *ResourceSelector) validateDockerSDConfigs(ctx context.Context, sc *mon return fmt.Errorf("[%d]: %w", i, err) } - if err := validateProxyConfig(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { return fmt.Errorf("[%d]: %w", i, err) } } @@ -1162,13 +1227,7 @@ func (rs *ResourceSelector) validateDockerSDConfigs(ctx context.Context, sc *mon return nil } func (rs *ResourceSelector) validateLinodeSDConfigs(ctx context.Context, sc *monitoringv1alpha1.ScrapeConfig) error { - promVersion := operator.StringValOrDefault(rs.p.GetCommonPrometheusFields().Version, operator.DefaultPrometheusVersion) - version, err := semver.ParseTolerant(promVersion) - if err != nil { - return fmt.Errorf("failed to parse Prometheus version: %w", err) - } - - if !version.GTE(semver.MustParse("2.28.0")) { + if !rs.version.GTE(semver.MustParse("2.28.0")) { return fmt.Errorf("linode SD configuration is only supported for Prometheus version >= 2.28.0") } @@ -1185,10 +1244,9 @@ func (rs *ResourceSelector) validateLinodeSDConfigs(ctx context.Context, sc *mon return fmt.Errorf("[%d]: %w", i, err) } - if err := validateProxyConfig(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { return fmt.Errorf("[%d]: %w", i, err) } - } return nil @@ -1215,10 +1273,11 @@ func (rs *ResourceSelector) validateKumaSDConfigs(ctx context.Context, sc *monit return fmt.Errorf("[%d]: %w", i, err) } - if err := validateProxyConfig(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { return fmt.Errorf("[%d]: %w", i, err) } } + return nil } @@ -1240,10 +1299,11 @@ func (rs *ResourceSelector) validateEurekaSDConfigs(ctx context.Context, sc *mon return fmt.Errorf("[%d]: %w", i, err) } - if err := validateProxyConfig(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { return fmt.Errorf("[%d]: %w", i, err) } } + return nil } @@ -1265,10 +1325,11 @@ func (rs *ResourceSelector) validateHetznerSDConfigs(ctx context.Context, sc *mo return fmt.Errorf("[%d]: %w", i, err) } - if err := validateProxyConfig(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { return fmt.Errorf("[%d]: %w", i, err) } } + return nil } @@ -1290,20 +1351,16 @@ func (rs *ResourceSelector) validateNomadSDConfigs(ctx context.Context, sc *moni return fmt.Errorf("[%d]: %w", i, err) } - if err := validateProxyConfig(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { return fmt.Errorf("[%d]: %w", i, err) } } + return nil } func (rs *ResourceSelector) validateDockerSwarmSDConfigs(ctx context.Context, sc *monitoringv1alpha1.ScrapeConfig) error { - promVersion := operator.StringValOrDefault(rs.p.GetCommonPrometheusFields().Version, operator.DefaultPrometheusVersion) - version, err := semver.ParseTolerant(promVersion) - if err != nil { - return fmt.Errorf("failed to parse Prometheus version: %w", err) - } - if !version.GTE(semver.MustParse("2.20.0")) { + if rs.version.LT(semver.MustParse("2.20.0")) { return fmt.Errorf("dockerswarm SD configuration is only supported for Prometheus version >= 2.20.0") } @@ -1328,20 +1385,16 @@ func (rs *ResourceSelector) validateDockerSwarmSDConfigs(ctx context.Context, sc return fmt.Errorf("[%d]: %w", i, err) } - if err := validateProxyConfig(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { return fmt.Errorf("[%d]: %w", i, err) } } + return nil } func (rs *ResourceSelector) validatePuppetDBSDConfigs(ctx context.Context, sc *monitoringv1alpha1.ScrapeConfig) error { - promVersion := operator.StringValOrDefault(rs.p.GetCommonPrometheusFields().Version, operator.DefaultPrometheusVersion) - version, err := semver.ParseTolerant(promVersion) - if err != nil { - return fmt.Errorf("failed to parse Prometheus version: %w", err) - } - if !version.GTE(semver.MustParse("2.31.0")) { + if rs.version.LT(semver.MustParse("2.31.0")) { return fmt.Errorf("puppetDB SD configuration is only supported for Prometheus version >= 2.31.0") } @@ -1373,20 +1426,16 @@ func (rs *ResourceSelector) validatePuppetDBSDConfigs(ctx context.Context, sc *m return fmt.Errorf("[%d]: %w", i, err) } - if err := validateProxyConfig(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { return fmt.Errorf("[%d]: %w", i, err) } } + return nil } func (rs *ResourceSelector) validateLightSailSDConfigs(ctx context.Context, sc *monitoringv1alpha1.ScrapeConfig) error { - promVersion := operator.StringValOrDefault(rs.p.GetCommonPrometheusFields().Version, operator.DefaultPrometheusVersion) - version, err := semver.ParseTolerant(promVersion) - if err != nil { - return fmt.Errorf("failed to parse Prometheus version: %w", err) - } - if !version.GTE(semver.MustParse("2.27.0")) { + if rs.version.LT(semver.MustParse("2.27.0")) { return fmt.Errorf("lightSail SD configuration is only supported for Prometheus version >= 2.27.0") } @@ -1418,22 +1467,19 @@ func (rs *ResourceSelector) validateLightSailSDConfigs(ctx context.Context, sc * return fmt.Errorf("[%d]: %w", i, err) } - if err := validateProxyConfig(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { return fmt.Errorf("[%d]: %w", i, err) } } + return nil } func (rs *ResourceSelector) validateOVHCloudSDConfigs(ctx context.Context, sc *monitoringv1alpha1.ScrapeConfig) error { - promVersion := operator.StringValOrDefault(rs.p.GetCommonPrometheusFields().Version, operator.DefaultPrometheusVersion) - version, err := semver.ParseTolerant(promVersion) - if err != nil { - return fmt.Errorf("failed to parse Prometheus version: %w", err) - } - if !version.GTE(semver.MustParse("2.40.0")) { + if rs.version.LT(semver.MustParse("2.40.0")) { return fmt.Errorf("OVHCloud SD configuration is only supported for Prometheus version >= 2.40.0") } + for i, config := range sc.Spec.OVHCloudSDConfigs { if _, err := rs.store.GetSecretKey(ctx, sc.GetNamespace(), config.ApplicationSecret); err != nil { return fmt.Errorf("[%d]: %w", i, err) @@ -1442,5 +1488,53 @@ func (rs *ResourceSelector) validateOVHCloudSDConfigs(ctx context.Context, sc *m return fmt.Errorf("[%d]: %w", i, err) } } + + return nil +} + +func (rs *ResourceSelector) validateScalewaySDConfigs(ctx context.Context, sc *monitoringv1alpha1.ScrapeConfig) error { + if rs.version.LT(semver.MustParse("2.26.0")) { + return fmt.Errorf("ScaleWay SD configuration is only supported for Prometheus version >= 2.26.0") + } + + for i, config := range sc.Spec.ScalewaySDConfigs { + if _, err := rs.store.GetSecretKey(ctx, sc.GetNamespace(), config.SecretKey); err != nil { + return fmt.Errorf("[%d]: %w", i, err) + } + } + + return nil +} + +func (rs *ResourceSelector) validateStaticConfig(sc *monitoringv1alpha1.ScrapeConfig) error { + for i, config := range sc.Spec.StaticConfigs { + for labelName := range config.Labels { + if !model.LabelName(labelName).IsValid() { + return fmt.Errorf("[%d]: invalid label in map %s", i, labelName) + } + } + } + + return nil +} + +func (rs *ResourceSelector) validateIonosSDConfigs(ctx context.Context, sc *monitoringv1alpha1.ScrapeConfig) error { + if rs.version.LT(semver.MustParse("2.36.0")) { + return fmt.Errorf("IONOS SD configuration is only supported for Prometheus version >= 2.36.0") + } + + for i, config := range sc.Spec.IonosSDConfigs { + if err := rs.store.AddSafeAuthorizationCredentials(ctx, sc.GetNamespace(), &config.Authorization); err != nil { + return fmt.Errorf("[%d]: %w", i, err) + } + + if err := addProxyConfigToStore(ctx, config.ProxyConfig, rs.store, sc.GetNamespace()); err != nil { + return fmt.Errorf("[%d]: %w", i, err) + } + + if err := rs.store.AddSafeTLSConfig(ctx, sc.GetNamespace(), config.TLSConfig); err != nil { + return fmt.Errorf("[%d]: %w", i, err) + } + } return nil } diff --git a/pkg/prometheus/resource_selector_test.go b/pkg/prometheus/resource_selector_test.go index 80c02511c89..107fea8f0b1 100644 --- a/pkg/prometheus/resource_selector_test.go +++ b/pkg/prometheus/resource_selector_test.go @@ -16,11 +16,10 @@ package prometheus import ( "context" + "log/slog" "os" "testing" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/prometheus/model/relabel" "github.com/stretchr/testify/require" @@ -38,8 +37,8 @@ import ( "github.com/prometheus-operator/prometheus-operator/pkg/operator" ) -func newLogger() log.Logger { - return level.NewFilter(log.NewLogfmtLogger(os.Stdout), level.AllowWarn()) +func newLogger() *slog.Logger { + return slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelWarn})) } func TestValidateRelabelConfig(t *testing.T) { @@ -419,13 +418,15 @@ func TestValidateRelabelConfig(t *testing.T) { }, } { t.Run(tc.scenario, func(t *testing.T) { - err := validateRelabelConfig(&tc.prometheus, tc.relabelConfig) - if err != nil && !tc.expectedErr { - t.Fatalf("expected no error, got: %v", err) - } - if err == nil && tc.expectedErr { - t.Fatalf("expected an error, got nil") + lcv, err := NewLabelConfigValidator(&tc.prometheus) + require.NoError(t, err) + + err = lcv.validate(tc.relabelConfig) + if tc.expectedErr { + require.Error(t, err) + return } + require.NoError(t, err) }) } } @@ -634,7 +635,7 @@ func TestSelectProbes(t *testing.T) { t.Run(tc.scenario, func(t *testing.T) { cs := fake.NewSimpleClientset() - rs := NewResourceSelector( + rs, err := NewResourceSelector( newLogger(), &monitoringv1.Prometheus{ Spec: monitoringv1.PrometheusSpec{ @@ -652,6 +653,7 @@ func TestSelectProbes(t *testing.T) { operator.NewMetrics(prometheus.NewPedanticRegistry()), record.NewFakeRecorder(1), ) + require.NoError(t, err) probe := &monitoringv1.Probe{ ObjectMeta: metav1.ObjectMeta{ @@ -765,12 +767,11 @@ func TestValidateScrapeIntervalAndTimeout(t *testing.T) { for _, endpoint := range tc.smSpec.Endpoints { err := validateScrapeIntervalAndTimeout(&tc.prometheus, endpoint.Interval, endpoint.ScrapeTimeout) t.Logf("err %v", err) - if err != nil && !tc.expectedErr { - t.Fatalf("expected no error, got: %v", err) - } - if err == nil && tc.expectedErr { - t.Fatalf("expected an error, got nil") + if tc.expectedErr { + require.Error(t, err) + return } + require.NoError(t, err) } }) } @@ -1100,7 +1101,7 @@ func TestSelectServiceMonitors(t *testing.T) { }, ) - rs := NewResourceSelector( + rs, err := NewResourceSelector( newLogger(), &monitoringv1.Prometheus{ Spec: monitoringv1.PrometheusSpec{ @@ -1118,6 +1119,7 @@ func TestSelectServiceMonitors(t *testing.T) { operator.NewMetrics(prometheus.NewPedanticRegistry()), record.NewFakeRecorder(1), ) + require.NoError(t, err) sm := &monitoringv1.ServiceMonitor{ ObjectMeta: metav1.ObjectMeta{ @@ -1274,7 +1276,7 @@ func TestSelectPodMonitors(t *testing.T) { } { t.Run(tc.scenario, func(t *testing.T) { cs := fake.NewSimpleClientset() - rs := NewResourceSelector( + rs, err := NewResourceSelector( newLogger(), &monitoringv1.Prometheus{ Spec: monitoringv1.PrometheusSpec{ @@ -1292,6 +1294,7 @@ func TestSelectPodMonitors(t *testing.T) { operator.NewMetrics(prometheus.NewPedanticRegistry()), record.NewFakeRecorder(1), ) + require.NoError(t, err) pm := &monitoringv1.PodMonitor{ ObjectMeta: metav1.ObjectMeta{ @@ -1561,38 +1564,22 @@ func TestSelectScrapeConfigs(t *testing.T) { selected: false, }, { - scenario: "HTTP SD config with valid secret ref", + scenario: "staticConfig with valid Labels", updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { - sc.HTTPSDConfigs = []monitoringv1alpha1.HTTPSDConfig{ + sc.StaticConfigs = []monitoringv1alpha1.StaticConfig{ { - URL: "http://example.com", - Authorization: &monitoringv1.SafeAuthorization{ - Credentials: &v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "secret", - }, - Key: "key1", - }, - }, + Labels: map[string]string{"owner": "prometheus"}, }, } }, selected: true, }, { - scenario: "HTTP SD config with invalid secret ref", + scenario: "staticConfig with invalid Labels", updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { - sc.HTTPSDConfigs = []monitoringv1alpha1.HTTPSDConfig{ + sc.StaticConfigs = []monitoringv1alpha1.StaticConfig{ { - URL: "http://example.com", - Authorization: &monitoringv1.SafeAuthorization{ - Credentials: &v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "wrong", - }, - Key: "key1", - }, - }, + Labels: map[string]string{"1owner": "prometheus"}, }, } }, @@ -1622,7 +1609,8 @@ func TestSelectScrapeConfigs(t *testing.T) { }, } }, - selected: true, + selected: false, + promVersion: "2.29.0", }, { scenario: "HTTP SD config with invalid proxy settings", @@ -1647,7 +1635,48 @@ func TestSelectScrapeConfigs(t *testing.T) { }, } }, - selected: false, + selected: false, + promVersion: "2.29.0", + }, + { + scenario: "HTTP SD config with valid secret ref", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.HTTPSDConfigs = []monitoringv1alpha1.HTTPSDConfig{ + { + URL: "http://example.com", + Authorization: &monitoringv1.SafeAuthorization{ + Credentials: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "key1", + }, + }, + }, + } + }, + selected: false, + promVersion: "2.29.0", + }, + { + scenario: "HTTP SD config with invalid secret ref", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.HTTPSDConfigs = []monitoringv1alpha1.HTTPSDConfig{ + { + URL: "http://example.com", + Authorization: &monitoringv1.SafeAuthorization{ + Credentials: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "wrong", + }, + Key: "key1", + }, + }, + }, + } + }, + selected: false, + promVersion: "2.29.0", }, { scenario: "HTTP SD proxy config with invalid secret key", @@ -1672,14 +1701,35 @@ func TestSelectScrapeConfigs(t *testing.T) { }, } }, - selected: false, + selected: false, + promVersion: "2.29.0", + }, + { + scenario: "HTTP SD config in unsupported Prometheus version", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.HTTPSDConfigs = []monitoringv1alpha1.HTTPSDConfig{ + { + URL: "http://example.com", + Authorization: &monitoringv1.SafeAuthorization{ + Credentials: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "key1", + }, + }, + }, + } + }, + promVersion: "2.27.0", + selected: false, }, { scenario: "Kubernetes SD config with valid secret ref", updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), + Role: monitoringv1alpha1.KubernetesRoleNode, Authorization: &monitoringv1.SafeAuthorization{ Credentials: &v1.SecretKeySelector{ LocalObjectReference: v1.LocalObjectReference{ @@ -1698,7 +1748,7 @@ func TestSelectScrapeConfigs(t *testing.T) { updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), + Role: monitoringv1alpha1.KubernetesRoleNode, Authorization: &monitoringv1.SafeAuthorization{ Credentials: &v1.SecretKeySelector{ LocalObjectReference: v1.LocalObjectReference{ @@ -1717,7 +1767,7 @@ func TestSelectScrapeConfigs(t *testing.T) { updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), + Role: monitoringv1alpha1.KubernetesRoleNode, TLSConfig: &monitoringv1.SafeTLSConfig{ CA: monitoringv1.SecretOrConfigMap{ Secret: &v1.SecretKeySelector{ @@ -1752,7 +1802,7 @@ func TestSelectScrapeConfigs(t *testing.T) { updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), + Role: monitoringv1alpha1.KubernetesRoleNode, TLSConfig: &monitoringv1.SafeTLSConfig{ CA: monitoringv1.SecretOrConfigMap{ Secret: &v1.SecretKeySelector{ @@ -1773,7 +1823,7 @@ func TestSelectScrapeConfigs(t *testing.T) { updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), + Role: monitoringv1alpha1.KubernetesRoleNode, ProxyConfig: monitoringv1.ProxyConfig{ ProxyURL: ptr.To("http://no-proxy.com"), NoProxy: ptr.To("0.0.0.0"), @@ -1799,7 +1849,7 @@ func TestSelectScrapeConfigs(t *testing.T) { updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), + Role: monitoringv1alpha1.KubernetesRoleNode, ProxyConfig: monitoringv1.ProxyConfig{ ProxyURL: ptr.To("http://no-proxy.com"), ProxyFromEnvironment: ptr.To(true), @@ -1826,7 +1876,7 @@ func TestSelectScrapeConfigs(t *testing.T) { { Selectors: []monitoringv1alpha1.K8SSelectorConfig{ { - Label: "app=example,env!=production,release in (v1, v2", + Label: ptr.To("app=example,env!=production,release in (v1, v2)"), }, }, }, @@ -1841,7 +1891,7 @@ func TestSelectScrapeConfigs(t *testing.T) { { Selectors: []monitoringv1alpha1.K8SSelectorConfig{ { - Field: "status.phase=Running,metadata.name!=worker,)", + Field: ptr.To("status.phase=Running,metadata.name!=worker"), }, }, }, @@ -1854,10 +1904,10 @@ func TestSelectScrapeConfigs(t *testing.T) { updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ { - Role: "node", + Role: monitoringv1alpha1.KubernetesRoleNode, Selectors: []monitoringv1alpha1.K8SSelectorConfig{ { - Role: "node", + Role: monitoringv1alpha1.KubernetesRoleNode, }, }, }, @@ -1870,10 +1920,10 @@ func TestSelectScrapeConfigs(t *testing.T) { updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ { - Role: "node", + Role: monitoringv1alpha1.KubernetesRoleNode, Selectors: []monitoringv1alpha1.K8SSelectorConfig{ { - Role: "pod", + Role: monitoringv1alpha1.KubernetesRolePod, }, }, }, @@ -1882,17 +1932,89 @@ func TestSelectScrapeConfigs(t *testing.T) { }, selected: false, }, + { + scenario: "Kubernetes SD config with Role Pod", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: monitoringv1alpha1.KubernetesRolePod, + }, + } + }, + promVersion: "2.51.0", + selected: true, + }, + { + scenario: "Kubernetes SD config with Role Pod but wrong version", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: monitoringv1alpha1.KubernetesRolePod, + }, + } + }, + promVersion: "2.31.0", + selected: false, + }, + { + scenario: "Kubernetes SD config with Role Endpoint", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: monitoringv1alpha1.KubernetesRoleEndpoint, + }, + } + }, + promVersion: "2.51.0", + selected: true, + }, + { + scenario: "Kubernetes SD config with Role Endpoint but wrong version", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: monitoringv1alpha1.KubernetesRoleEndpoint, + }, + } + }, + promVersion: "2.31.0", + selected: false, + }, + { + scenario: "Kubernetes SD config with Role EndpointSlice", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: monitoringv1alpha1.KubernetesRoleEndpointSlice, + }, + } + }, + promVersion: "2.51.0", + selected: true, + }, + { + scenario: "Kubernetes SD config with Role EndpointSlice but wrong version", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: monitoringv1alpha1.KubernetesRoleEndpointSlice, + }, + } + }, + promVersion: "2.31.0", + selected: false, + }, { scenario: "Kubernetes SD config with valid label and field selectors", updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { sc.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ { - Role: "node", + Role: monitoringv1alpha1.KubernetesRoleNode, Selectors: []monitoringv1alpha1.K8SSelectorConfig{ { - Role: "node", - Label: "app=example,env!=production,release in (v1, v2)", - Field: "status.phase=Running,metadata.name!=worker", + Role: monitoringv1alpha1.KubernetesRoleNode, + Label: ptr.To("app=example,env!=production,release in (v1, v2)"), + Field: ptr.To("status.phase=Running,metadata.name!=worker"), }, }, }, @@ -2018,29 +2140,71 @@ func TestSelectScrapeConfigs(t *testing.T) { selected: false, }, { - scenario: "DNS SD config with port for type other than SRV record", + scenario: "DNS SD config with no port specified for type other than SRV record", updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { sc.DNSSDConfigs = []monitoringv1alpha1.DNSSDConfig{ { Names: []string{"node.demo.do.prometheus.io"}, - Type: ptr.To("A"), - Port: ptr.To(9100), + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeA), + }, + } + }, + selected: false, + }, + { + scenario: "DNS SD config with port specified for type other than SRV record", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.DNSSDConfigs = []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"node.demo.do.prometheus.io"}, + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeA), + Port: ptr.To(int32(9900)), }, } }, selected: true, }, { - scenario: "DNS SD config with no port specified for type other than SRV record", + scenario: "DNS SD config with NS record type and correct version", updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { sc.DNSSDConfigs = []monitoringv1alpha1.DNSSDConfig{ { Names: []string{"node.demo.do.prometheus.io"}, - Type: ptr.To("A"), + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeNS), + Port: ptr.To(int32(9900)), }, } }, - selected: false, + promVersion: "2.51.0", + selected: true, + }, + { + scenario: "DNS SD config with MX record type and correct version", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.DNSSDConfigs = []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"node.demo.do.prometheus.io"}, + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeMX), + Port: ptr.To(int32(9900)), + }, + } + }, + promVersion: "2.51.0", + selected: true, + }, + { + scenario: "DNS SD config with A record type and correct version", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.DNSSDConfigs = []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"node.demo.do.prometheus.io"}, + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeA), + Port: ptr.To(int32(9900)), + }, + } + }, + promVersion: "2.51.0", + selected: true, }, { scenario: "EC2 SD config with valid secret ref", @@ -2077,20 +2241,20 @@ func TestSelectScrapeConfigs(t *testing.T) { selected: true, }, { - scenario: "EC2 SD config with invalid secret ref for accessKey", + scenario: "EC2 SD config with invalid secret ref for secretKey", updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { sc.EC2SDConfigs = []monitoringv1alpha1.EC2SDConfig{ { Region: ptr.To("us-east-1"), AccessKey: &v1.SecretKeySelector{ LocalObjectReference: v1.LocalObjectReference{ - Name: "wrong", + Name: "secret", }, Key: "key1", }, SecretKey: &v1.SecretKeySelector{ LocalObjectReference: v1.LocalObjectReference{ - Name: "secret", + Name: "wrong", }, Key: "key2", }, @@ -2100,28 +2264,126 @@ func TestSelectScrapeConfigs(t *testing.T) { selected: false, }, { - scenario: "EC2 SD config with invalid secret ref for secretKey", + scenario: "EC2 SD config with valid TLS Config", updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { sc.EC2SDConfigs = []monitoringv1alpha1.EC2SDConfig{ { Region: ptr.To("us-east-1"), - AccessKey: &v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "secret", + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + Key: "ca", + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + Key: "cert", + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + }, + }, + KeySecret: &v1.SecretKeySelector{ + Key: "key", + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, }, - Key: "key1", }, - SecretKey: &v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "wrong", + }, + } + }, + selected: true, + }, + { + scenario: "EC2 SD config with valid HTTPS Config", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.EC2SDConfigs = []monitoringv1alpha1.EC2SDConfig{ + { + Region: ptr.To("us-east-1"), + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + Key: "ca", + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + Key: "cert", + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + }, + }, + KeySecret: &v1.SecretKeySelector{ + Key: "key", + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + }, + }, + RefreshInterval: ptr.To(monitoringv1.Duration("30s")), + EnableHTTP2: ptr.To(true), + }, + } + }, + promVersion: "2.52.0", + selected: true, + }, + { + scenario: "EC2 SD config with invalid TLS config with invalid CA data", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.EC2SDConfigs = []monitoringv1alpha1.EC2SDConfig{ + { + Region: ptr.To("us-east-1"), + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + Key: "invalid_ca", + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + }, }, - Key: "key2", }, }, } }, selected: false, }, + { + scenario: "EC2 SD config with valid proxy settings", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.EC2SDConfigs = []monitoringv1alpha1.EC2SDConfig{ + { + Region: ptr.To("us-east-1"), + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://no-proxy.com"), + NoProxy: ptr.To("0.0.0.0"), + ProxyFromEnvironment: ptr.To(false), + ProxyConnectHeader: map[string][]v1.SecretKeySelector{ + "header": { + { + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "key1", + }, + }, + }, + }, + }, + } + }, + promVersion: "2.52.0", + selected: true, + }, { scenario: "Azure SD config with valid options for OAuth authentication method", updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { @@ -3418,6 +3680,215 @@ func TestSelectScrapeConfigs(t *testing.T) { }, selected: true, }, + { + scenario: "Scaleway SD config", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.ScalewaySDConfigs = []monitoringv1alpha1.ScalewaySDConfig{ + { + AccessKey: "AccessKey", + SecretKey: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "key1", + }, + ProjectID: "1", + Role: monitoringv1alpha1.ScalewayRoleInstance, + + Zone: ptr.To("beijing-1"), + Port: ptr.To(int32(23456)), + ApiURL: ptr.To("https://api.scaleway.com/"), + NameFilter: ptr.To("name"), + TagsFilter: []string{"aa", "bb"}, + }, + } + }, + selected: true, + }, + { + scenario: "Scaleway SD config with invalid secret ref for secretKey", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.ScalewaySDConfigs = []monitoringv1alpha1.ScalewaySDConfig{ + { + AccessKey: "AccessKey", + SecretKey: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "wrong", + }, + Key: "key1", + }, + ProjectID: "1", + Role: monitoringv1alpha1.ScalewayRoleInstance, + }, + } + }, + selected: false, + }, + { + scenario: "Scaleway SD config with invalid proxy settings", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.ScalewaySDConfigs = []monitoringv1alpha1.ScalewaySDConfig{ + { + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://no-proxy.com"), + ProxyFromEnvironment: ptr.To(true), + ProxyConnectHeader: map[string][]v1.SecretKeySelector{ + "header": { + { + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "key1", + }, + }, + }, + }, + }, + } + }, + selected: false, + }, + { + scenario: "Scaleway SD config with invalid TLS config with invalid CA data", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.ScalewaySDConfigs = []monitoringv1alpha1.ScalewaySDConfig{ + { + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + Key: "invalid_ca", + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + }, + }, + }, + }, + } + }, + selected: false, + }, + { + scenario: "Ionos SD config with valid TLS config", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.IonosSDConfigs = []monitoringv1alpha1.IonosSDConfig{ + { + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "ca", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "cert", + }, + }, + KeySecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "key", + }, + }, + }, + } + }, + selected: true, + }, + { + scenario: "Ionos SD config with invalid TLS config with invalid CA data", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.IonosSDConfigs = []monitoringv1alpha1.IonosSDConfig{ + { + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "invalid-ca", + }, + }, + }, + }, + } + }, + selected: false, + }, + { + scenario: "Ionos SD config with valid proxy settings", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.IonosSDConfigs = []monitoringv1alpha1.IonosSDConfig{ + { + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://no-proxy.com"), + NoProxy: ptr.To("0.0.0.0"), + ProxyFromEnvironment: ptr.To(false), + ProxyConnectHeader: map[string][]v1.SecretKeySelector{ + "header": { + { + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "key1", + }, + }, + }, + }, + }, + } + }, + selected: true, + }, + { + scenario: "Ionos SD config with invalid proxy settings", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.IonosSDConfigs = []monitoringv1alpha1.IonosSDConfig{ + { + ProxyConfig: monitoringv1.ProxyConfig{ + ProxyURL: ptr.To("http://no-proxy.com"), + ProxyFromEnvironment: ptr.To(true), + ProxyConnectHeader: map[string][]v1.SecretKeySelector{ + "header": { + { + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "key1", + }, + }, + }, + }, + }, + } + }, + selected: false, + }, + { + scenario: "Ionos SD config with invalid secret ref", + updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { + sc.IonosSDConfigs = []monitoringv1alpha1.IonosSDConfig{ + { + Authorization: monitoringv1.SafeAuthorization{ + Credentials: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "wrong", + }, + Key: "key1", + }, + }, + }, + } + }, + selected: false, + }, { scenario: "Inexistent Scrape Class", updateSpec: func(sc *monitoringv1alpha1.ScrapeConfigSpec) { @@ -3472,7 +3943,7 @@ func TestSelectScrapeConfigs(t *testing.T) { }, ) - rs := NewResourceSelector( + rs, err := NewResourceSelector( newLogger(), &monitoringv1.Prometheus{ ObjectMeta: metav1.ObjectMeta{ @@ -3495,6 +3966,7 @@ func TestSelectScrapeConfigs(t *testing.T) { operator.NewMetrics(prometheus.NewPedanticRegistry()), record.NewFakeRecorder(1), ) + require.NoError(t, err) sc := &monitoringv1alpha1.ScrapeConfig{ ObjectMeta: metav1.ObjectMeta{ diff --git a/pkg/prometheus/server/operator.go b/pkg/prometheus/server/operator.go index 635700fd4de..569d2fd5518 100644 --- a/pkg/prometheus/server/operator.go +++ b/pkg/prometheus/server/operator.go @@ -17,13 +17,11 @@ package prometheus import ( "context" "fmt" + "log/slog" "reflect" - "regexp" "strings" "time" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "github.com/mitchellh/hashstructure" "github.com/prometheus/client_golang/prometheus" appsv1 "k8s.io/api/apps/v1" @@ -32,7 +30,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/kubernetes" "k8s.io/client-go/metadata" "k8s.io/client-go/rest" @@ -57,9 +54,6 @@ const ( controllerName = "prometheus-controller" ) -var prometheusKeyInShardStatefulSet = regexp.MustCompile("^(.+)/prometheus-(.+)-shard-[1-9][0-9]*$") -var prometheusKeyInStatefulSet = regexp.MustCompile("^(.+)/prometheus-(.+)$") - // Operator manages life cycle of Prometheus deployments and // monitoring configurations. type Operator struct { @@ -67,7 +61,7 @@ type Operator struct { mdClient metadata.Interface mclient monitoringclient.Interface - logger log.Logger + logger *slog.Logger accessor *operator.Accessor config prompkg.Config @@ -99,29 +93,33 @@ type Operator struct { eventRecorder record.EventRecorder } -type ControllerOptions func(*Operator) +type ControllerOption func(*Operator) -func WithEndpointSlice() ControllerOptions { +// WithEndpointSlice tells that the Kubernetes API supports the Endpointslice resource. +func WithEndpointSlice() ControllerOption { return func(o *Operator) { o.endpointSliceSupported = true } } -func WithScrapeConfig() ControllerOptions { +// WithScrapeConfig tells that the controller manages ScrapeConfig objects. +func WithScrapeConfig() ControllerOption { return func(o *Operator) { o.scrapeConfigSupported = true } } -func WithStorageClassValidation() ControllerOptions { +// WithStorageClassValidation tells that the controller should verify that the +// Prometheus spec references a valid StorageClass name. +func WithStorageClassValidation() ControllerOption { return func(o *Operator) { o.canReadStorageClass = true } } // New creates a new controller. -func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger log.Logger, r prometheus.Registerer, erf operator.EventRecorderFactory, opts ...ControllerOptions) (*Operator, error) { - logger = log.With(logger, "component", controllerName) +func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger *slog.Logger, r prometheus.Registerer, opts ...ControllerOption) (*Operator, error) { + logger = logger.With("component", controllerName) client, err := kubernetes.NewForConfig(restConfig) if err != nil { @@ -160,24 +158,14 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger reconciliations: &operator.ReconciliationTracker{}, controllerID: c.ControllerID, - eventRecorder: erf(client, controllerName), + eventRecorder: c.EventRecorderFactory(client, controllerName), } - // Process options, enabling or disabling features. for _, opt := range opts { opt(o) } o.metrics.MustRegister(o.reconciliations) - o.rr = operator.NewResourceReconciler( - o.logger, - o, - o.metrics, - monitoringv1.PrometheusesKind, - r, - o.controllerID, - ) - o.promInfs, err = informers.NewInformersForResource( informers.NewMonitoringInformerFactories( c.Namespaces.PrometheusAllowList, @@ -200,6 +188,16 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger } o.metrics.MustRegister(prompkg.NewCollectorForStores(promStores...)) + o.rr = operator.NewResourceReconciler( + o.logger, + o, + o.promInfs, + o.metrics, + monitoringv1.PrometheusesKind, + r, + o.controllerID, + ) + o.smonInfs, err = informers.NewInformersForResource( informers.NewMonitoringInformerFactories( c.Namespaces.AllowList, @@ -295,7 +293,8 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger o.mdClient, resyncPeriod, func(options *metav1.ListOptions) { - options.FieldSelector = c.SecretListWatchSelector.String() + options.FieldSelector = c.SecretListWatchFieldSelector.String() + options.LabelSelector = c.SecretListWatchLabelSelector.String() }, ), v1.SchemeGroupVersion.WithResource(string(v1.ResourceSecrets)), @@ -333,7 +332,7 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger return nil, err } - level.Debug(o.logger).Log("msg", "creating namespace informer", "privileged", privileged) + o.logger.Debug("creating namespace informer", "privileged", privileged) return cache.NewSharedIndexInformer( o.metrics.NewInstrumentedListerWatcher(lw), &v1.Namespace{}, resyncPeriod, cache.Indexers{}, @@ -354,16 +353,6 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger } } - endpointSliceSupported, err := k8sutil.IsAPIGroupVersionResourceSupported(o.kclient.Discovery(), schema.GroupVersion{Group: "discovery.k8s.io", Version: "v1"}, "endpointslices") - if err != nil { - level.Warn(o.logger).Log("msg", "failed to check if the API supports the endpointslice resources", "err ", err) - } - level.Info(o.logger).Log("msg", "Kubernetes API capabilities", "endpointslices", endpointSliceSupported) - // The operator doesn't yet support the endpointslices API. - // See https://github.com/prometheus-operator/prometheus-operator/issues/3862 - // for details. - o.endpointSliceSupported = false - o.statusReporter = prompkg.StatusReporter{ Kclient: o.kclient, Reconciliations: o.reconciliations, @@ -397,7 +386,7 @@ func (c *Operator) waitForCacheSync(ctx context.Context) error { } for _, inf := range infs.informersForResource.GetInformers() { - if !operator.WaitForNamedCacheSync(ctx, "prometheus", log.With(c.logger, "informer", infs.name), inf.Informer()) { + if !operator.WaitForNamedCacheSync(ctx, "prometheus", c.logger.With("informer", infs.name), inf.Informer()) { return fmt.Errorf("failed to sync cache for %s informer", infs.name) } } @@ -410,12 +399,12 @@ func (c *Operator) waitForCacheSync(ctx context.Context) error { {"PromNamespace", c.nsPromInf}, {"MonNamespace", c.nsMonInf}, } { - if !operator.WaitForNamedCacheSync(ctx, "prometheus", log.With(c.logger, "informer", inf.name), inf.informer) { + if !operator.WaitForNamedCacheSync(ctx, "prometheus", c.logger.With("informer", inf.name), inf.informer) { return fmt.Errorf("failed to sync cache for %s informer", inf.name) } } - level.Info(c.logger).Log("msg", "successfully synced all caches") + c.logger.Info("successfully synced all caches") return nil } @@ -538,7 +527,7 @@ func (c *Operator) Iterate(processFn func(metav1.Object, []monitoringv1.Conditio p := o.(*monitoringv1.Prometheus) processFn(p, p.Status.Conditions) }); err != nil { - level.Error(c.logger).Log("msg", "failed to list Prometheus objects", "err", err) + c.logger.Error("failed to list Prometheus objects", "err", err) } } @@ -560,15 +549,15 @@ func (c *Operator) enqueueForMonitorNamespace(nsName string) { func (c *Operator) enqueueForNamespace(store cache.Store, nsName string) { nsObject, exists, err := store.GetByKey(nsName) if err != nil { - level.Error(c.logger).Log( - "msg", "get namespace to enqueue Prometheus instances failed", + c.logger.Error( + "get namespace to enqueue Prometheus instances failed", "err", err, ) return } if !exists { - level.Error(c.logger).Log( - "msg", fmt.Sprintf("get namespace to enqueue Prometheus instances failed: namespace %q does not exist", nsName), + c.logger.Error( + fmt.Sprintf("get namespace to enqueue Prometheus instances failed: namespace %q does not exist", nsName), ) return } @@ -586,8 +575,8 @@ func (c *Operator) enqueueForNamespace(store cache.Store, nsName string) { // the namespace. smNSSelector, err := metav1.LabelSelectorAsSelector(p.Spec.ServiceMonitorNamespaceSelector) if err != nil { - level.Error(c.logger).Log( - "msg", fmt.Sprintf("failed to convert ServiceMonitorNamespaceSelector of %q to selector", p.Name), + c.logger.Error( + fmt.Sprintf("failed to convert ServiceMonitorNamespaceSelector of %q to selector", p.Name), "err", err, ) return @@ -601,8 +590,8 @@ func (c *Operator) enqueueForNamespace(store cache.Store, nsName string) { // Check for Prometheus instances selecting PodMonitors in the NS. pmNSSelector, err := metav1.LabelSelectorAsSelector(p.Spec.PodMonitorNamespaceSelector) if err != nil { - level.Error(c.logger).Log( - "msg", fmt.Sprintf("failed to convert PodMonitorNamespaceSelector of %q to selector", p.Name), + c.logger.Error( + fmt.Sprintf("failed to convert PodMonitorNamespaceSelector of %q to selector", p.Name), "err", err, ) return @@ -616,8 +605,8 @@ func (c *Operator) enqueueForNamespace(store cache.Store, nsName string) { // Check for Prometheus instances selecting Probes in the NS. bmNSSelector, err := metav1.LabelSelectorAsSelector(p.Spec.ProbeNamespaceSelector) if err != nil { - level.Error(c.logger).Log( - "msg", fmt.Sprintf("failed to convert ProbeNamespaceSelector of %q to selector", p.Name), + c.logger.Error( + fmt.Sprintf("failed to convert ProbeNamespaceSelector of %q to selector", p.Name), "err", err, ) return @@ -632,8 +621,8 @@ func (c *Operator) enqueueForNamespace(store cache.Store, nsName string) { // the NS. ruleNSSelector, err := metav1.LabelSelectorAsSelector(p.Spec.RuleNamespaceSelector) if err != nil { - level.Error(c.logger).Log( - "msg", fmt.Sprintf("failed to convert RuleNamespaceSelector of %q to selector", p.Name), + c.logger.Error( + fmt.Sprintf("failed to convert RuleNamespaceSelector of %q to selector", p.Name), "err", err, ) return @@ -647,8 +636,8 @@ func (c *Operator) enqueueForNamespace(store cache.Store, nsName string) { // the NS. scrapeConfigNSSelector, err := metav1.LabelSelectorAsSelector(p.Spec.ScrapeConfigNamespaceSelector) if err != nil { - level.Error(c.logger).Log( - "msg", fmt.Sprintf("failed to convert ScrapeConfigNamespaceSelector of %q to selector", p.Name), + c.logger.Error( + fmt.Sprintf("failed to convert ScrapeConfigNamespaceSelector of %q to selector", p.Name), "err", err, ) return @@ -660,61 +649,19 @@ func (c *Operator) enqueueForNamespace(store cache.Store, nsName string) { } }) if err != nil { - level.Error(c.logger).Log( - "msg", "listing all Prometheus instances from cache failed", + c.logger.Error( + "listing all Prometheus instances from cache failed", "err", err, ) } } -// Resolve implements the operator.Syncer interface. -func (c *Operator) Resolve(ss *appsv1.StatefulSet) metav1.Object { - key, ok := c.accessor.MetaNamespaceKey(ss) - if !ok { - return nil - } - - match, promKey := statefulSetKeyToPrometheusKey(key) - if !match { - level.Debug(c.logger).Log("msg", "StatefulSet key did not match a Prometheus key format", "key", key) - return nil - } - - p, err := c.promInfs.Get(promKey) - if apierrors.IsNotFound(err) { - return nil - } - - if err != nil { - level.Error(c.logger).Log("msg", "Prometheus lookup failed", "err", err) - return nil - } - - return p.(*monitoringv1.Prometheus) -} - -func statefulSetKeyToPrometheusKey(key string) (bool, string) { - r := prometheusKeyInStatefulSet - if prometheusKeyInShardStatefulSet.MatchString(key) { - r = prometheusKeyInShardStatefulSet - } - - matches := r.FindAllStringSubmatch(key, 2) - if len(matches) != 1 { - return false, "" - } - if len(matches[0]) != 3 { - return false, "" - } - return true, matches[0][1] + "/" + matches[0][2] -} - func (c *Operator) handleMonitorNamespaceUpdate(oldo, curo interface{}) { old := oldo.(*v1.Namespace) cur := curo.(*v1.Namespace) - level.Debug(c.logger).Log("msg", "update handler", "namespace", cur.GetName(), "old", old.ResourceVersion, "cur", cur.ResourceVersion) + c.logger.Debug("update handler", "namespace", cur.GetName(), "old", old.ResourceVersion, "cur", cur.ResourceVersion) // Periodic resync may resend the Namespace without changes // in-between. @@ -722,7 +669,7 @@ func (c *Operator) handleMonitorNamespaceUpdate(oldo, curo interface{}) { return } - level.Debug(c.logger).Log("msg", "Monitor namespace updated", "namespace", cur.GetName()) + c.logger.Debug("Monitor namespace updated", "namespace", cur.GetName()) c.metrics.TriggerByCounter("Namespace", operator.UpdateEvent).Inc() // Check for Prometheus instances selecting ServiceMonitors, PodMonitors, @@ -739,7 +686,8 @@ func (c *Operator) handleMonitorNamespaceUpdate(oldo, curo interface{}) { sync, err := k8sutil.LabelSelectionHasChanged(old.Labels, cur.Labels, selector) if err != nil { - level.Error(c.logger).Log( + c.logger.Error( + "failed to detect label selection change", "err", err, "name", p.Name, "namespace", p.Namespace, @@ -755,8 +703,8 @@ func (c *Operator) handleMonitorNamespaceUpdate(oldo, curo interface{}) { } }) if err != nil { - level.Error(c.logger).Log( - "msg", "listing all Prometheus instances from cache failed", + c.logger.Error( + "listing all Prometheus instances from cache failed", "err", err, ) } @@ -788,7 +736,7 @@ func (c *Operator) sync(ctx context.Context, key string) error { return fmt.Errorf("failed to set Prometheus type information: %w", err) } - logger := log.With(c.logger, "key", key) + logger := c.logger.With("key", key) logDeprecatedFields(logger, p) // Check if the Prometheus instance is marked for deletion. @@ -801,18 +749,23 @@ func (c *Operator) sync(ctx context.Context, key string) error { } if p.Spec.Paused { - level.Info(logger).Log("msg", "the resource is paused, not reconciling") + logger.Info("the resource is paused, not reconciling") return nil } - level.Info(logger).Log("msg", "sync prometheus") + logger.Info("sync prometheus") ruleConfigMapNames, err := c.createOrUpdateRuleConfigMaps(ctx, p) if err != nil { return err } assetStore := assets.NewStoreBuilder(c.kclient.CoreV1(), c.kclient.CoreV1()) - cg, err := prompkg.NewConfigGenerator(c.logger, p, c.endpointSliceSupported) + + opts := []prompkg.ConfigGeneratorOption{} + if c.endpointSliceSupported { + opts = append(opts, prompkg.WithEndpointSliceSupport()) + } + cg, err := prompkg.NewConfigGenerator(c.logger, p, opts...) if err != nil { return err } @@ -830,9 +783,13 @@ func (c *Operator) sync(ctx context.Context, key string) error { return fmt.Errorf("synchronizing web config secret failed: %w", err) } + if err := c.createOrUpdateThanosConfigSecret(ctx, p); err != nil { + return fmt.Errorf("failed to reconcile Thanos config secret: %w", err) + } + // Create governing service if it doesn't exist. svcClient := c.kclient.CoreV1().Services(p.Namespace) - if err := k8sutil.CreateOrUpdateService(ctx, svcClient, makeStatefulSetService(p, c.config)); err != nil { + if _, err := k8sutil.CreateOrUpdateService(ctx, svcClient, makeStatefulSetService(p, c.config)); err != nil { return fmt.Errorf("synchronizing governing service failed: %w", err) } @@ -841,8 +798,8 @@ func (c *Operator) sync(ctx context.Context, key string) error { // Ensure we have a StatefulSet running Prometheus deployed and that StatefulSet names are created correctly. expected := prompkg.ExpectedStatefulSetShardNames(p) for shard, ssetName := range expected { - logger := log.With(logger, "statefulset", ssetName, "shard", fmt.Sprintf("%d", shard)) - level.Debug(logger).Log("msg", "reconciling statefulset") + logger := logger.With("statefulset", ssetName, "shard", fmt.Sprintf("%d", shard)) + logger.Debug("reconciling statefulset") obj, err := c.ssetInfs.Get(prompkg.KeyToStatefulSetKey(p, key, shard)) exists := !apierrors.IsNotFound(err) @@ -873,19 +830,7 @@ func (c *Operator) sync(ctx context.Context, key string) error { sset, err := makeStatefulSet( ssetName, p, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.BaseImage, p.Spec.Tag, p.Spec.SHA, - p.Spec.Retention, - p.Spec.RetentionSize, - p.Spec.Rules, - p.Spec.Query, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.AllowOverlappingBlocks, - p.Spec.EnableAdminAPI, - p.Spec.QueryLogFile, - p.Spec.Thanos, - p.Spec.DisableCompaction, - &c.config, + c.config, cg, ruleConfigMapNames, newSSetInputHash, @@ -897,23 +842,23 @@ func (c *Operator) sync(ctx context.Context, key string) error { operator.SanitizeSTS(sset) if !exists { - level.Debug(logger).Log("msg", "no current statefulset found") - level.Debug(logger).Log("msg", "creating statefulset") + logger.Debug("no current statefulset found") + logger.Debug("creating statefulset") if _, err := ssetClient.Create(ctx, sset, metav1.CreateOptions{}); err != nil { return fmt.Errorf("creating statefulset failed: %w", err) } continue } - if newSSetInputHash == existingStatefulSet.ObjectMeta.Annotations[prompkg.SSetInputHashName] { - level.Debug(logger).Log("msg", "new statefulset generation inputs match current, skipping any actions") + if newSSetInputHash == existingStatefulSet.ObjectMeta.Annotations[operator.InputHashAnnotationName] { + logger.Debug("new statefulset generation inputs match current, skipping any actions") continue } - level.Debug(logger).Log( - "msg", "updating current statefulset because of hash divergence", + logger.Debug( + "updating current statefulset because of hash divergence", "new_hash", newSSetInputHash, - "existing_hash", existingStatefulSet.ObjectMeta.Annotations[prompkg.SSetInputHashName], + "existing_hash", existingStatefulSet.ObjectMeta.Annotations[operator.InputHashAnnotationName], ) err = k8sutil.UpdateStatefulSet(ctx, ssetClient, sset) @@ -928,7 +873,7 @@ func (c *Operator) sync(ctx context.Context, key string) error { failMsg[i] = cause.Message } - level.Info(logger).Log("msg", "recreating StatefulSet because the update operation wasn't possible", "reason", strings.Join(failMsg, ", ")) + logger.Info("recreating StatefulSet because the update operation wasn't possible", "reason", strings.Join(failMsg, ", ")) propagationPolicy := metav1.DeletePropagationForeground if err := ssetClient.Delete(ctx, sset.GetName(), metav1.DeleteOptions{PropagationPolicy: &propagationPolicy}); err != nil { @@ -960,9 +905,8 @@ func (c *Operator) sync(ctx context.Context, key string) error { return } - propagationPolicy := metav1.DeletePropagationForeground - if err := ssetClient.Delete(ctx, s.GetName(), metav1.DeleteOptions{PropagationPolicy: &propagationPolicy}); err != nil { - level.Error(c.logger).Log("err", err, "name", s.GetName(), "namespace", s.GetNamespace()) + if err := ssetClient.Delete(ctx, s.GetName(), metav1.DeleteOptions{PropagationPolicy: ptr.To(metav1.DeletePropagationForeground)}); err != nil { + c.logger.Error("failed to delete StatefulSet object", "err", err, "name", s.GetName(), "namespace", s.GetNamespace()) } }) if err != nil { @@ -1003,7 +947,7 @@ func (c *Operator) UpdateStatus(ctx context.Context, key string) error { p.Status.Shards = ptr.Deref(p.Spec.Shards, 1) if _, err = c.mclient.MonitoringV1().Prometheuses(p.Namespace).ApplyStatus(ctx, prompkg.ApplyConfigurationFromPrometheus(p, true), metav1.ApplyOptions{FieldManager: operator.PrometheusOperatorFieldManager, Force: true}); err != nil { - level.Info(c.logger).Log("msg", "failed to apply prometheus status subresource, trying again without scale fields", "err", err) + c.logger.Info("failed to apply prometheus status subresource, trying again without scale fields", "err", err) // Try again, but this time does not update scale subresource. if _, err = c.mclient.MonitoringV1().Prometheuses(p.Namespace).ApplyStatus(ctx, prompkg.ApplyConfigurationFromPrometheus(p, false), metav1.ApplyOptions{FieldManager: operator.PrometheusOperatorFieldManager, Force: true}); err != nil { return fmt.Errorf("failed to apply prometheus status subresource: %w", err) @@ -1013,44 +957,44 @@ func (c *Operator) UpdateStatus(ctx context.Context, key string) error { return nil } -func logDeprecatedFields(logger log.Logger, p *monitoringv1.Prometheus) { +func logDeprecatedFields(logger *slog.Logger, p *monitoringv1.Prometheus) { deprecationWarningf := "field %q is deprecated, field %q should be used instead" //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if p.Spec.BaseImage != "" { - level.Warn(logger).Log("msg", fmt.Sprintf(deprecationWarningf, "spec.baseImage", "spec.image")) + logger.Warn(fmt.Sprintf(deprecationWarningf, "spec.baseImage", "spec.image")) } //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if p.Spec.Tag != "" { - level.Warn(logger).Log("msg", fmt.Sprintf(deprecationWarningf, "spec.tag", "spec.image")) + logger.Warn(fmt.Sprintf(deprecationWarningf, "spec.tag", "spec.image")) } //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if p.Spec.SHA != "" { - level.Warn(logger).Log("msg", fmt.Sprintf(deprecationWarningf, "spec.sha", "spec.image")) + logger.Warn(fmt.Sprintf(deprecationWarningf, "spec.sha", "spec.image")) } if p.Spec.Thanos != nil { //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if p.Spec.BaseImage != "" { - level.Warn(logger).Log("msg", fmt.Sprintf(deprecationWarningf, "spec.thanos.baseImage", "spec.thanos.image")) + logger.Warn(fmt.Sprintf(deprecationWarningf, "spec.thanos.baseImage", "spec.thanos.image")) } //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if p.Spec.Tag != "" { - level.Warn(logger).Log("msg", fmt.Sprintf(deprecationWarningf, "spec.thanos.tag", "spec.thanos.image")) + logger.Warn(fmt.Sprintf(deprecationWarningf, "spec.thanos.tag", "spec.thanos.image")) } //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if p.Spec.SHA != "" { - level.Warn(logger).Log("msg", fmt.Sprintf(deprecationWarningf, "spec.thanos.sha", "spec.thanos.image")) + logger.Warn(fmt.Sprintf(deprecationWarningf, "spec.thanos.sha", "spec.thanos.image")) } } if p.Spec.ServiceMonitorSelector == nil && p.Spec.PodMonitorSelector == nil && p.Spec.ProbeSelector == nil && p.Spec.ScrapeConfigSelector == nil { - level.Warn(logger).Log("msg", "neither serviceMonitorSelector nor podMonitorSelector, nor probeSelector specified. Custom configuration is deprecated, use additionalScrapeConfigs instead") + logger.Warn("neither serviceMonitorSelector nor podMonitorSelector, nor probeSelector specified. Custom configuration is deprecated, use additionalScrapeConfigs instead") } } @@ -1108,7 +1052,7 @@ func (c *Operator) createOrUpdateConfigurationSecret(ctx context.Context, p *mon // exist. if p.Spec.ServiceMonitorSelector == nil && p.Spec.PodMonitorSelector == nil && p.Spec.ProbeSelector == nil && p.Spec.ScrapeConfigSelector == nil { - level.Debug(c.logger).Log("msg", "neither ServiceMonitor nor PodMonitor, nor Probe selector specified, leaving configuration unmanaged", "prometheus", p.Name, "namespace", p.Namespace) + c.logger.Debug("neither ServiceMonitor nor PodMonitor, nor Probe selector specified, leaving configuration unmanaged", "prometheus", p.Name, "namespace", p.Namespace) // make an empty secret s, err := prompkg.MakeConfigurationSecret(p, c.config, nil) @@ -1129,7 +1073,10 @@ func (c *Operator) createOrUpdateConfigurationSecret(ctx context.Context, p *mon return nil } - resourceSelector := prompkg.NewResourceSelector(c.logger, p, store, c.nsMonInf, c.metrics, c.eventRecorder) + resourceSelector, err := prompkg.NewResourceSelector(c.logger, p, store, c.nsMonInf, c.metrics, c.eventRecorder) + if err != nil { + return err + } smons, err := resourceSelector.SelectServiceMonitors(ctx, c.smonInfs.ListAllByNamespace) if err != nil { @@ -1200,13 +1147,7 @@ func (c *Operator) createOrUpdateConfigurationSecret(ctx context.Context, p *mon // Update secret based on the most recent configuration. conf, err := cg.GenerateServerConfiguration( - p.Spec.EvaluationInterval, - p.Spec.QueryLogFile, - p.Spec.RuleSelector, - p.Spec.Exemplars, - p.Spec.TSDB, - p.Spec.Alerting, - p.Spec.RemoteRead, + p, smons, pmons, bmons, @@ -1227,7 +1168,7 @@ func (c *Operator) createOrUpdateConfigurationSecret(ctx context.Context, p *mon return fmt.Errorf("creating compressed secret failed: %w", err) } - level.Debug(c.logger).Log("msg", "updating Prometheus configuration secret") + c.logger.Debug("updating Prometheus configuration secret") return k8sutil.CreateOrUpdateSecret(ctx, sClient, s) } @@ -1261,6 +1202,22 @@ func (c *Operator) createOrUpdateWebConfigSecret(ctx context.Context, p *monitor return nil } +func (c *Operator) createOrUpdateThanosConfigSecret(ctx context.Context, p *monitoringv1.Prometheus) error { + secret, err := buildPrometheusHTTPClientConfigSecret(p) + if err != nil { + return fmt.Errorf("failed to build Thanos HTTP client config secret: :%w", err) + } + + operator.UpdateObject( + secret, + operator.WithLabels(c.config.Labels), + operator.WithAnnotations(c.config.Annotations), + operator.WithManagingOwner(p), + ) + + return k8sutil.CreateOrUpdateSecret(ctx, c.kclient.CoreV1().Secrets(secret.Namespace), secret) +} + func makeSelectorLabels(name string) map[string]string { return map[string]string{ "app.kubernetes.io/managed-by": "prometheus-operator", @@ -1294,11 +1251,16 @@ func validateAlertmanagerEndpoints(p *monitoringv1.Prometheus, am monitoringv1.A return fmt.Errorf("%s can't be set at the same time, at most one of them must be defined", strings.Join(nonNilFields, " and ")) } - if err := prompkg.ValidateRelabelConfigs(p, am.RelabelConfigs); err != nil { + lcv, err := prompkg.NewLabelConfigValidator(p) + if err != nil { + return err + } + + if err := lcv.Validate(am.RelabelConfigs); err != nil { return fmt.Errorf("invalid relabelings: %w", err) } - if err := prompkg.ValidateRelabelConfigs(p, am.AlertRelabelConfigs); err != nil { + if err := lcv.Validate(am.AlertRelabelConfigs); err != nil { return fmt.Errorf("invalid alertRelabelings: %w", err) } diff --git a/pkg/prometheus/server/operator_test.go b/pkg/prometheus/server/operator_test.go index 2c0d73481fc..1657f982a6c 100644 --- a/pkg/prometheus/server/operator_test.go +++ b/pkg/prometheus/server/operator_test.go @@ -15,12 +15,15 @@ package prometheus import ( + "context" "testing" + "github.com/stretchr/testify/require" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/fake" "k8s.io/utils/ptr" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" @@ -31,9 +34,7 @@ import ( func TestListOptions(t *testing.T) { for i := 0; i < 1000; i++ { o := ListOptions("test") - if o.LabelSelector != "app.kubernetes.io/name=prometheus,prometheus=test" && o.LabelSelector != "prometheus=test,app.kubernetes.io/name=prometheus" { - t.Fatalf("LabelSelector not computed correctly\n\nExpected: \"app.kubernetes.io/name=prometheus,prometheus=test\"\n\nGot: %#+v", o.LabelSelector) - } + require.True(t, (o.LabelSelector == "app.kubernetes.io/name=prometheus,prometheus=test" || o.LabelSelector == "prometheus=test,app.kubernetes.io/name=prometheus"), "LabelSelector not computed correctly\n\nExpected: \"app.kubernetes.io/name=prometheus,prometheus=test\"\n\nGot: %#+v", o.LabelSelector) } } @@ -209,72 +210,57 @@ func TestCreateStatefulSetInputHash(t *testing.T) { c := prompkg.Config{} p1Hash, err := createSSetInputHash(tc.a, c, []string{}, &operator.ShardedSecret{}, appsv1.StatefulSetSpec{}) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) p2Hash, err := createSSetInputHash(tc.b, c, []string{}, &operator.ShardedSecret{}, appsv1.StatefulSetSpec{}) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) if !tc.equal { - if p1Hash == p2Hash { - t.Fatal("expected two different Prometheus CRDs to produce different hashes but got equal hash") - } + require.NotEqual(t, p1Hash, p2Hash, "expected two different Prometheus CRDs to produce different hashes but got equal hash") return } - if p1Hash != p2Hash { - t.Fatal("expected two Prometheus CRDs to produce the same hash but got different hash") - } + require.Equal(t, p1Hash, p2Hash, "expected two Prometheus CRDs to produce the same hash but got different hash") p2Hash, err = createSSetInputHash(tc.a, c, []string{}, &operator.ShardedSecret{}, appsv1.StatefulSetSpec{Replicas: ptr.To(int32(2))}) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - if p1Hash == p2Hash { - t.Fatal("expected same Prometheus CRDs with different statefulset specs to produce different hashes but got equal hash") - } + require.NotEqual(t, p1Hash, p2Hash, "expected same Prometheus CRDs with different statefulset specs to produce different hashes but got equal hash") }) } } -func TestStatefulSetKeyToPrometheusKey(t *testing.T) { - cases := []struct { - input string - expectedKey string - expectedMatch bool +func TestCreateThanosConfigSecret(t *testing.T) { + version := "v0.24.0" + ctx := context.Background() + for _, tc := range []struct { + name string + spec monitoringv1.PrometheusSpec }{ { - input: "namespace/prometheus-test", - expectedKey: "namespace/test", - expectedMatch: true, - }, - { - input: "namespace/prometheus-test-shard-1", - expectedKey: "namespace/test", - expectedMatch: true, - }, - { - input: "allns-z-thanosrulercreatedeletecluster-qcwdmj-0/thanos-ruler-test", - expectedKey: "", - expectedMatch: false, + name: "prometheus with thanos sidecar", + spec: monitoringv1.PrometheusSpec{ + Thanos: &monitoringv1.ThanosSpec{ + Version: &version, + }, + }, }, - } - - for _, c := range cases { - match, key := statefulSetKeyToPrometheusKey(c.input) - if c.expectedKey != key { - t.Fatalf("Expected prometheus key %q got %q", c.expectedKey, key) - } - if c.expectedMatch != match { - notExp := "" - if !c.expectedMatch { - notExp = "not " + } { + t.Run(tc.name, func(t *testing.T) { + p := &monitoringv1.Prometheus{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-create-thanos-config-secret", + Namespace: "test", + }, + Spec: tc.spec, } - t.Fatalf("Expected input %sto be matching a prometheus key, but did not", notExp) - } + o := Operator{kclient: fake.NewClientset()} + err := o.createOrUpdateThanosConfigSecret(ctx, p) + require.NoError(t, err) + + get, err := o.kclient.CoreV1().Secrets("test").Get(ctx, thanosPrometheusHTTPClientConfigSecretName(p), metav1.GetOptions{}) + require.NoError(t, err) + require.Equal(t, "tls_config:\n insecure_skip_verify: true\n", string(get.Data[thanosPrometheusHTTPClientConfigFileName])) + }) } } diff --git a/pkg/prometheus/server/rules.go b/pkg/prometheus/server/rules.go index c9800777d1d..63fe8466645 100644 --- a/pkg/prometheus/server/rules.go +++ b/pkg/prometheus/server/rules.go @@ -18,14 +18,12 @@ import ( "context" "fmt" "reflect" - "sort" "strings" - "github.com/go-kit/log" - "github.com/go-kit/log/level" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/prometheus-operator/prometheus-operator/internal/util" "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" namespacelabeler "github.com/prometheus-operator/prometheus-operator/pkg/namespacelabeler" @@ -33,12 +31,6 @@ import ( prompkg "github.com/prometheus-operator/prometheus-operator/pkg/prometheus" ) -// The maximum `Data` size of a ConfigMap seems to differ between -// environments. This is probably due to different meta data sizes which count -// into the overall maximum size of a ConfigMap. Thereby lets leave a -// large buffer. -var maxConfigMapDataSize = int(float64(v1.MaxSecretSize) * 0.5) - func (c *Operator) createOrUpdateRuleConfigMaps(ctx context.Context, p *monitoringv1.Prometheus) ([]string, error) { cClient := c.kclient.CoreV1().ConfigMaps(p.Namespace) @@ -64,7 +56,7 @@ func (c *Operator) createOrUpdateRuleConfigMaps(ctx context.Context, p *monitori true, ) - logger := log.With(c.logger, "prometheus", p.Name, "namespace", p.Namespace) + logger := c.logger.With("prometheus", p.Name, "namespace", p.Namespace) promVersion := operator.StringValOrDefault(p.GetCommonPrometheusFields().Version, operator.DefaultPrometheusVersion) promRuleSelector, err := operator.NewPrometheusRuleSelector(operator.PrometheusFormat, promVersion, p.Spec.RuleSelector, nsLabeler, c.ruleInfs, c.eventRecorder, logger) @@ -97,8 +89,7 @@ func (c *Operator) createOrUpdateRuleConfigMaps(ctx context.Context, p *monitori equal := reflect.DeepEqual(newRules, currentRules) if equal && len(currentConfigMaps) != 0 { - level.Debug(c.logger).Log( - "msg", "no PrometheusRule changes", + c.logger.Debug("no PrometheusRule changes", "namespace", p.Namespace, "prometheus", p.Name, ) @@ -125,8 +116,7 @@ func (c *Operator) createOrUpdateRuleConfigMaps(ctx context.Context, p *monitori } if len(currentConfigMaps) == 0 { - level.Debug(c.logger).Log( - "msg", "no PrometheusRule configmap found, creating new one", + c.logger.Debug("no PrometheusRule configmap found, creating new one", "namespace", p.Namespace, "prometheus", p.Name, ) @@ -148,8 +138,7 @@ func (c *Operator) createOrUpdateRuleConfigMaps(ctx context.Context, p *monitori } } - level.Debug(c.logger).Log( - "msg", "updating PrometheusRule", + c.logger.Debug("updating PrometheusRule", "namespace", p.Namespace, "prometheus", p.Name, ) @@ -185,8 +174,7 @@ func (c *Operator) selectRuleNamespaces(p *monitoringv1.Prometheus) ([]string, e } } - level.Debug(c.logger).Log( - "msg", "selected RuleNamespaces", + c.logger.Debug("selected RuleNamespaces", "namespaces", strings.Join(namespaces, ","), "namespace", p.Namespace, "prometheus", p.Name, @@ -204,15 +192,6 @@ func (c *Operator) selectRuleNamespaces(p *monitoringv1.Prometheus) ([]string, e // simplicity should be sufficient. // [1] https://en.wikipedia.org/wiki/Bin_packing_problem#First-fit_algorithm func makeRulesConfigMaps(p *monitoringv1.Prometheus, ruleFiles map[string]string, opts ...operator.ObjectOption) ([]v1.ConfigMap, error) { - //check if none of the rule files is too large for a single ConfigMap - for filename, file := range ruleFiles { - if len(file) > maxConfigMapDataSize { - return nil, fmt.Errorf( - "rule file '%v' is too large for a single Kubernetes ConfigMap", - filename, - ) - } - } buckets := []map[string]string{ {}, @@ -221,15 +200,9 @@ func makeRulesConfigMaps(p *monitoringv1.Prometheus, ruleFiles map[string]string // To make bin packing algorithm deterministic, sort ruleFiles filenames and // iterate over filenames instead of ruleFiles map (not deterministic). - fileNames := []string{} - for n := range ruleFiles { - fileNames = append(fileNames, n) - } - sort.Strings(fileNames) - - for _, filename := range fileNames { + for _, filename := range util.SortedKeys(ruleFiles) { // If rule file doesn't fit into current bucket, create new bucket. - if bucketSize(buckets[currBucketIndex])+len(ruleFiles[filename]) > maxConfigMapDataSize { + if bucketSize(buckets[currBucketIndex])+len(ruleFiles[filename]) > operator.MaxConfigMapDataSize { buckets = append(buckets, map[string]string{}) currBucketIndex++ } diff --git a/pkg/prometheus/server/rules_test.go b/pkg/prometheus/server/rules_test.go index edabef100d7..8afb82968d6 100644 --- a/pkg/prometheus/server/rules_test.go +++ b/pkg/prometheus/server/rules_test.go @@ -18,15 +18,15 @@ import ( "strings" "testing" - v1 "k8s.io/api/core/v1" + "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + "github.com/prometheus-operator/prometheus-operator/pkg/operator" ) func TestMakeRulesConfigMaps(t *testing.T) { t.Run("ShouldReturnAtLeastOneConfigMap", shouldReturnAtLeastOneConfigMap) - t.Run("ShouldErrorOnTooLargeRuleFile", shouldErrorOnTooLargeRuleFile) t.Run("ShouldSplitUpLargeSmallIntoTwo", shouldSplitUpLargeSmallIntoTwo) } @@ -38,43 +38,21 @@ func shouldReturnAtLeastOneConfigMap(t *testing.T) { ruleFiles := map[string]string{} configMaps, err := makeRulesConfigMaps(&monitoringv1.Prometheus{ObjectMeta: metav1.ObjectMeta{Name: "test"}}, ruleFiles) - if err != nil { - t.Fatalf("expected no error but got: %v", err.Error()) - } + require.NoError(t, err) - if len(configMaps) != 1 { - t.Fatalf("expected one ConfigMaps but got %v", len(configMaps)) - } -} - -func shouldErrorOnTooLargeRuleFile(t *testing.T) { - expectedError := "rule file 'my-rule-file' is too large for a single Kubernetes ConfigMap" - ruleFiles := map[string]string{} - - ruleFiles["my-rule-file"] = strings.Repeat("a", v1.MaxSecretSize+1) - - _, err := makeRulesConfigMaps(&monitoringv1.Prometheus{ObjectMeta: metav1.ObjectMeta{Name: "test"}}, ruleFiles) - if err == nil || err.Error() != expectedError { - t.Fatalf("expected makeRulesConfigMaps to return error '%v' but got '%v'", expectedError, err) - } + require.Len(t, configMaps, 1, "expected one ConfigMaps but got %v", len(configMaps)) } func shouldSplitUpLargeSmallIntoTwo(t *testing.T) { ruleFiles := map[string]string{} - ruleFiles["first"] = strings.Repeat("a", maxConfigMapDataSize) + ruleFiles["first"] = strings.Repeat("a", operator.MaxConfigMapDataSize) ruleFiles["second"] = "a" configMaps, err := makeRulesConfigMaps(&monitoringv1.Prometheus{ObjectMeta: metav1.ObjectMeta{Name: "test"}}, ruleFiles) - if err != nil { - t.Fatalf("expected no error but got: %v", err) - } + require.NoError(t, err) - if len(configMaps) != 2 { - t.Fatalf("expected rule files to be split up into two ConfigMaps, but got '%v' instead", len(configMaps)) - } + require.Len(t, configMaps, 2, "expected rule files to be split up into two ConfigMaps, but got '%v' instead", len(configMaps)) - if configMaps[0].Data["first"] != ruleFiles["first"] || configMaps[1].Data["second"] != ruleFiles["second"] { - t.Fatal("expected ConfigMap data to match rule file content") - } + require.False(t, (configMaps[0].Data["first"] != ruleFiles["first"] || configMaps[1].Data["second"] != ruleFiles["second"]), "expected ConfigMap data to match rule file content") } diff --git a/pkg/prometheus/server/statefulset.go b/pkg/prometheus/server/statefulset.go index d6ebef65f3d..588b7b98e0b 100644 --- a/pkg/prometheus/server/statefulset.go +++ b/pkg/prometheus/server/statefulset.go @@ -17,7 +17,7 @@ package prometheus import ( "fmt" "path" - "strings" + "path/filepath" "github.com/blang/semver/v4" appsv1 "k8s.io/api/apps/v1" @@ -86,18 +86,8 @@ func makeStatefulSetService(p *monitoringv1.Prometheus, config prompkg.Config) * func makeStatefulSet( name string, - p monitoringv1.PrometheusInterface, - baseImage, tag, sha string, - retention monitoringv1.Duration, - retentionSize monitoringv1.ByteSize, - rules monitoringv1.Rules, - query *monitoringv1.QuerySpec, - allowOverlappingBlocks bool, - enableAdminAPI bool, - queryLogFile string, - thanos *monitoringv1.ThanosSpec, - disableCompaction bool, - config *prompkg.Config, + p *monitoringv1.Prometheus, + config prompkg.Config, cg *prompkg.ConfigGenerator, ruleConfigMapNames []string, inputHash string, @@ -116,34 +106,18 @@ func makeStatefulSet( // We need to re-set the common fields because cpf is only a copy of the original object. // We set some defaults if some fields are not present, and we want those fields set in the original Prometheus object before building the StatefulSetSpec. p.SetCommonPrometheusFields(cpf) - spec, err := makeStatefulSetSpec(baseImage, tag, sha, retention, retentionSize, rules, query, allowOverlappingBlocks, enableAdminAPI, queryLogFile, thanos, disableCompaction, p, config, cg, shard, ruleConfigMapNames, tlsSecrets) + spec, err := makeStatefulSetSpec(p, config, cg, shard, ruleConfigMapNames, tlsSecrets) if err != nil { return nil, fmt.Errorf("make StatefulSet spec: %w", err) } - annotations := map[string]string{ - prompkg.SSetInputHashName: inputHash, - } - - // do not transfer kubectl annotations to the statefulset so it is not - // pruned by kubectl - for key, value := range objMeta.GetAnnotations() { - if key != prompkg.SSetInputHashName && !strings.HasPrefix(key, "kubectl.kubernetes.io/") { - annotations[key] = value - } - } - - labels := make(map[string]string) - for key, value := range objMeta.GetLabels() { - labels[key] = value - } - statefulset := &appsv1.StatefulSet{Spec: *spec} operator.UpdateObject( statefulset, operator.WithName(name), - operator.WithAnnotations(annotations), + operator.WithInputHashAnnotation(inputHash), + operator.WithAnnotations(objMeta.GetAnnotations()), operator.WithAnnotations(config.Annotations), operator.WithLabels(objMeta.GetLabels()), operator.WithLabels(map[string]string{ @@ -153,36 +127,40 @@ func makeStatefulSet( }), operator.WithLabels(config.Labels), operator.WithManagingOwner(p), + operator.WithoutKubectlAnnotations(), ) - if cpf.ImagePullSecrets != nil && len(cpf.ImagePullSecrets) > 0 { + if len(cpf.ImagePullSecrets) > 0 { statefulset.Spec.Template.Spec.ImagePullSecrets = cpf.ImagePullSecrets } + storageSpec := cpf.Storage - if storageSpec == nil { + switch { + case storageSpec == nil: statefulset.Spec.Template.Spec.Volumes = append(statefulset.Spec.Template.Spec.Volumes, v1.Volume{ Name: prompkg.VolumeName(p), VolumeSource: v1.VolumeSource{ EmptyDir: &v1.EmptyDirVolumeSource{}, }, }) - } else if storageSpec.EmptyDir != nil { - emptyDir := storageSpec.EmptyDir + + case storageSpec.EmptyDir != nil: statefulset.Spec.Template.Spec.Volumes = append(statefulset.Spec.Template.Spec.Volumes, v1.Volume{ Name: prompkg.VolumeName(p), VolumeSource: v1.VolumeSource{ - EmptyDir: emptyDir, + EmptyDir: storageSpec.EmptyDir, }, }) - } else if storageSpec.Ephemeral != nil { - ephemeral := storageSpec.Ephemeral + + case storageSpec.Ephemeral != nil: statefulset.Spec.Template.Spec.Volumes = append(statefulset.Spec.Template.Spec.Volumes, v1.Volume{ Name: prompkg.VolumeName(p), VolumeSource: v1.VolumeSource{ - Ephemeral: ephemeral, + Ephemeral: storageSpec.Ephemeral, }, }) - } else { + + default: // storageSpec.VolumeClaimTemplate pvcTemplate := operator.MakeVolumeClaimTemplate(storageSpec.VolumeClaimTemplate) if pvcTemplate.Name == "" { pvcTemplate.Name = prompkg.VolumeName(p) @@ -203,26 +181,12 @@ func makeStatefulSet( statefulset.Spec.PersistentVolumeClaimRetentionPolicy = cpf.PersistentVolumeClaimRetentionPolicy } - if cpf.HostNetwork { - statefulset.Spec.Template.Spec.DNSPolicy = v1.DNSClusterFirstWithHostNet - } - return statefulset, nil } func makeStatefulSetSpec( - baseImage, tag, sha string, - retention monitoringv1.Duration, - retentionSize monitoringv1.ByteSize, - rules monitoringv1.Rules, - query *monitoringv1.QuerySpec, - allowOverlappingBlocks bool, - enableAdminAPI bool, - queryLogFile string, - thanos *monitoringv1.ThanosSpec, - disableCompaction bool, - p monitoringv1.PrometheusInterface, - c *prompkg.Config, + p *monitoringv1.Prometheus, + c prompkg.Config, cg *prompkg.ConfigGenerator, shard int32, ruleConfigMapNames []string, @@ -232,23 +196,26 @@ func makeStatefulSetSpec( pImagePath, err := operator.BuildImagePath( ptr.Deref(cpf.Image, ""), - operator.StringValOrDefault(baseImage, c.PrometheusDefaultBaseImage), - operator.StringValOrDefault(cpf.Version, operator.DefaultPrometheusVersion), - operator.StringValOrDefault(tag, ""), - operator.StringValOrDefault(sha, ""), + //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. + operator.StringValOrDefault(p.Spec.BaseImage, c.PrometheusDefaultBaseImage), + "v"+cg.Version().String(), + //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. + operator.StringValOrDefault(p.Spec.Tag, ""), + //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. + operator.StringValOrDefault(p.Spec.SHA, ""), ) if err != nil { return nil, err } - promArgs := prompkg.BuildCommonPrometheusArgs(cpf, cg) - promArgs = appendServerArgs(promArgs, cg, retention, retentionSize, rules, query, allowOverlappingBlocks, enableAdminAPI, cpf.WALCompression) + promArgs := buildServerArgs(cg, p) - volumes, promVolumeMounts, err := prompkg.BuildCommonVolumes(p, tlsSecrets) + volumes, promVolumeMounts, err := prompkg.BuildCommonVolumes(p, tlsSecrets, true) if err != nil { return nil, err } - volumes, promVolumeMounts = appendServerVolumes(volumes, promVolumeMounts, queryLogFile, ruleConfigMapNames) + + volumes, promVolumeMounts = appendServerVolumes(p, volumes, promVolumeMounts, ruleConfigMapNames) configReloaderVolumeMounts := prompkg.CreateConfigReloaderVolumeMounts() @@ -279,9 +246,9 @@ func makeStatefulSetSpec( webConfigGenerator.Warn("web.config.file") } - startupProbe, readinessProbe, livenessProbe := prompkg.MakeProbes(cpf, webConfigGenerator) + startupProbe, readinessProbe, livenessProbe := cg.BuildProbes() - podAnnotations, podLabels := prompkg.BuildPodMetadata(cpf, cg) + podAnnotations, podLabels := cg.BuildPodMetadata() // In cases where an existing selector label is modified, or a new one is added, new sts cannot match existing pods. // We should try to avoid removing such immutable fields whenever possible since doing // so forces us to enter the 'recreate cycle' and can potentially lead to downtime. @@ -298,23 +265,36 @@ func makeStatefulSetSpec( var additionalContainers, operatorInitContainers []v1.Container - thanosContainer, err := createThanosContainer(&disableCompaction, p, thanos, c) + thanosContainer, thanosVolumes, err := createThanosContainer(p, c) if err != nil { return nil, err } + if thanosContainer != nil { additionalContainers = append(additionalContainers, *thanosContainer) + volumes = append(volumes, thanosVolumes...) } - if disableCompaction { + if compactionDisabled(p) { thanosBlockDuration := "2h" - if thanos != nil { - thanosBlockDuration = operator.StringValOrDefault(string(thanos.BlockDuration), thanosBlockDuration) + if p.Spec.Thanos != nil { + thanosBlockDuration = operator.StringValOrDefault(string(p.Spec.Thanos.BlockDuration), thanosBlockDuration) } promArgs = append(promArgs, monitoringv1.Argument{Name: "storage.tsdb.max-block-duration", Value: thanosBlockDuration}) promArgs = append(promArgs, monitoringv1.Argument{Name: "storage.tsdb.min-block-duration", Value: thanosBlockDuration}) } + // ref: https://github.com/prometheus-operator/prometheus-operator/issues/6829 + // automatically set --no-storage.tsdb.allow-overlapping-compaction when all the conditions are met: + // 1. Prometheus >= v2.55.0 + // 2. Thanos sidecar configured for uploading blocks to object storage + // 3. out-of-order window is > 0 + if cpf.TSDB != nil && cpf.TSDB.OutOfOrderTimeWindow != nil && + compactionDisabled(p) && + cg.WithMinimumVersion("2.55.0").IsCompatible() { + promArgs = append(promArgs, monitoringv1.Argument{Name: "storage.tsdb.allow-overlapping-compaction"}) + } + var watchedDirectories []string if len(ruleConfigMapNames) != 0 { @@ -354,6 +334,12 @@ func makeStatefulSetSpec( return nil, err } + var envVars []v1.EnvVar + // For higher Prometheus version its set with runtime field in configuration + if p.Spec.Runtime != nil && p.Spec.Runtime.GoGC != nil && !cg.WithMinimumVersion("2.53.0").IsCompatible() { + envVars = append(envVars, v1.EnvVar{Name: "GOGC", Value: fmt.Sprintf("%d", *p.Spec.Runtime.GoGC)}) + } + operatorContainers := append([]v1.Container{ { Name: "prometheus", @@ -361,6 +347,7 @@ func makeStatefulSetSpec( ImagePullPolicy: cpf.ImagePullPolicy, Ports: prompkg.MakeContainerPorts(cpf), Args: containerArgs, + Env: envVars, VolumeMounts: promVolumeMounts, StartupProbe: startupProbe, LivenessProbe: livenessProbe, @@ -391,11 +378,11 @@ func makeStatefulSetSpec( return nil, fmt.Errorf("failed to merge containers spec: %w", err) } - // PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164 - // This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations - return &appsv1.StatefulSetSpec{ - ServiceName: governingServiceName, - Replicas: cpf.Replicas, + spec := appsv1.StatefulSetSpec{ + ServiceName: governingServiceName, + Replicas: cpf.Replicas, + // PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164 + // This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations PodManagementPolicy: appsv1.ParallelPodManagement, UpdateStrategy: appsv1.StatefulSetUpdateStrategy{ Type: appsv1.RollingUpdateStatefulSetStrategyType, @@ -429,39 +416,40 @@ func makeStatefulSetSpec( HostNetwork: cpf.HostNetwork, }, }, - }, nil + } + + if cpf.HostNetwork { + spec.Template.Spec.DNSPolicy = v1.DNSClusterFirstWithHostNet + } + k8sutil.UpdateDNSPolicy(&spec.Template.Spec, cpf.DNSPolicy) + k8sutil.UpdateDNSConfig(&spec.Template.Spec, cpf.DNSConfig) + + return &spec, nil } -// appendServerArgs appends arguments that are only valid for the Prometheus server. -func appendServerArgs( - promArgs []monitoringv1.Argument, - cg *prompkg.ConfigGenerator, - retention monitoringv1.Duration, - retentionSize monitoringv1.ByteSize, - rules monitoringv1.Rules, - query *monitoringv1.QuerySpec, - allowOverlappingBlocks, - enableAdminAPI bool, - walCompression *bool, -) []monitoringv1.Argument { +// buildServerArgs returns the CLI arguments that are only valid for the Prometheus server. +func buildServerArgs(cg *prompkg.ConfigGenerator, p *monitoringv1.Prometheus) []monitoringv1.Argument { var ( + promArgs = cg.BuildCommonPrometheusArgs() retentionTimeFlagName = "storage.tsdb.retention.time" - retentionTimeFlagValue = string(retention) + retentionTimeFlagValue = string(p.Spec.Retention) ) + if cg.WithMaximumVersion("2.7.0").IsCompatible() { retentionTimeFlagName = "storage.tsdb.retention" - if retention == "" { + if p.Spec.Retention == "" { retentionTimeFlagValue = defaultRetention } - } else if retention == "" && retentionSize == "" { + } else if p.Spec.Retention == "" && p.Spec.RetentionSize == "" { retentionTimeFlagValue = defaultRetention } if retentionTimeFlagValue != "" { promArgs = append(promArgs, monitoringv1.Argument{Name: retentionTimeFlagName, Value: retentionTimeFlagValue}) } - if retentionSize != "" { - retentionSizeFlag := monitoringv1.Argument{Name: "storage.tsdb.retention.size", Value: string(retentionSize)} + + if p.Spec.RetentionSize != "" { + retentionSizeFlag := monitoringv1.Argument{Name: "storage.tsdb.retention.size", Value: string(p.Spec.RetentionSize)} promArgs = cg.WithMinimumVersion("2.7.0").AppendCommandlineArgument(promArgs, retentionSizeFlag) } @@ -469,10 +457,11 @@ func appendServerArgs( monitoringv1.Argument{Name: "storage.tsdb.path", Value: prompkg.StorageDir}, ) - if enableAdminAPI { + if p.Spec.EnableAdminAPI { promArgs = append(promArgs, monitoringv1.Argument{Name: "web.enable-admin-api"}) } + rules := p.Spec.Rules if rules.Alert.ForOutageTolerance != "" { promArgs = cg.WithMinimumVersion("2.4.0").AppendCommandlineArgument(promArgs, monitoringv1.Argument{Name: "rules.alert.for-outage-tolerance", Value: rules.Alert.ForOutageTolerance}) } @@ -483,6 +472,7 @@ func appendServerArgs( promArgs = cg.WithMinimumVersion("2.4.0").AppendCommandlineArgument(promArgs, monitoringv1.Argument{Name: "rules.alert.resend-delay", Value: rules.Alert.ResendDelay}) } + query := p.Spec.Query if query != nil { if query.LookbackDelta != nil { promArgs = append(promArgs, monitoringv1.Argument{Name: "query.lookback-delta", Value: *query.LookbackDelta}) @@ -501,23 +491,25 @@ func appendServerArgs( } } - if allowOverlappingBlocks { + //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. + if p.Spec.AllowOverlappingBlocks { promArgs = cg.WithMinimumVersion("2.11.0").WithMaximumVersion("2.39.0").AppendCommandlineArgument(promArgs, monitoringv1.Argument{Name: "storage.tsdb.allow-overlapping-blocks"}) } - if walCompression != nil { + if p.Spec.WALCompression != nil { arg := monitoringv1.Argument{Name: "no-storage.tsdb.wal-compression"} - if *walCompression { + if *p.Spec.WALCompression { arg.Name = "storage.tsdb.wal-compression" } promArgs = cg.WithMinimumVersion("2.11.0").AppendCommandlineArgument(promArgs, arg) } + return promArgs } // appendServerVolumes returns a set of volumes to be mounted on the statefulset spec that are specific to Prometheus Server. -func appendServerVolumes(volumes []v1.Volume, volumeMounts []v1.VolumeMount, queryLogFile string, ruleConfigMapNames []string) ([]v1.Volume, []v1.VolumeMount) { - if volume, ok := queryLogFileVolume(queryLogFile); ok { +func appendServerVolumes(p *monitoringv1.Prometheus, volumes []v1.Volume, volumeMounts []v1.VolumeMount, ruleConfigMapNames []string) ([]v1.Volume, []v1.VolumeMount) { + if volume, ok := queryLogFileVolume(p.Spec.QueryLogFile); ok { volumes = append(volumes, volume) } @@ -541,181 +533,196 @@ func appendServerVolumes(volumes []v1.Volume, volumeMounts []v1.VolumeMount, que }) } - if vmount, ok := queryLogFileVolumeMount(queryLogFile); ok { + if vmount, ok := queryLogFileVolumeMount(p.Spec.QueryLogFile); ok { volumeMounts = append(volumeMounts, vmount) } return volumes, volumeMounts } -func createThanosContainer( - disableCompaction *bool, - p monitoringv1.PrometheusInterface, - thanos *monitoringv1.ThanosSpec, - c *prompkg.Config, -) (*v1.Container, error) { - var container *v1.Container - cpf := p.GetCommonPrometheusFields() +func createThanosContainer(p *monitoringv1.Prometheus, c prompkg.Config) (*v1.Container, []v1.Volume, error) { + if p.Spec.Thanos == nil { + return nil, nil, nil + } - if thanos != nil { - thanosImage, err := operator.BuildImagePath( - ptr.Deref(thanos.Image, ""), - ptr.Deref(thanos.BaseImage, c.ThanosDefaultBaseImage), - ptr.Deref(thanos.Version, operator.DefaultThanosVersion), - ptr.Deref(thanos.Tag, ""), - ptr.Deref(thanos.SHA, ""), - ) - if err != nil { - return nil, fmt.Errorf("failed to build image path: %w", err) - } + var ( + container *v1.Container + cpf = p.GetCommonPrometheusFields() + thanos = p.Spec.Thanos + ) - var grpcBindAddress, httpBindAddress string - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - if thanos.ListenLocal || thanos.GRPCListenLocal { - grpcBindAddress = "127.0.0.1" - } + thanosImage, err := operator.BuildImagePath( + ptr.Deref(thanos.Image, ""), + ptr.Deref(thanos.BaseImage, c.ThanosDefaultBaseImage), + ptr.Deref(thanos.Version, operator.DefaultThanosVersion), + ptr.Deref(thanos.Tag, ""), + ptr.Deref(thanos.SHA, ""), + ) + if err != nil { + return nil, nil, fmt.Errorf("failed to build image path: %w", err) + } - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - if thanos.ListenLocal || thanos.HTTPListenLocal { - httpBindAddress = "127.0.0.1" - } + var grpcBindAddress, httpBindAddress string + //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. + if thanos.ListenLocal || thanos.GRPCListenLocal { + grpcBindAddress = "127.0.0.1" + } - thanosArgs := []monitoringv1.Argument{ - {Name: "prometheus.url", Value: fmt.Sprintf("%s://%s:9090%s", cpf.PrometheusURIScheme(), c.LocalHost, path.Clean(cpf.WebRoutePrefix()))}, - {Name: "grpc-address", Value: fmt.Sprintf("%s:10901", grpcBindAddress)}, - {Name: "http-address", Value: fmt.Sprintf("%s:10902", httpBindAddress)}, - } + //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. + if thanos.ListenLocal || thanos.HTTPListenLocal { + httpBindAddress = "127.0.0.1" + } - if thanos.GRPCServerTLSConfig != nil { - tls := thanos.GRPCServerTLSConfig - if tls.CertFile != "" { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "grpc-server-tls-cert", Value: tls.CertFile}) - } - if tls.KeyFile != "" { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "grpc-server-tls-key", Value: tls.KeyFile}) - } - if tls.CAFile != "" { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "grpc-server-tls-client-ca", Value: tls.CAFile}) - } + thanosArgs := []monitoringv1.Argument{ + {Name: "prometheus.url", Value: fmt.Sprintf("%s://%s:9090%s", cpf.PrometheusURIScheme(), c.LocalHost, path.Clean(cpf.WebRoutePrefix()))}, + {Name: "grpc-address", Value: fmt.Sprintf("%s:10901", grpcBindAddress)}, + {Name: "http-address", Value: fmt.Sprintf("%s:10902", httpBindAddress)}, + } + + if thanos.GRPCServerTLSConfig != nil { + tls := thanos.GRPCServerTLSConfig + if tls.CertFile != "" { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "grpc-server-tls-cert", Value: tls.CertFile}) + } + if tls.KeyFile != "" { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "grpc-server-tls-key", Value: tls.KeyFile}) } + if tls.CAFile != "" { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "grpc-server-tls-client-ca", Value: tls.CAFile}) + } + } - container = &v1.Container{ - Name: "thanos-sidecar", - Image: thanosImage, - ImagePullPolicy: cpf.ImagePullPolicy, - TerminationMessagePolicy: v1.TerminationMessageFallbackToLogsOnError, - SecurityContext: &v1.SecurityContext{ - AllowPrivilegeEscalation: ptr.To(false), - ReadOnlyRootFilesystem: ptr.To(true), - Capabilities: &v1.Capabilities{ - Drop: []v1.Capability{"ALL"}, - }, + container = &v1.Container{ + Name: "thanos-sidecar", + Image: thanosImage, + ImagePullPolicy: cpf.ImagePullPolicy, + TerminationMessagePolicy: v1.TerminationMessageFallbackToLogsOnError, + SecurityContext: &v1.SecurityContext{ + AllowPrivilegeEscalation: ptr.To(false), + ReadOnlyRootFilesystem: ptr.To(true), + Capabilities: &v1.Capabilities{ + Drop: []v1.Capability{"ALL"}, }, - Ports: []v1.ContainerPort{ - { - Name: "http", - ContainerPort: 10902, - }, - { - Name: "grpc", - ContainerPort: 10901, - }, + }, + Ports: []v1.ContainerPort{ + { + Name: "http", + ContainerPort: 10902, }, - Resources: thanos.Resources, - } + { + Name: "grpc", + ContainerPort: 10901, + }, + }, + Resources: thanos.Resources, + } + + for _, thanosSideCarVM := range thanos.VolumeMounts { + container.VolumeMounts = append(container.VolumeMounts, v1.VolumeMount{ + Name: thanosSideCarVM.Name, + MountPath: thanosSideCarVM.MountPath, + }) + } - for _, thanosSideCarVM := range thanos.VolumeMounts { - container.VolumeMounts = append(container.VolumeMounts, v1.VolumeMount{ - Name: thanosSideCarVM.Name, - MountPath: thanosSideCarVM.MountPath, + if thanos.ObjectStorageConfig != nil || thanos.ObjectStorageConfigFile != nil { + if thanos.ObjectStorageConfigFile != nil { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "objstore.config-file", Value: *thanos.ObjectStorageConfigFile}) + } else { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "objstore.config", Value: "$(OBJSTORE_CONFIG)"}) + container.Env = append(container.Env, v1.EnvVar{ + Name: "OBJSTORE_CONFIG", + ValueFrom: &v1.EnvVarSource{ + SecretKeyRef: thanos.ObjectStorageConfig, + }, }) } - if thanos.ObjectStorageConfig != nil || thanos.ObjectStorageConfigFile != nil { - if thanos.ObjectStorageConfigFile != nil { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "objstore.config-file", Value: *thanos.ObjectStorageConfigFile}) - } else { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "objstore.config", Value: "$(OBJSTORE_CONFIG)"}) - container.Env = append(container.Env, v1.EnvVar{ - Name: "OBJSTORE_CONFIG", - ValueFrom: &v1.EnvVarSource{ - SecretKeyRef: thanos.ObjectStorageConfig, - }, - }) - } - - volName := prompkg.VolumeClaimName(p, cpf) - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "tsdb.path", Value: prompkg.StorageDir}) - container.VolumeMounts = append( - container.VolumeMounts, - v1.VolumeMount{ - Name: volName, - MountPath: prompkg.StorageDir, - SubPath: prompkg.SubPathForStorage(cpf.Storage), - }, - ) + volName := prompkg.VolumeClaimName(p, cpf) + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "tsdb.path", Value: prompkg.StorageDir}) + container.VolumeMounts = append( + container.VolumeMounts, + v1.VolumeMount{ + Name: volName, + MountPath: prompkg.StorageDir, + SubPath: prompkg.SubPathForStorage(cpf.Storage), + }, + ) + } - // NOTE(bwplotka): As described in https://thanos.io/components/sidecar.md/ we have to turn off compaction of Prometheus - // to avoid races during upload, if the uploads are configured. - *disableCompaction = true + if thanos.TracingConfig != nil || len(thanos.TracingConfigFile) > 0 { + if len(thanos.TracingConfigFile) > 0 { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "tracing.config-file", Value: thanos.TracingConfigFile}) + } else { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "tracing.config", Value: "$(TRACING_CONFIG)"}) + container.Env = append(container.Env, v1.EnvVar{ + Name: "TRACING_CONFIG", + ValueFrom: &v1.EnvVarSource{ + SecretKeyRef: thanos.TracingConfig, + }, + }) } + } - if thanos.TracingConfig != nil || len(thanos.TracingConfigFile) > 0 { - if len(thanos.TracingConfigFile) > 0 { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "tracing.config-file", Value: thanos.TracingConfigFile}) - } else { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "tracing.config", Value: "$(TRACING_CONFIG)"}) - container.Env = append(container.Env, v1.EnvVar{ - Name: "TRACING_CONFIG", - ValueFrom: &v1.EnvVarSource{ - SecretKeyRef: thanos.TracingConfig, - }, - }) - } - } + if thanos.LogLevel != "" { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "log.level", Value: thanos.LogLevel}) + } else if cpf.LogLevel != "" { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "log.level", Value: cpf.LogLevel}) + } + if thanos.LogFormat != "" { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "log.format", Value: thanos.LogFormat}) + } else if cpf.LogFormat != "" { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "log.format", Value: cpf.LogFormat}) + } - if thanos.LogLevel != "" { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "log.level", Value: thanos.LogLevel}) - } else if cpf.LogLevel != "" { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "log.level", Value: cpf.LogLevel}) - } - if thanos.LogFormat != "" { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "log.format", Value: thanos.LogFormat}) - } else if cpf.LogFormat != "" { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "log.format", Value: cpf.LogFormat}) - } + if thanos.MinTime != "" { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "min-time", Value: thanos.MinTime}) + } - if thanos.MinTime != "" { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "min-time", Value: thanos.MinTime}) - } + if thanos.ReadyTimeout != "" { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "prometheus.ready_timeout", Value: string(thanos.ReadyTimeout)}) + } - if thanos.ReadyTimeout != "" { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "prometheus.ready_timeout", Value: string(thanos.ReadyTimeout)}) - } + thanosVersion, err := semver.ParseTolerant(ptr.Deref(thanos.Version, operator.DefaultThanosVersion)) + if err != nil { + return nil, nil, fmt.Errorf("failed to parse Thanos version: %w", err) + } - thanosVersion, err := semver.ParseTolerant(ptr.Deref(thanos.Version, operator.DefaultThanosVersion)) - if err != nil { - return nil, fmt.Errorf("failed to parse Thanos version: %w", err) - } + if thanos.GetConfigTimeout != "" && thanosVersion.GTE(semver.MustParse("0.29.0")) { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "prometheus.get_config_timeout", Value: string(thanos.GetConfigTimeout)}) + } + if thanos.GetConfigInterval != "" && thanosVersion.GTE(semver.MustParse("0.29.0")) { + thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "prometheus.get_config_interval", Value: string(thanos.GetConfigInterval)}) + } - if thanos.GetConfigTimeout != "" && thanosVersion.GTE(semver.MustParse("0.29.0")) { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "prometheus.get_config_timeout", Value: string(thanos.GetConfigTimeout)}) - } - if thanos.GetConfigInterval != "" && thanosVersion.GTE(semver.MustParse("0.29.0")) { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "prometheus.get_config_interval", Value: string(thanos.GetConfigInterval)}) - } - if thanosVersion.GTE(semver.MustParse(thanosSupportedVersionHTTPClientFlag)) { - thanosArgs = append(thanosArgs, monitoringv1.Argument{Name: "prometheus.http-client", Value: `{"tls_config": {"insecure_skip_verify":true}}`}) - } + // set prometheus.http-client-config + // ref: https://thanos.io/tip/components/sidecar.md/#prometheus-http-client + var volumes []v1.Volume + if thanosVersion.GTE(semver.MustParse(thanosSupportedVersionHTTPClientFlag)) { + thanosArgs = append(thanosArgs, monitoringv1.Argument{ + Name: "prometheus.http-client-file", + Value: filepath.Join(thanosConfigDir, thanosPrometheusHTTPClientConfigFileName), + }) + container.VolumeMounts = append(container.VolumeMounts, v1.VolumeMount{ + Name: thanosPrometheusHTTPClientConfigSecretNameSuffix, + MountPath: thanosConfigDir, + }) + volumes = append(volumes, v1.Volume{ + Name: thanosPrometheusHTTPClientConfigSecretNameSuffix, + VolumeSource: v1.VolumeSource{ + Secret: &v1.SecretVolumeSource{ + SecretName: thanosPrometheusHTTPClientConfigSecretName(p), + }, + }, + }) + } - containerArgs, err := operator.BuildArgs(thanosArgs, thanos.AdditionalArgs) - if err != nil { - return nil, err - } - container.Args = append([]string{"sidecar"}, containerArgs...) + containerArgs, err := operator.BuildArgs(thanosArgs, thanos.AdditionalArgs) + if err != nil { + return nil, nil, err } + container.Args = append([]string{"sidecar"}, containerArgs...) - return container, nil + return container, volumes, nil } func queryLogFileVolumeMount(queryLogFile string) (v1.VolumeMount, bool) { @@ -742,3 +749,13 @@ func queryLogFileVolume(queryLogFile string) (v1.Volume, bool) { }, }, true } + +func compactionDisabled(p *monitoringv1.Prometheus) bool { + // NOTE(bwplotka): As described in https://thanos.io/components/sidecar.md/ + // we have to turn off compaction of Prometheus if export to object + // storage is configured to avoid races during uploads. + return p.Spec.DisableCompaction || + (p.Spec.Thanos != nil && + (p.Spec.Thanos.ObjectStorageConfig != nil || + p.Spec.Thanos.ObjectStorageConfigFile != nil)) +} diff --git a/pkg/prometheus/server/statefulset_test.go b/pkg/prometheus/server/statefulset_test.go index 863b37a2356..63158131a4e 100644 --- a/pkg/prometheus/server/statefulset_test.go +++ b/pkg/prometheus/server/statefulset_test.go @@ -38,7 +38,7 @@ import ( prompkg "github.com/prometheus-operator/prometheus-operator/pkg/prometheus" ) -var defaultTestConfig = &prompkg.Config{ +var defaultTestConfig = prompkg.Config{ LocalHost: "localhost", ReloaderConfig: operator.DefaultReloaderTestConfig.ReloaderConfig, PrometheusDefaultBaseImage: operator.DefaultPrometheusBaseImage, @@ -48,7 +48,7 @@ var defaultTestConfig = &prompkg.Config{ func makeStatefulSetFromPrometheus(p monitoringv1.Prometheus) (*appsv1.StatefulSet, error) { logger := prompkg.NewLogger() - cg, err := prompkg.NewConfigGenerator(logger, &p, false) + cg, err := prompkg.NewConfigGenerator(logger, &p) if err != nil { return nil, err } @@ -56,18 +56,6 @@ func makeStatefulSetFromPrometheus(p monitoringv1.Prometheus) (*appsv1.StatefulS return makeStatefulSet( "test", &p, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.BaseImage, p.Spec.Tag, p.Spec.SHA, - p.Spec.Retention, - p.Spec.RetentionSize, - p.Spec.Rules, - p.Spec.Query, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.AllowOverlappingBlocks, - p.Spec.EnableAdminAPI, - p.Spec.QueryLogFile, - p.Spec.Thanos, - p.Spec.DisableCompaction, defaultTestConfig, cg, nil, @@ -118,20 +106,9 @@ func TestStatefulSetLabelingAndAnnotations(t *testing.T) { }) require.NoError(t, err) - if !reflect.DeepEqual(expectedStatefulSetLabels, sset.Labels) { - t.Log(pretty.Compare(expectedStatefulSetLabels, sset.Labels)) - t.Fatal("Labels are not properly being propagated to the StatefulSet") - } - - if !reflect.DeepEqual(expectedStatefulSetAnnotations, sset.Annotations) { - t.Log(pretty.Compare(expectedStatefulSetAnnotations, sset.Annotations)) - t.Fatal("Annotations are not properly being propagated to the StatefulSet") - } - - if !reflect.DeepEqual(expectedPodLabels, sset.Spec.Template.ObjectMeta.Labels) { - t.Log(pretty.Compare(expectedPodLabels, sset.Spec.Template.ObjectMeta.Labels)) - t.Fatal("Labels are not properly being propagated to the Pod") - } + require.Equalf(t, expectedStatefulSetLabels, sset.Labels, "Labels are not properly being propagated to the StatefulSet\n%s", pretty.Compare(expectedStatefulSetLabels, sset.Labels)) + require.Equalf(t, expectedStatefulSetAnnotations, sset.Annotations, "Annotations are not properly being propagated to the StatefulSet\n%s", pretty.Compare(expectedStatefulSetAnnotations, sset.Annotations)) + require.Equalf(t, expectedPodLabels, sset.Spec.Template.ObjectMeta.Labels, "Labels are not properly being propagated to the Pod\n%s", pretty.Compare(expectedPodLabels, sset.Spec.Template.ObjectMeta.Labels)) } func TestPodLabelsAnnotations(t *testing.T) { @@ -155,12 +132,11 @@ func TestPodLabelsAnnotations(t *testing.T) { }) require.NoError(t, err) - if val, ok := sset.Spec.Template.ObjectMeta.Labels["testlabel"]; !ok || val != "testvalue" { - t.Fatal("Pod labels are not properly propagated") - } - if val, ok := sset.Spec.Template.ObjectMeta.Annotations["testannotation"]; !ok || val != "testvalue" { - t.Fatal("Pod annotations are not properly propagated") - } + valLabel := sset.Spec.Template.ObjectMeta.Labels["testlabel"] + require.Equal(t, "testvalue", valLabel, "Pod labels are not properly propagated") + + valAnnotation := sset.Spec.Template.ObjectMeta.Annotations["testannotation"] + require.Equal(t, "testvalue", valAnnotation, "Pod annotations are not properly propagated") } func TestPodLabelsShouldNotBeSelectorLabels(t *testing.T) { @@ -179,9 +155,7 @@ func TestPodLabelsShouldNotBeSelectorLabels(t *testing.T) { }) require.NoError(t, err) - if sset.Spec.Selector.MatchLabels["testlabel"] == "testvalue" { - t.Fatal("Pod Selector are not properly propagated") - } + require.NotEqual(t, "testvalue", sset.Spec.Selector.MatchLabels["testlabel"], "Pod Selector are not properly propagated") } func TestStatefulSetPVC(t *testing.T) { @@ -220,9 +194,7 @@ func TestStatefulSetPVC(t *testing.T) { require.NoError(t, err) ssetPvc := sset.Spec.VolumeClaimTemplates[0] - if !reflect.DeepEqual(*pvc.Spec.StorageClassName, *ssetPvc.Spec.StorageClassName) { - t.Fatal("Error adding PVC Spec to StatefulSetSpec") - } + require.Equal(t, *pvc.Spec.StorageClassName, *ssetPvc.Spec.StorageClassName, "Error adding PVC Spec to StatefulSetSpec") } func TestStatefulSetEmptyDir(t *testing.T) { @@ -253,9 +225,8 @@ func TestStatefulSetEmptyDir(t *testing.T) { require.NoError(t, err) ssetVolumes := sset.Spec.Template.Spec.Volumes - if ssetVolumes[len(ssetVolumes)-1].VolumeSource.EmptyDir == nil || !reflect.DeepEqual(emptyDir.Medium, ssetVolumes[len(ssetVolumes)-1].VolumeSource.EmptyDir.Medium) { - t.Fatal("Error adding EmptyDir Spec to StatefulSetSpec") - } + require.NotNil(t, ssetVolumes[len(ssetVolumes)-1].VolumeSource.EmptyDir, "Error adding EmptyDir Spec to StatefulSetSpec") + require.Equal(t, emptyDir.Medium, ssetVolumes[len(ssetVolumes)-1].VolumeSource.EmptyDir.Medium, "Error adding EmptyDir Spec to StatefulSetSpec") } func TestStatefulSetEphemeral(t *testing.T) { @@ -293,10 +264,8 @@ func TestStatefulSetEphemeral(t *testing.T) { require.NoError(t, err) ssetVolumes := sset.Spec.Template.Spec.Volumes - if ssetVolumes[len(ssetVolumes)-1].VolumeSource.Ephemeral == nil || - !reflect.DeepEqual(ephemeral.VolumeClaimTemplate.Spec.StorageClassName, ssetVolumes[len(ssetVolumes)-1].VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.StorageClassName) { - t.Fatal("Error adding Ephemeral Spec to StatefulSetSpec") - } + require.NotNil(t, ssetVolumes[len(ssetVolumes)-1].VolumeSource.Ephemeral, "Error adding Ephemeral Spec to StatefulSetSpec") + require.Equal(t, ephemeral.VolumeClaimTemplate.Spec.StorageClassName, ssetVolumes[len(ssetVolumes)-1].VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.StorageClassName, "Error adding Ephemeral Spec to StatefulSetSpec") } func TestStatefulSetVolumeInitial(t *testing.T) { @@ -434,7 +403,7 @@ func TestStatefulSetVolumeInitial(t *testing.T) { logger := prompkg.NewLogger() - cg, err := prompkg.NewConfigGenerator(logger, &p, false) + cg, err := prompkg.NewConfigGenerator(logger, &p) require.NoError(t, err) shardedSecret, err := operator.ReconcileShardedSecret( @@ -453,18 +422,6 @@ func TestStatefulSetVolumeInitial(t *testing.T) { sset, err := makeStatefulSet( "volume-init-test", &p, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.BaseImage, p.Spec.Tag, p.Spec.SHA, - p.Spec.Retention, - p.Spec.RetentionSize, - p.Spec.Rules, - p.Spec.Query, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.AllowOverlappingBlocks, - p.Spec.EnableAdminAPI, - p.Spec.QueryLogFile, - p.Spec.Thanos, - p.Spec.DisableCompaction, defaultTestConfig, cg, []string{"rules-configmap-one"}, @@ -473,15 +430,8 @@ func TestStatefulSetVolumeInitial(t *testing.T) { shardedSecret) require.NoError(t, err) - if !reflect.DeepEqual(expected.Spec.Template.Spec.Volumes, sset.Spec.Template.Spec.Volumes) { - fmt.Println(pretty.Compare(expected.Spec.Template.Spec.Volumes, sset.Spec.Template.Spec.Volumes)) - t.Fatal("expected volumes to match") - } - - if !reflect.DeepEqual(expected.Spec.Template.Spec.Containers[0].VolumeMounts, sset.Spec.Template.Spec.Containers[0].VolumeMounts) { - fmt.Println(pretty.Compare(expected.Spec.Template.Spec.Containers[0].VolumeMounts, sset.Spec.Template.Spec.Containers[0].VolumeMounts)) - t.Fatal("expected volume mounts to match") - } + require.Equalf(t, expected.Spec.Template.Spec.Volumes, sset.Spec.Template.Spec.Volumes, "expected volumes to match \n%s", pretty.Compare(expected.Spec.Template.Spec.Volumes, sset.Spec.Template.Spec.Volumes)) + require.Equalf(t, expected.Spec.Template.Spec.Containers[0].VolumeMounts, sset.Spec.Template.Spec.Containers[0].VolumeMounts, "expected volume mounts to match \n%s", pretty.Compare(expected.Spec.Template.Spec.Containers[0].VolumeMounts, sset.Spec.Template.Spec.Containers[0].VolumeMounts)) } func TestAdditionalConfigMap(t *testing.T) { @@ -500,9 +450,7 @@ func TestAdditionalConfigMap(t *testing.T) { cmVolumeFound = true } } - if !cmVolumeFound { - t.Fatal("ConfigMap volume not found") - } + require.True(t, cmVolumeFound, "ConfigMap volume not found") cmMounted := false for _, v := range sset.Spec.Template.Spec.Containers[0].VolumeMounts { @@ -510,9 +458,7 @@ func TestAdditionalConfigMap(t *testing.T) { cmMounted = true } } - if !cmMounted { - t.Fatal("ConfigMap volume not mounted") - } + require.True(t, cmMounted, "ConfigMap volume not mounted") } func TestListenLocal(t *testing.T) { @@ -532,9 +478,7 @@ func TestListenLocal(t *testing.T) { } } - if !found { - t.Fatal("Prometheus not listening on loopback when it should.") - } + require.True(t, found, "Prometheus not listening on loopback when it should.") expectedProbeHandler := func(probePath string) v1.ProbeHandler { return v1.ProbeHandler{ @@ -555,9 +499,7 @@ func TestListenLocal(t *testing.T) { PeriodSeconds: 15, FailureThreshold: 60, } - if !reflect.DeepEqual(actualStartupProbe, expectedStartupProbe) { - t.Fatalf("Startup probe doesn't match expected. \n\nExpected: %+v\n\nGot: %+v", expectedStartupProbe, actualStartupProbe) - } + require.Equal(t, expectedStartupProbe, actualStartupProbe, "Startup probe doesn't match expected. \n\nExpected: %+v\n\nGot: %+v", expectedStartupProbe, actualStartupProbe) actualLivenessProbe := sset.Spec.Template.Spec.Containers[0].LivenessProbe expectedLivenessProbe := &v1.Probe{ @@ -566,9 +508,7 @@ func TestListenLocal(t *testing.T) { PeriodSeconds: 5, FailureThreshold: 6, } - if !reflect.DeepEqual(actualLivenessProbe, expectedLivenessProbe) { - t.Fatalf("Liveness probe doesn't match expected. \n\nExpected: %+v\n\nGot: %+v", expectedLivenessProbe, actualLivenessProbe) - } + require.Equal(t, expectedLivenessProbe, actualLivenessProbe, "Liveness probe doesn't match expected. \n\nExpected: %+v\n\nGot: %+v", expectedLivenessProbe, actualLivenessProbe) actualReadinessProbe := sset.Spec.Template.Spec.Containers[0].ReadinessProbe expectedReadinessProbe := &v1.Probe{ @@ -577,13 +517,9 @@ func TestListenLocal(t *testing.T) { PeriodSeconds: 5, FailureThreshold: 3, } - if !reflect.DeepEqual(actualReadinessProbe, expectedReadinessProbe) { - t.Fatalf("Readiness probe doesn't match expected. \n\nExpected: %+v\n\nGot: %+v", expectedReadinessProbe, actualReadinessProbe) - } + require.Equal(t, expectedReadinessProbe, actualReadinessProbe, "Readiness probe doesn't match expected. \n\nExpected: %+v\n\nGot: %+v", expectedReadinessProbe, actualReadinessProbe) - if len(sset.Spec.Template.Spec.Containers[0].Ports) != 0 { - t.Fatal("Prometheus container should have 0 ports defined") - } + require.Empty(t, sset.Spec.Template.Spec.Containers[0].Ports, "Prometheus container should have 0 ports defined") } func TestListenTLS(t *testing.T) { @@ -631,9 +567,7 @@ func TestListenTLS(t *testing.T) { PeriodSeconds: 15, FailureThreshold: 60, } - if !reflect.DeepEqual(actualStartupProbe, expectedStartupProbe) { - t.Fatalf("Startup probe doesn't match expected. \n\nExpected: %+v\n\nGot: %+v", expectedStartupProbe, actualStartupProbe) - } + require.Equal(t, expectedStartupProbe, actualStartupProbe, "Startup probe doesn't match expected. \n\nExpected: %+v\n\nGot: %+v", expectedStartupProbe, actualStartupProbe) actualLivenessProbe := sset.Spec.Template.Spec.Containers[0].LivenessProbe expectedLivenessProbe := &v1.Probe{ @@ -642,9 +576,7 @@ func TestListenTLS(t *testing.T) { PeriodSeconds: 5, FailureThreshold: 6, } - if !reflect.DeepEqual(actualLivenessProbe, expectedLivenessProbe) { - t.Fatalf("Liveness probe doesn't match expected. \n\nExpected: %+v\n\nGot: %+v", expectedLivenessProbe, actualLivenessProbe) - } + require.Equal(t, expectedLivenessProbe, actualLivenessProbe, "Liveness probe doesn't match expected. \n\nExpected: %+v\n\nGot: %+v", expectedLivenessProbe, actualLivenessProbe) actualReadinessProbe := sset.Spec.Template.Spec.Containers[0].ReadinessProbe expectedReadinessProbe := &v1.Probe{ @@ -653,9 +585,7 @@ func TestListenTLS(t *testing.T) { PeriodSeconds: 5, FailureThreshold: 3, } - if !reflect.DeepEqual(actualReadinessProbe, expectedReadinessProbe) { - t.Fatalf("Readiness probe doesn't match expected. \n\nExpected: %+v\n\nGot: %+v", expectedReadinessProbe, actualReadinessProbe) - } + require.Equal(t, expectedReadinessProbe, actualReadinessProbe, "Readiness probe doesn't match expected. \n\nExpected: %+v\n\nGot: %+v", expectedReadinessProbe, actualReadinessProbe) expectedConfigReloaderReloadURL := "--reload-url=https://localhost:9090/-/reload" reloadURLFound := false @@ -664,9 +594,7 @@ func TestListenTLS(t *testing.T) { reloadURLFound = true } } - if !reloadURLFound { - t.Fatalf("expected to find arg %s in config reloader", expectedConfigReloaderReloadURL) - } + require.True(t, reloadURLFound, "expected to find arg %s in config reloader", expectedConfigReloaderReloadURL) expectedThanosSidecarPrometheusURL := "--prometheus.url=https://localhost:9090/" prometheusURLFound := false @@ -675,9 +603,7 @@ func TestListenTLS(t *testing.T) { prometheusURLFound = true } } - if !prometheusURLFound { - t.Fatalf("expected to find arg %s in thanos sidecar", expectedThanosSidecarPrometheusURL) - } + require.True(t, prometheusURLFound, "expected to find arg %s in thanos sidecar", expectedThanosSidecarPrometheusURL) fmt.Println(sset.Spec.Template.Spec.Containers[2].Args) @@ -691,9 +617,7 @@ func TestListenTLS(t *testing.T) { for _, c := range sset.Spec.Template.Spec.Containers { if c.Name == "config-reloader" { - if !reflect.DeepEqual(c.Args, expectedArgsConfigReloader) { - t.Fatalf("expected container args are %s, but found %s", expectedArgsConfigReloader, c.Args) - } + require.Equal(t, expectedArgsConfigReloader, c.Args, "expected container args are %s, but found %s", expectedArgsConfigReloader, c.Args) } } } @@ -712,9 +636,7 @@ func TestTagAndShaAndVersion(t *testing.T) { image := sset.Spec.Template.Spec.Containers[0].Image expected := "quay.io/prometheus/prometheus:my-unrelated-tag" - if image != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) - } + require.Equal(t, expected, image, "Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) } { sset, err := makeStatefulSetFromPrometheus(monitoringv1.Prometheus{ @@ -730,9 +652,7 @@ func TestTagAndShaAndVersion(t *testing.T) { image := sset.Spec.Template.Spec.Containers[0].Image expected := "quay.io/prometheus/prometheus@sha256:7384a79f4b4991bf8269e7452390249b7c70bcdd10509c8c1c6c6e30e32fb324" - if image != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) - } + require.Equal(t, expected, image, "Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) } // For tests which set monitoringv1.PrometheusSpec.Image, the result will be Image only. SHA, Tag, Version are not considered. { @@ -751,9 +671,7 @@ func TestTagAndShaAndVersion(t *testing.T) { resultImage := sset.Spec.Template.Spec.Containers[0].Image expected := image - if resultImage != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) - } + require.Equal(t, expected, resultImage, "Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) } { image := "my-reg/prometheus:latest" @@ -771,9 +689,7 @@ func TestTagAndShaAndVersion(t *testing.T) { resultImage := sset.Spec.Template.Spec.Containers[0].Image expected := image - if resultImage != expected { - t.Fatalf("Explicit image should have precedence. Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) - } + require.Equal(t, expected, resultImage, "Explicit image should have precedence. Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) } { image := "my-reg/prometheus" @@ -789,9 +705,7 @@ func TestTagAndShaAndVersion(t *testing.T) { resultImage := sset.Spec.Template.Spec.Containers[0].Image expected := image - if resultImage != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) - } + require.Equal(t, expected, resultImage, "Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) } { image := "my-reg/prometheus" @@ -808,9 +722,7 @@ func TestTagAndShaAndVersion(t *testing.T) { resultImage := sset.Spec.Template.Spec.Containers[0].Image expected := image - if resultImage != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) - } + require.Equal(t, expected, resultImage, "Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) } { image := "my-reg/prometheus" @@ -825,9 +737,7 @@ func TestTagAndShaAndVersion(t *testing.T) { resultImage := sset.Spec.Template.Spec.Containers[0].Image expected := image - if resultImage != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) - } + require.Equal(t, expected, resultImage, "Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) } { image := "my-reg/prometheus" @@ -843,9 +753,7 @@ func TestTagAndShaAndVersion(t *testing.T) { resultImage := sset.Spec.Template.Spec.Containers[0].Image expected := image - if resultImage != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) - } + require.Equal(t, expected, resultImage, "Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) } { image := "" @@ -861,9 +769,7 @@ func TestTagAndShaAndVersion(t *testing.T) { resultImage := sset.Spec.Template.Spec.Containers[0].Image expected := "quay.io/prometheus/prometheus:my-unrelated-tag" - if resultImage != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) - } + require.Equal(t, expected, resultImage, "Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) } { image := "my-reg/prometheus@sha256:7384a79f4b4991bf8269e7452390249b7c70bcdd10509c8c1c6c6e30e32fb325" @@ -880,14 +786,12 @@ func TestTagAndShaAndVersion(t *testing.T) { resultImage := sset.Spec.Template.Spec.Containers[0].Image expected := "my-reg/prometheus@sha256:7384a79f4b4991bf8269e7452390249b7c70bcdd10509c8c1c6c6e30e32fb325" - if resultImage != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) - } + require.Equal(t, expected, resultImage, "Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, resultImage) } } func TestPrometheusDefaultBaseImageFlag(t *testing.T) { - operatorConfig := &prompkg.Config{ + operatorConfig := prompkg.Config{ ReloaderConfig: defaultTestConfig.ReloaderConfig, PrometheusDefaultBaseImage: "nondefaultuseflag/quay.io/prometheus/prometheus", ThanosDefaultBaseImage: "nondefaultuseflag/quay.io/thanos/thanos", @@ -907,24 +811,12 @@ func TestPrometheusDefaultBaseImageFlag(t *testing.T) { }, } - cg, err := prompkg.NewConfigGenerator(logger, &p, false) + cg, err := prompkg.NewConfigGenerator(logger, &p) require.NoError(t, err) sset, err := makeStatefulSet( "test", &p, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.BaseImage, p.Spec.Tag, p.Spec.SHA, - p.Spec.Retention, - p.Spec.RetentionSize, - p.Spec.Rules, - p.Spec.Query, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.AllowOverlappingBlocks, - p.Spec.EnableAdminAPI, - p.Spec.QueryLogFile, - p.Spec.Thanos, - p.Spec.DisableCompaction, operatorConfig, cg, nil, @@ -935,13 +827,11 @@ func TestPrometheusDefaultBaseImageFlag(t *testing.T) { image := sset.Spec.Template.Spec.Containers[0].Image expected := "nondefaultuseflag/quay.io/prometheus/prometheus" + ":" + operator.DefaultPrometheusVersion - if image != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) - } + require.Equal(t, expected, image, "Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) } func TestThanosDefaultBaseImageFlag(t *testing.T) { - thanosBaseImageConfig := &prompkg.Config{ + thanosBaseImageConfig := prompkg.Config{ ReloaderConfig: defaultTestConfig.ReloaderConfig, PrometheusDefaultBaseImage: "nondefaultuseflag/quay.io/prometheus/prometheus", ThanosDefaultBaseImage: "nondefaultuseflag/quay.io/thanos/thanos", @@ -963,24 +853,12 @@ func TestThanosDefaultBaseImageFlag(t *testing.T) { }, } - cg, err := prompkg.NewConfigGenerator(logger, &p, false) + cg, err := prompkg.NewConfigGenerator(logger, &p) require.NoError(t, err) sset, err := makeStatefulSet( "test", &p, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.BaseImage, p.Spec.Tag, p.Spec.SHA, - p.Spec.Retention, - p.Spec.RetentionSize, - p.Spec.Rules, - p.Spec.Query, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.AllowOverlappingBlocks, - p.Spec.EnableAdminAPI, - p.Spec.QueryLogFile, - p.Spec.Thanos, - p.Spec.DisableCompaction, thanosBaseImageConfig, cg, nil, @@ -991,9 +869,7 @@ func TestThanosDefaultBaseImageFlag(t *testing.T) { image := sset.Spec.Template.Spec.Containers[2].Image expected := "nondefaultuseflag/quay.io/thanos/thanos" + ":" + operator.DefaultThanosVersion - if image != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) - } + require.Equal(t, expected, image, "Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) } func TestThanosTagAndShaAndVersion(t *testing.T) { @@ -1012,9 +888,7 @@ func TestThanosTagAndShaAndVersion(t *testing.T) { image := sset.Spec.Template.Spec.Containers[2].Image expected := "quay.io/thanos/thanos:my-unrelated-tag" - if image != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) - } + require.Equal(t, expected, image, "Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) } { thanosSHA := "7384a79f4b4991bf8269e7452390249b7c70bcdd10509c8c1c6c6e30e32fb324" @@ -1033,9 +907,7 @@ func TestThanosTagAndShaAndVersion(t *testing.T) { image := sset.Spec.Template.Spec.Containers[2].Image expected := "quay.io/thanos/thanos@sha256:7384a79f4b4991bf8269e7452390249b7c70bcdd10509c8c1c6c6e30e32fb324" - if image != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) - } + require.Equal(t, expected, image, "Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) } { thanosSHA := "7384a79f4b4991bf8269e7452390249b7c70bcdd10509c8c1c6c6e30e32fb324" @@ -1056,9 +928,7 @@ func TestThanosTagAndShaAndVersion(t *testing.T) { image := sset.Spec.Template.Spec.Containers[2].Image expected := "my-registry/thanos:latest" - if image != expected { - t.Fatalf("Explicit Thanos image should have precedence. Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) - } + require.Equal(t, expected, image, "Explicit Thanos image should have precedence. Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) } } @@ -1071,9 +941,7 @@ func TestThanosResourcesNotSet(t *testing.T) { require.NoError(t, err) res := sset.Spec.Template.Spec.Containers[2].Resources - if res.Limits != nil || res.Requests != nil { - t.Fatalf("Unexpected resources defined. \n\nExpected: nil\n\nGot: %v, %v", res.Limits, res.Requests) - } + require.False(t, (res.Limits != nil || res.Requests != nil), "Unexpected resources defined. \n\nExpected: nil\n\nGot: %v, %v", res.Limits, res.Requests) } func TestThanosResourcesSet(t *testing.T) { @@ -1097,9 +965,7 @@ func TestThanosResourcesSet(t *testing.T) { require.NoError(t, err) actual := sset.Spec.Template.Spec.Containers[2].Resources - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("Unexpected resources defined. \n\nExpected: %v\n\nGot: %v", expected, actual) - } + require.Equal(t, expected, actual, "Unexpected resources defined. \n\nExpected: %v\n\nGot: %v", expected, actual) } func TestThanosNoObjectStorage(t *testing.T) { @@ -1110,24 +976,15 @@ func TestThanosNoObjectStorage(t *testing.T) { }) require.NoError(t, err) - if sset.Spec.Template.Spec.Containers[0].Name != "prometheus" { - t.Fatalf("expected 1st containers to be prometheus, got %s", sset.Spec.Template.Spec.Containers[0].Name) - } - - if sset.Spec.Template.Spec.Containers[2].Name != "thanos-sidecar" { - t.Fatalf("expected 3rd container to be thanos-sidecar, got %s", sset.Spec.Template.Spec.Containers[2].Name) - } + require.Equal(t, "prometheus", sset.Spec.Template.Spec.Containers[0].Name, "expected 1st containers to be prometheus, got %s", sset.Spec.Template.Spec.Containers[0].Name) + require.Equal(t, "thanos-sidecar", sset.Spec.Template.Spec.Containers[2].Name, "expected 3rd container to be thanos-sidecar, got %s", sset.Spec.Template.Spec.Containers[2].Name) for _, arg := range sset.Spec.Template.Spec.Containers[0].Args { - if strings.HasPrefix(arg, "--storage.tsdb.max-block-duration=2h") { - t.Fatal("Prometheus compaction should be disabled") - } + require.False(t, strings.HasPrefix(arg, "--storage.tsdb.max-block-duration=2h"), "Prometheus compaction should be disabled") } for _, arg := range sset.Spec.Template.Spec.Containers[2].Args { - if strings.HasPrefix(arg, "--tsdb.path=") { - t.Fatal("--tsdb.path argument should not be given to the Thanos sidecar") - } + require.False(t, strings.HasPrefix(arg, "--tsdb.path="), "--tsdb.path argument should not be given to the Thanos sidecar") } } @@ -1146,13 +1003,8 @@ func TestThanosObjectStorage(t *testing.T) { }) require.NoError(t, err) - if sset.Spec.Template.Spec.Containers[0].Name != "prometheus" { - t.Fatalf("expected 1st containers to be prometheus, got %s", sset.Spec.Template.Spec.Containers[0].Name) - } - - if sset.Spec.Template.Spec.Containers[2].Name != "thanos-sidecar" { - t.Fatalf("expected 3rd containers to be thanos-sidecar, got %s", sset.Spec.Template.Spec.Containers[2].Name) - } + require.Equal(t, "prometheus", sset.Spec.Template.Spec.Containers[0].Name, "expected 1st containers to be prometheus, got %s", sset.Spec.Template.Spec.Containers[0].Name) + require.Equal(t, "thanos-sidecar", sset.Spec.Template.Spec.Containers[2].Name, "expected 3rd containers to be thanos-sidecar, got %s", sset.Spec.Template.Spec.Containers[2].Name) var containsEnvVar bool for _, env := range sset.Spec.Template.Spec.Containers[2].Env { @@ -1163,9 +1015,7 @@ func TestThanosObjectStorage(t *testing.T) { } } } - if !containsEnvVar { - t.Fatalf("Thanos sidecar is missing expected OBJSTORE_CONFIG env var with correct value") - } + require.True(t, containsEnvVar, "Thanos sidecar is missing expected OBJSTORE_CONFIG env var with correct value") { var containsArg bool @@ -1176,9 +1026,7 @@ func TestThanosObjectStorage(t *testing.T) { break } } - if !containsArg { - t.Fatalf("Thanos sidecar is missing expected argument: %s", expectedArg) - } + require.True(t, containsArg, "Thanos sidecar is missing expected argument: %s", expectedArg) } { var containsArg bool @@ -1189,9 +1037,7 @@ func TestThanosObjectStorage(t *testing.T) { break } } - if !containsArg { - t.Fatalf("Prometheus is missing expected argument: %s", expectedArg) - } + require.True(t, containsArg, "Prometheus is missing expected argument: %s", expectedArg) } { @@ -1202,9 +1048,7 @@ func TestThanosObjectStorage(t *testing.T) { break } } - if !found { - t.Fatalf("--tsdb.path argument should be given to the Thanos sidecar, got %q", strings.Join(sset.Spec.Template.Spec.Containers[3].Args, " ")) - } + require.True(t, found, "--tsdb.path argument should be given to the Thanos sidecar, got %q", strings.Join(sset.Spec.Template.Spec.Containers[2].Args, " ")) } { @@ -1215,9 +1059,7 @@ func TestThanosObjectStorage(t *testing.T) { break } } - if !found { - t.Fatal("Prometheus data volume should be mounted in the Thanos sidecar") - } + require.True(t, found, "Prometheus data volume should be mounted in the Thanos sidecar") } } @@ -1246,9 +1088,7 @@ func TestThanosObjectStorageFile(t *testing.T) { } } } - if !containsArg { - t.Fatalf("Thanos sidecar is missing expected argument: %s", expectedArg) - } + require.True(t, containsArg, "Thanos sidecar is missing expected argument: %s", expectedArg) } { @@ -1264,9 +1104,7 @@ func TestThanosObjectStorageFile(t *testing.T) { } } } - if !containsArg { - t.Fatalf("Prometheus is missing expected argument: %s", expectedArg) - } + require.True(t, containsArg, "Prometheus is missing expected argument: %s", expectedArg) } { @@ -1281,9 +1119,7 @@ func TestThanosObjectStorageFile(t *testing.T) { } } } - if !found { - t.Fatalf("--tsdb.path argument should be given to the Thanos sidecar, got %q", strings.Join(sset.Spec.Template.Spec.Containers[3].Args, " ")) - } + require.True(t, found, "--tsdb.path argument should be given to the Thanos sidecar, got %q", strings.Join(sset.Spec.Template.Spec.Containers[2].Args, " ")) } { @@ -1298,9 +1134,7 @@ func TestThanosObjectStorageFile(t *testing.T) { } } } - if !found { - t.Fatal("Prometheus data volume should be mounted in the Thanos sidecar") - } + require.True(t, found, "Prometheus data volume should be mounted in the Thanos sidecar") } } @@ -1325,9 +1159,7 @@ func TestThanosBlockDuration(t *testing.T) { found = true } } - if !found { - t.Fatal("Thanos BlockDuration arg change not found") - } + require.True(t, found, "Thanos BlockDuration arg change not found") } func TestThanosWithNamedPVC(t *testing.T) { @@ -1388,13 +1220,8 @@ func TestThanosTracing(t *testing.T) { }) require.NoError(t, err) - if sset.Spec.Template.Spec.Containers[0].Name != "prometheus" { - t.Fatalf("expected 1st containers to be prometheus, got %s", sset.Spec.Template.Spec.Containers[0].Name) - } - - if sset.Spec.Template.Spec.Containers[2].Name != "thanos-sidecar" { - t.Fatalf("expected 3rd containers to be thanos-sidecar, got %s", sset.Spec.Template.Spec.Containers[2].Name) - } + require.Equal(t, "prometheus", sset.Spec.Template.Spec.Containers[0].Name, "expected 1st containers to be prometheus, got %s", sset.Spec.Template.Spec.Containers[0].Name) + require.Equal(t, "thanos-sidecar", sset.Spec.Template.Spec.Containers[2].Name, "expected 3rd containers to be thanos-sidecar, got %s", sset.Spec.Template.Spec.Containers[2].Name) var containsEnvVar bool for _, env := range sset.Spec.Template.Spec.Containers[2].Env { @@ -1405,9 +1232,7 @@ func TestThanosTracing(t *testing.T) { } } } - if !containsEnvVar { - t.Fatalf("Thanos sidecar is missing expected TRACING_CONFIG env var with correct value") - } + require.True(t, containsEnvVar, "Thanos sidecar is missing expected TRACING_CONFIG env var with correct value") { var containsArg bool @@ -1418,9 +1243,7 @@ func TestThanosTracing(t *testing.T) { break } } - if !containsArg { - t.Fatalf("Thanos sidecar is missing expected argument: %s", expectedArg) - } + require.True(t, containsArg, "Thanos sidecar is missing expected argument: %s", expectedArg) } } @@ -1458,9 +1281,7 @@ func TestThanosSideCarVolumes(t *testing.T) { break } } - if !containsVolume { - t.Fatalf("Thanos sidecar volume is missing expected volume: %s", testVolume) - } + require.True(t, containsVolume, "Thanos sidecar volume is missing expected volume: %s", testVolume) var containsVolumeMount bool for _, container := range sset.Spec.Template.Spec.Containers { @@ -1474,9 +1295,7 @@ func TestThanosSideCarVolumes(t *testing.T) { } } - if !containsVolumeMount { - t.Fatal("expected thanos sidecar volume mounts to match") - } + require.True(t, containsVolumeMount, "expected thanos sidecar volume mounts to match") } func TestRetentionAndRetentionSize(t *testing.T) { @@ -1499,7 +1318,7 @@ func TestRetentionAndRetentionSize(t *testing.T) { {"v2.7.0", "1d", "512MB", "--storage.tsdb.retention.time=1d", "--storage.tsdb.retention.size=512MB", true, true}, } - for i, test := range tests { + for _, test := range tests { sset, err := makeStatefulSetFromPrometheus(monitoringv1.Prometheus{ Spec: monitoringv1.PrometheusSpec{ CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ @@ -1531,26 +1350,18 @@ func TestRetentionAndRetentionSize(t *testing.T) { } } - if foundRetention != test.shouldContainRetention || foundRetentionFlag != test.shouldContainRetention { - if test.shouldContainRetention { - t.Fatalf("test %d, expected Prometheus args to contain %v, but got %v", i, test.expectedRetentionArg, promArgs) - } else { - t.Fatalf("test %d, expected Prometheus args to NOT contain %v, but got %v", i, test.expectedRetentionArg, promArgs) - } + if test.shouldContainRetention { + require.True(t, (foundRetention && foundRetentionFlag)) } - if foundRetentionSize != test.shouldContainRetentionSize || foundRetentionSizeFlag != test.shouldContainRetentionSize { - if test.shouldContainRetentionSize { - t.Fatalf("test %d, expected Prometheus args to contain %v, but got %v", i, test.expectedRetentionSizeArg, promArgs) - } else { - t.Fatalf("test %d, expected Prometheus args to NOT contain %v, but got %v", i, test.expectedRetentionSizeArg, promArgs) - } + if test.shouldContainRetentionSize { + require.True(t, (foundRetentionSize && foundRetentionSizeFlag)) } } } func TestReplicasConfigurationWithSharding(t *testing.T) { - testConfig := &prompkg.Config{ + testConfig := prompkg.Config{ ReloaderConfig: defaultTestConfig.ReloaderConfig, PrometheusDefaultBaseImage: "quay.io/prometheus/prometheus", ThanosDefaultBaseImage: "quay.io/thanos/thanos:v0.7.0", @@ -1567,24 +1378,12 @@ func TestReplicasConfigurationWithSharding(t *testing.T) { }, } - cg, err := prompkg.NewConfigGenerator(logger, &p, false) + cg, err := prompkg.NewConfigGenerator(logger, &p) require.NoError(t, err) sset, err := makeStatefulSet( "test", &p, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.BaseImage, p.Spec.Tag, p.Spec.SHA, - p.Spec.Retention, - p.Spec.RetentionSize, - p.Spec.Rules, - p.Spec.Query, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.AllowOverlappingBlocks, - p.Spec.EnableAdminAPI, - p.Spec.QueryLogFile, - p.Spec.Thanos, - p.Spec.DisableCompaction, testConfig, cg, nil, @@ -1593,9 +1392,7 @@ func TestReplicasConfigurationWithSharding(t *testing.T) { &operator.ShardedSecret{}) require.NoError(t, err) - if *sset.Spec.Replicas != int32(2) { - t.Fatal("Unexpected replicas configuration.") - } + require.Equal(t, int32(2), *sset.Spec.Replicas, "Unexpected replicas configuration.") found := false for _, c := range sset.Spec.Template.Spec.Containers { @@ -1607,14 +1404,12 @@ func TestReplicasConfigurationWithSharding(t *testing.T) { } } } - if !found { - t.Fatal("Shard.") - } + require.True(t, found, "Shard.") } func TestSidecarResources(t *testing.T) { operator.TestSidecarsResources(t, func(reloaderConfig operator.ContainerConfig) *appsv1.StatefulSet { - testConfig := &prompkg.Config{ + testConfig := prompkg.Config{ ReloaderConfig: reloaderConfig, PrometheusDefaultBaseImage: defaultTestConfig.PrometheusDefaultBaseImage, ThanosDefaultBaseImage: defaultTestConfig.ThanosDefaultBaseImage, @@ -1624,24 +1419,12 @@ func TestSidecarResources(t *testing.T) { Spec: monitoringv1.PrometheusSpec{}, } - cg, err := prompkg.NewConfigGenerator(logger, &p, false) + cg, err := prompkg.NewConfigGenerator(logger, &p) require.NoError(t, err) sset, err := makeStatefulSet( "test", &p, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.BaseImage, p.Spec.Tag, p.Spec.SHA, - p.Spec.Retention, - p.Spec.RetentionSize, - p.Spec.Rules, - p.Spec.Query, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.AllowOverlappingBlocks, - p.Spec.EnableAdminAPI, - p.Spec.QueryLogFile, - p.Spec.Thanos, - p.Spec.DisableCompaction, testConfig, cg, nil, @@ -1672,9 +1455,7 @@ func TestAdditionalContainers(t *testing.T) { }) require.NoError(t, err) - if len(baseSet.Spec.Template.Spec.Containers)+1 != len(addSset.Spec.Template.Spec.Containers) { - t.Fatalf("container count mismatch") - } + require.Len(t, addSset.Spec.Template.Spec.Containers, len(baseSet.Spec.Template.Spec.Containers)+1, "container count mismatch") // Adding a new container with the same name results in a merge and just one container const existingContainerName = "prometheus" @@ -1693,15 +1474,11 @@ func TestAdditionalContainers(t *testing.T) { }) require.NoError(t, err) - if len(baseSet.Spec.Template.Spec.Containers) != len(modSset.Spec.Template.Spec.Containers) { - t.Fatalf("container count mismatch. container %s was added instead of merged", existingContainerName) - } + require.Equal(t, len(baseSet.Spec.Template.Spec.Containers), len(modSset.Spec.Template.Spec.Containers), "container count mismatch. container %s was added instead of merged", existingContainerName) // Check that adding a container with an existing name results in a single patched container. for _, c := range modSset.Spec.Template.Spec.Containers { - if c.Name == existingContainerName && c.Image != containerImage { - t.Fatalf("expected container %s to have the image %s but got %s", existingContainerName, containerImage, c.Image) - } + require.False(t, (c.Name == existingContainerName && c.Image != containerImage), "expected container %s to have the image %s but got %s", existingContainerName, containerImage, c.Image) } } @@ -1747,13 +1524,7 @@ func TestWALCompression(t *testing.T) { } } - if found != test.shouldContain { - if test.shouldContain { - t.Fatalf("expected Prometheus args to contain %v, but got %v", test.expectedArg, promArgs) - } else { - t.Fatalf("expected Prometheus args to NOT contain %v, but got %v", test.expectedArg, promArgs) - } - } + require.Equal(t, test.shouldContain, found) } } @@ -1790,13 +1561,74 @@ func TestTSDBAllowOverlappingBlocks(t *testing.T) { } } - if found != test.shouldContain { - if test.shouldContain { - t.Fatalf("expected Prometheus args to contain %v, but got %v", expectedArg, promArgs) - } else { - t.Fatalf("expected Prometheus args to NOT contain %v, but got %v", expectedArg, promArgs) + require.Equal(t, test.shouldContain, found) + } +} + +func TestTSDBAllowOverlappingCompaction(t *testing.T) { + expectedArg := "--storage.tsdb.allow-overlapping-compaction" + tests := []struct { + name string + version string + outOfOrderTimeWindow monitoringv1.Duration + objectStorageConfigFile *string + shouldContain bool + }{ + { + name: "Prometheus version less than or equal to v2.55.0", + version: "v2.54.0", + shouldContain: false, + }, + { + name: "outOfOrderTimeWindow equal to 0s", + version: "v2.55.0", + shouldContain: false, + }, + { + name: "Thanos is not object storage", + version: "v2.55.0", + outOfOrderTimeWindow: "1s", + objectStorageConfigFile: nil, + shouldContain: false, + }, + { + name: "Verify AllowOverlappingCompaction", + version: "v2.55.0", + outOfOrderTimeWindow: "1s", + objectStorageConfigFile: ptr.To("/etc/thanos.cfg"), + shouldContain: true, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + sset, err := makeStatefulSetFromPrometheus(monitoringv1.Prometheus{ + Spec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Version: test.version, + TSDB: &monitoringv1.TSDBSpec{ + OutOfOrderTimeWindow: ptr.To(test.outOfOrderTimeWindow), + }, + }, + Thanos: &monitoringv1.ThanosSpec{ + ListenLocal: true, + ObjectStorageConfigFile: test.objectStorageConfigFile, + }, + }, + }) + require.NoError(t, err) + + promArgs := sset.Spec.Template.Spec.Containers[0].Args + found := false + for _, flag := range promArgs { + if flag == expectedArg { + found = true + break + } } - } + + require.Equal(t, test.shouldContain, found) + }) } } @@ -1857,9 +1689,7 @@ func TestThanosListenLocal(t *testing.T) { } } - if !found { - t.Fatalf("Expecting argument %q but not found in %v", exp, sset.Spec.Template.Spec.Containers[2].Args) - } + require.True(t, found, "Expecting argument %q but not found in %v", exp, sset.Spec.Template.Spec.Containers[2].Args) } }) } @@ -1870,9 +1700,7 @@ func TestTerminationPolicy(t *testing.T) { require.NoError(t, err) for _, c := range sset.Spec.Template.Spec.Containers { - if c.TerminationMessagePolicy != v1.TerminationMessageFallbackToLogsOnError { - t.Fatalf("Unexpected TermintationMessagePolicy. Expected %v got %v", v1.TerminationMessageFallbackToLogsOnError, c.TerminationMessagePolicy) - } + require.Equal(t, v1.TerminationMessageFallbackToLogsOnError, c.TerminationMessagePolicy, "Unexpected TermintationMessagePolicy. Expected %v got %v", v1.TerminationMessageFallbackToLogsOnError, c.TerminationMessagePolicy) } } @@ -1893,9 +1721,7 @@ func TestEnableFeaturesWithOneFeature(t *testing.T) { } } - if !found { - t.Fatal("Prometheus enabled feature is not correctly set.") - } + require.True(t, found, "Prometheus enabled feature is not correctly set.") } func TestEnableFeaturesWithMultipleFeature(t *testing.T) { @@ -1915,9 +1741,7 @@ func TestEnableFeaturesWithMultipleFeature(t *testing.T) { } } - if !found { - t.Fatal("Prometheus enabled features are not correctly set.") - } + require.True(t, found, "Prometheus enabled features are not correctly set.") } func TestWebPageTitle(t *testing.T) { @@ -1940,9 +1764,7 @@ func TestWebPageTitle(t *testing.T) { } } - if !found { - t.Fatal("Prometheus web page title is not correctly set.") - } + require.True(t, found, "Prometheus web page title is not correctly set.") } func TestMaxConnections(t *testing.T) { @@ -1965,9 +1787,7 @@ func TestMaxConnections(t *testing.T) { } } - if !found { - t.Fatal("Prometheus web max connections is not correctly set.") - } + require.True(t, found, "Prometheus web max connections is not correctly set.") } func TestExpectedStatefulSetShardNames(t *testing.T) { @@ -1992,9 +1812,7 @@ func TestExpectedStatefulSetShardNames(t *testing.T) { } for i, name := range expected { - if res[i] != name { - t.Fatal("Unexpected StatefulSet shard name") - } + require.Equal(t, name, res[i], "Unexpected StatefulSet shard name") } } @@ -2005,9 +1823,7 @@ func TestExpectStatefulSetMinReadySeconds(t *testing.T) { require.NoError(t, err) // assert defaults to zero if nil - if sset.Spec.MinReadySeconds != 0 { - t.Fatalf("expected MinReadySeconds to be zero but got %d", sset.Spec.MinReadySeconds) - } + require.Equal(t, int32(0), sset.Spec.MinReadySeconds, "expected MinReadySeconds to be zero but got %d", sset.Spec.MinReadySeconds) var expect uint32 = 5 sset, err = makeStatefulSetFromPrometheus(monitoringv1.Prometheus{ @@ -2019,9 +1835,7 @@ func TestExpectStatefulSetMinReadySeconds(t *testing.T) { }) require.NoError(t, err) - if sset.Spec.MinReadySeconds != int32(expect) { - t.Fatalf("expected MinReadySeconds to be %d but got %d", expect, sset.Spec.MinReadySeconds) - } + require.Equal(t, int32(expect), sset.Spec.MinReadySeconds, "expected MinReadySeconds to be %d but got %d", expect, sset.Spec.MinReadySeconds) } func TestConfigReloader(t *testing.T) { @@ -2029,24 +1843,12 @@ func TestConfigReloader(t *testing.T) { logger := prompkg.NewLogger() p := monitoringv1.Prometheus{} - cg, err := prompkg.NewConfigGenerator(logger, &p, false) + cg, err := prompkg.NewConfigGenerator(logger, &p) require.NoError(t, err) sset, err := makeStatefulSet( "test", &p, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.BaseImage, p.Spec.Tag, p.Spec.SHA, - p.Spec.Retention, - p.Spec.RetentionSize, - p.Spec.Rules, - p.Spec.Query, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.AllowOverlappingBlocks, - p.Spec.EnableAdminAPI, - p.Spec.QueryLogFile, - p.Spec.Thanos, - p.Spec.DisableCompaction, defaultTestConfig, cg, nil, @@ -2064,13 +1866,9 @@ func TestConfigReloader(t *testing.T) { for _, c := range sset.Spec.Template.Spec.Containers { if c.Name == "config-reloader" { - if !reflect.DeepEqual(c.Args, expectedArgsConfigReloader) { - t.Fatalf("expectd container args are %s, but found %s", expectedArgsConfigReloader, c.Args) - } + require.Equal(t, expectedArgsConfigReloader, c.Args, "expectd container args are %s, but found %s", expectedArgsConfigReloader, c.Args) for _, env := range c.Env { - if env.Name == "SHARD" && !reflect.DeepEqual(env.Value, strconv.Itoa(expectedShardNum)) { - t.Fatalf("expectd shard value is %s, but found %s", strconv.Itoa(expectedShardNum), env.Value) - } + require.False(t, (env.Name == "SHARD" && !reflect.DeepEqual(env.Value, strconv.Itoa(expectedShardNum))), "expectd shard value is %s, but found %s", strconv.Itoa(expectedShardNum), env.Value) } } } @@ -2084,13 +1882,9 @@ func TestConfigReloader(t *testing.T) { for _, c := range sset.Spec.Template.Spec.Containers { if c.Name == "init-config-reloader" { - if !reflect.DeepEqual(c.Args, expectedArgsConfigReloader) { - t.Fatalf("expectd init container args are %s, but found %s", expectedArgsInitConfigReloader, c.Args) - } + require.Equal(t, expectedArgsInitConfigReloader, c.Args, "expectd init container args are %s, but found %s", expectedArgsInitConfigReloader, c.Args) for _, env := range c.Env { - if env.Name == "SHARD" && !reflect.DeepEqual(env.Value, strconv.Itoa(expectedShardNum)) { - t.Fatalf("expectd shard value is %s, but found %s", strconv.Itoa(expectedShardNum), env.Value) - } + require.False(t, (env.Name == "SHARD" && !reflect.DeepEqual(env.Value, strconv.Itoa(expectedShardNum))), "expectd shard value is %s, but found %s", strconv.Itoa(expectedShardNum), env.Value) } } } @@ -2107,24 +1901,12 @@ func TestConfigReloaderWithSignal(t *testing.T) { }, } - cg, err := prompkg.NewConfigGenerator(logger, &p, false) + cg, err := prompkg.NewConfigGenerator(logger, &p) require.NoError(t, err) sset, err := makeStatefulSet( "test", &p, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.BaseImage, p.Spec.Tag, p.Spec.SHA, - p.Spec.Retention, - p.Spec.RetentionSize, - p.Spec.Rules, - p.Spec.Query, - //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - p.Spec.AllowOverlappingBlocks, - p.Spec.EnableAdminAPI, - p.Spec.QueryLogFile, - p.Spec.Thanos, - p.Spec.DisableCompaction, defaultTestConfig, cg, nil, @@ -2196,9 +1978,7 @@ func TestThanosGetConfigInterval(t *testing.T) { } } - if !found { - t.Fatal("Sidecar get_config_interval is not set when it should.") - } + require.True(t, found, "Sidecar get_config_interval is not set when it should.") } func TestThanosGetConfigTimeout(t *testing.T) { @@ -2222,9 +2002,7 @@ func TestThanosGetConfigTimeout(t *testing.T) { } } - if !found { - t.Fatal("Sidecar get_config_timeout is not set when it should.") - } + require.True(t, found, "Sidecar get_config_timeout is not set when it should.") } func TestThanosReadyTimeout(t *testing.T) { @@ -2248,9 +2026,7 @@ func TestThanosReadyTimeout(t *testing.T) { } } - if !found { - t.Fatal("Sidecar ready timeout not set when it should.") - } + require.True(t, found, "Sidecar ready timeout not set when it should.") } func TestQueryLogFileVolumeMountPresent(t *testing.T) { @@ -2268,9 +2044,7 @@ func TestQueryLogFileVolumeMountPresent(t *testing.T) { } } - if !found { - t.Fatal("Volume for query log file not found.") - } + require.True(t, found, "Volume for query log file not found.") found = false for _, container := range sset.Spec.Template.Spec.Containers { @@ -2283,9 +2057,7 @@ func TestQueryLogFileVolumeMountPresent(t *testing.T) { } } - if !found { - t.Fatal("Query log file not mounted.") - } + require.True(t, found, "Query log file not mounted.") } func TestQueryLogFileVolumeMountNotPresent(t *testing.T) { @@ -2305,9 +2077,7 @@ func TestQueryLogFileVolumeMountNotPresent(t *testing.T) { } } - if found { - t.Fatal("Volume for query log file found, when it shouldn't be.") - } + require.False(t, found, "Volume for query log file found, when it shouldn't be.") found = false for _, container := range sset.Spec.Template.Spec.Containers { @@ -2320,28 +2090,30 @@ func TestQueryLogFileVolumeMountNotPresent(t *testing.T) { } } - if found { - t.Fatal("Query log file mounted, when it shouldn't be.") - } + require.False(t, found, "Query log file mounted, when it shouldn't be.") } -func TestEnableRemoteWriteReceiver(t *testing.T) { +func TestRemoteWriteReceiver(t *testing.T) { for _, tc := range []struct { - version string - enableRemoteWriteReceiver bool + version string + enableRemoteWriteReceiver bool + messageVersions []monitoringv1.RemoteWriteMessageVersion + expectedRemoteWriteReceiverFlag bool + expectedMessageVersions string }{ - // Test lower version where feature not available + // Remote write receiver not supported. { version: "2.32.0", enableRemoteWriteReceiver: true, }, - // Test correct version from which feature available + // Remote write receiver supported starting with v2.33.0. { version: "2.33.0", enableRemoteWriteReceiver: true, expectedRemoteWriteReceiverFlag: true, }, + // Remote write receiver supported but not enabled. { version: "2.33.0", enableRemoteWriteReceiver: false, @@ -2353,29 +2125,67 @@ func TestEnableRemoteWriteReceiver(t *testing.T) { enableRemoteWriteReceiver: true, expectedRemoteWriteReceiverFlag: true, }, + // RemoteWriteMessageVersions not supported. + { + version: "2.53.0", + enableRemoteWriteReceiver: true, + expectedRemoteWriteReceiverFlag: true, + messageVersions: []monitoringv1.RemoteWriteMessageVersion{ + monitoringv1.RemoteWriteMessageVersion2_0, + }, + }, + // RemoteWriteMessageVersions supported and set to one value. + { + version: "2.54.0", + enableRemoteWriteReceiver: true, + messageVersions: []monitoringv1.RemoteWriteMessageVersion{ + monitoringv1.RemoteWriteMessageVersion2_0, + }, + expectedRemoteWriteReceiverFlag: true, + expectedMessageVersions: "io.prometheus.write.v2.Request", + }, + // RemoteWriteMessageVersions supported and set to 2 values. + { + version: "2.54.0", + enableRemoteWriteReceiver: true, + messageVersions: []monitoringv1.RemoteWriteMessageVersion{ + monitoringv1.RemoteWriteMessageVersion1_0, + monitoringv1.RemoteWriteMessageVersion2_0, + }, + expectedRemoteWriteReceiverFlag: true, + expectedMessageVersions: "prometheus.WriteRequest,io.prometheus.write.v2.Request", + }, } { - t.Run(fmt.Sprintf("case %s", tc.version), func(t *testing.T) { - sset, err := makeStatefulSetFromPrometheus(monitoringv1.Prometheus{ + t.Run(tc.version, func(t *testing.T) { + p := monitoringv1.Prometheus{ Spec: monitoringv1.PrometheusSpec{ CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ - Version: tc.version, - EnableRemoteWriteReceiver: tc.enableRemoteWriteReceiver, + Version: tc.version, + EnableRemoteWriteReceiver: tc.enableRemoteWriteReceiver, + RemoteWriteReceiverMessageVersions: tc.messageVersions, }, }, - }) + } + sset, err := makeStatefulSetFromPrometheus(p) require.NoError(t, err) - found := false + var ( + enabled bool + messageVersions string + ) for _, flag := range sset.Spec.Template.Spec.Containers[0].Args { - if flag == "--web.enable-remote-write-receiver" { - found = true - break + flag = strings.TrimPrefix(flag, "--") + values := strings.Split(flag, "=") + switch values[0] { + case "web.enable-remote-write-receiver": + enabled = true + case "web.remote-write-receiver.accepted-protobuf-messages": + messageVersions = values[1] } } - if found != tc.expectedRemoteWriteReceiverFlag { - t.Fatalf("Expecting Prometheus remote write receiver to be %t, got %t", tc.expectedRemoteWriteReceiverFlag, found) - } + require.Equal(t, tc.expectedRemoteWriteReceiverFlag, enabled) + require.Equal(t, tc.expectedMessageVersions, messageVersions) }) } } @@ -2444,43 +2254,21 @@ func TestPodTemplateConfig(t *testing.T) { }) require.NoError(t, err) - if !reflect.DeepEqual(sset.Spec.Template.Spec.NodeSelector, nodeSelector) { - t.Fatalf("expected node selector to match, want %v, got %v", nodeSelector, sset.Spec.Template.Spec.NodeSelector) - } - if !reflect.DeepEqual(*sset.Spec.Template.Spec.Affinity, affinity) { - t.Fatalf("expected affinity to match, want %v, got %v", affinity, *sset.Spec.Template.Spec.Affinity) - } - if !reflect.DeepEqual(sset.Spec.Template.Spec.Tolerations, tolerations) { - t.Fatalf("expected tolerations to match, want %v, got %v", tolerations, sset.Spec.Template.Spec.Tolerations) - } - if !reflect.DeepEqual(*sset.Spec.Template.Spec.SecurityContext, securityContext) { - t.Fatalf("expected security context to match, want %v, got %v", securityContext, *sset.Spec.Template.Spec.SecurityContext) - } - if sset.Spec.Template.Spec.PriorityClassName != priorityClassName { - t.Fatalf("expected priority class name to match, want %s, got %s", priorityClassName, sset.Spec.Template.Spec.PriorityClassName) - } - if sset.Spec.Template.Spec.ServiceAccountName != serviceAccountName { - t.Fatalf("expected service account name to match, want %s, got %s", serviceAccountName, sset.Spec.Template.Spec.ServiceAccountName) - } - if len(sset.Spec.Template.Spec.HostAliases) != len(hostAliases) { - t.Fatalf("expected length of host aliases to match, want %d, got %d", len(hostAliases), len(sset.Spec.Template.Spec.HostAliases)) - } + require.Equal(t, nodeSelector, sset.Spec.Template.Spec.NodeSelector, "expected node selector to match, want %v, got %v", nodeSelector, sset.Spec.Template.Spec.NodeSelector) + require.Equal(t, affinity, *sset.Spec.Template.Spec.Affinity, "expected affinity to match, want %v, got %v", affinity, *sset.Spec.Template.Spec.Affinity) + require.Equal(t, tolerations, sset.Spec.Template.Spec.Tolerations, "expected tolerations to match, want %v, got %v", tolerations, sset.Spec.Template.Spec.Tolerations) + require.Equal(t, securityContext, *sset.Spec.Template.Spec.SecurityContext, "expected security context to match, want %v, got %v", securityContext, *sset.Spec.Template.Spec.SecurityContext) + require.Equal(t, priorityClassName, sset.Spec.Template.Spec.PriorityClassName, "expected priority class name to match, want %s, got %s", priorityClassName, sset.Spec.Template.Spec.PriorityClassName) + require.Equal(t, serviceAccountName, sset.Spec.Template.Spec.ServiceAccountName, "expected service account name to match, want %s, got %s", serviceAccountName, sset.Spec.Template.Spec.ServiceAccountName) + require.Len(t, sset.Spec.Template.Spec.HostAliases, len(hostAliases), "expected length of host aliases to match, want %d, got %d", len(hostAliases), len(sset.Spec.Template.Spec.HostAliases)) for _, initContainer := range sset.Spec.Template.Spec.InitContainers { - if !reflect.DeepEqual(initContainer.ImagePullPolicy, imagePullPolicy) { - t.Fatalf("expected imagePullPolicy to match, want %s, got %s", imagePullPolicy, sset.Spec.Template.Spec.Containers[0].ImagePullPolicy) - } + require.Equal(t, imagePullPolicy, initContainer.ImagePullPolicy, "expected imagePullPolicy to match, want %s, got %s", imagePullPolicy, initContainer.ImagePullPolicy) } for _, container := range sset.Spec.Template.Spec.Containers { - if !reflect.DeepEqual(container.ImagePullPolicy, imagePullPolicy) { - t.Fatalf("expected imagePullPolicy to match, want %s, got %s", imagePullPolicy, sset.Spec.Template.Spec.Containers[0].ImagePullPolicy) - } - } - if !reflect.DeepEqual(sset.Spec.Template.Spec.ImagePullSecrets, imagePullSecrets) { - t.Fatalf("expected image pull secrets to match, want %s, got %s", imagePullSecrets, sset.Spec.Template.Spec.ImagePullSecrets) - } - if sset.Spec.Template.Spec.HostNetwork != hostNetwork { - t.Fatalf("expected hostNetwork configuration to match but failed") + require.Equal(t, imagePullPolicy, container.ImagePullPolicy, "expected imagePullPolicy to match, want %s, got %s", imagePullPolicy, container.ImagePullPolicy) } + require.Equal(t, imagePullSecrets, sset.Spec.Template.Spec.ImagePullSecrets, "expected image pull secrets to match, want %s, got %s", imagePullSecrets, sset.Spec.Template.Spec.ImagePullSecrets) + require.Equal(t, hostNetwork, sset.Spec.Template.Spec.HostNetwork, "expected hostNetwork configuration to match but failed") } func TestPrometheusAdditionalArgsNoError(t *testing.T) { @@ -2526,9 +2314,7 @@ func TestPrometheusAdditionalArgsNoError(t *testing.T) { require.NoError(t, err) ssetContainerArgs := sset.Spec.Template.Spec.Containers[0].Args - if !reflect.DeepEqual(ssetContainerArgs, expectedPrometheusArgs) { - t.Fatalf("expected Prometheus container args to match, want %s, got %s", expectedPrometheusArgs, ssetContainerArgs) - } + require.Equal(t, expectedPrometheusArgs, ssetContainerArgs, "expected Prometheus container args to match, want %s, got %s", expectedPrometheusArgs, ssetContainerArgs) } func TestPrometheusAdditionalArgsDuplicate(t *testing.T) { @@ -2559,8 +2345,60 @@ func TestPrometheusAdditionalArgsDuplicate(t *testing.T) { }) require.Error(t, err) - if !strings.Contains(err.Error(), expectedErrorMsg) { - t.Fatalf("expected the following text to be present in the error msg: %s", expectedErrorMsg) + require.Contains(t, err.Error(), expectedErrorMsg, "expected the following text to be present in the error msg: %s", expectedErrorMsg) +} + +func TestRuntimeGOGCEnvVar(t *testing.T) { + for _, tc := range []struct { + scenario string + version string + gogc *int32 + expectedEnvVar bool + }{ + { + scenario: "Prometheus < 2.53.0", + version: "v2.51.2", + gogc: ptr.To(int32(50)), + expectedEnvVar: true, + }, + { + scenario: "Prometheus > 2.53.0", + version: "v2.54.0", + gogc: ptr.To(int32(50)), + expectedEnvVar: false, + }, + } { + t.Run(fmt.Sprintf("case %s", tc.scenario), func(t *testing.T) { + ss, err := makeStatefulSetFromPrometheus(monitoringv1.Prometheus{ + Spec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Version: tc.version, + }, + Runtime: &monitoringv1.RuntimeConfig{ + GoGC: tc.gogc, + }, + }, + }) + + var containsEnvVar bool + for _, env := range ss.Spec.Template.Spec.Containers[0].Env { + if env.Name == "GOGC" { + if env.Value == fmt.Sprintf("%d", *tc.gogc) { + containsEnvVar = true + break + } + } + } + + require.NoError(t, err) + if tc.expectedEnvVar { + require.True(t, containsEnvVar, "Prometheus is missing expected GOGC env var with correct value") + } + + if !tc.expectedEnvVar { + require.False(t, containsEnvVar, "Prometheus didn't expect GOGC env var for this version of Prometheus") + } + }) } } @@ -2591,9 +2429,7 @@ func TestPrometheusAdditionalBinaryArgsDuplicate(t *testing.T) { }) require.Error(t, err) - if !strings.Contains(err.Error(), expectedErrorMsg) { - t.Fatalf("expected the following text to be present in the error msg: %s", expectedErrorMsg) - } + require.Contains(t, err.Error(), expectedErrorMsg, "expected the following text to be present in the error msg: %s", expectedErrorMsg) } func TestPrometheusAdditionalNoPrefixArgsDuplicate(t *testing.T) { @@ -2626,9 +2462,7 @@ func TestPrometheusAdditionalNoPrefixArgsDuplicate(t *testing.T) { }) require.Error(t, err) - if !strings.Contains(err.Error(), expectedErrorMsg) { - t.Fatalf("expected the following text to be present in the error msg: %s", expectedErrorMsg) - } + require.Contains(t, err.Error(), expectedErrorMsg, "expected the following text to be present in the error msg: %s", expectedErrorMsg) } func TestThanosAdditionalArgsNoError(t *testing.T) { @@ -2638,7 +2472,7 @@ func TestThanosAdditionalArgsNoError(t *testing.T) { "--grpc-address=:10901", "--http-address=:10902", "--log.level=info", - `--prometheus.http-client={"tls_config": {"insecure_skip_verify":true}}`, + "--prometheus.http-client-file=/etc/thanos/config/prometheus.http-client-file.yaml", "--reloader.watch-interval=5m", } @@ -2669,9 +2503,7 @@ func TestThanosAdditionalArgsNoError(t *testing.T) { require.NoError(t, err) ssetContainerArgs := sset.Spec.Template.Spec.Containers[2].Args - if !reflect.DeepEqual(ssetContainerArgs, expectedThanosArgs) { - t.Fatalf("expected Thanos container args to match, want %s, got %s", expectedThanosArgs, ssetContainerArgs) - } + require.Equal(t, expectedThanosArgs, ssetContainerArgs, "expected Thanos container args to match, want %s, got %s", expectedThanosArgs, ssetContainerArgs) } func TestThanosAdditionalArgsDuplicate(t *testing.T) { @@ -2703,9 +2535,7 @@ func TestThanosAdditionalArgsDuplicate(t *testing.T) { }) require.Error(t, err) - if !strings.Contains(err.Error(), expectedErrorMsg) { - t.Fatalf("expected the following text to be present in the error msg: %s", expectedErrorMsg) - } + require.Contains(t, err.Error(), expectedErrorMsg, "expected the following text to be present in the error msg: %s", expectedErrorMsg) } func TestPrometheusQuerySpec(t *testing.T) { @@ -2819,15 +2649,11 @@ func TestPrometheusQuerySpec(t *testing.T) { } if expected == "" { - if containerArg != "" { - t.Fatalf("found %q while not expected", containerArg) - } + require.Equal(t, "", containerArg, "found %q while not expected", containerArg) continue } - if containerArg != expected { - t.Fatalf("expected %q to be found but got %q", expected, containerArg) - } + require.Equal(t, expected, containerArg, "expected %q to be found but got %q", expected, containerArg) } }) } @@ -2865,22 +2691,13 @@ func TestSecurityContextCapabilities(t *testing.T) { if tc.spec.Thanos != nil { exp++ } - if len(sset.Spec.Template.Spec.Containers) != exp { - t.Fatalf("Expecting %d containers, got %d", exp, len(sset.Spec.Template.Spec.Containers)) - } + require.Len(t, sset.Spec.Template.Spec.Containers, exp, "Expecting %d containers, got %d", exp, len(sset.Spec.Template.Spec.Containers)) for _, c := range sset.Spec.Template.Spec.Containers { - if len(c.SecurityContext.Capabilities.Add) != 0 { - t.Fatalf("Expecting 0 added capabilities, got %d", len(c.SecurityContext.Capabilities.Add)) - } - - if len(c.SecurityContext.Capabilities.Drop) != 1 { - t.Fatalf("Expecting 1 dropped capabilities, got %d", len(c.SecurityContext.Capabilities.Drop)) - } + require.Empty(t, c.SecurityContext.Capabilities.Add, "Expecting 0 added capabilities, got %d", len(c.SecurityContext.Capabilities.Add)) + require.Len(t, c.SecurityContext.Capabilities.Drop, 1, "Expecting 1 dropped capabilities, got %d", len(c.SecurityContext.Capabilities.Drop)) - if string(c.SecurityContext.Capabilities.Drop[0]) != "ALL" { - t.Fatalf("Expecting ALL dropped capability, got %s", c.SecurityContext.Capabilities.Drop[0]) - } + require.Equal(t, "ALL", string(c.SecurityContext.Capabilities.Drop[0]), "Expecting ALL dropped capability, got %s", c.SecurityContext.Capabilities.Drop[0]) } }) } @@ -2898,13 +2715,8 @@ func TestPodHostNetworkConfig(t *testing.T) { }) require.NoError(t, err) - if sset.Spec.Template.Spec.HostNetwork != hostNetwork { - t.Fatalf("expected hostNetwork configuration to match but failed") - } - - if sset.Spec.Template.Spec.DNSPolicy != v1.DNSClusterFirstWithHostNet { - t.Fatalf("expected DNSPolicy configuration to match due to hostNetwork but failed") - } + require.Equal(t, hostNetwork, sset.Spec.Template.Spec.HostNetwork, "expected hostNetwork configuration to match but failed") + require.Equal(t, v1.DNSClusterFirstWithHostNet, sset.Spec.Template.Spec.DNSPolicy, "expected DNSPolicy configuration to match due to hostNetwork but failed") } func TestPersistentVolumeClaimRetentionPolicy(t *testing.T) { @@ -2921,13 +2733,8 @@ func TestPersistentVolumeClaimRetentionPolicy(t *testing.T) { }) require.NoError(t, err) - if sset.Spec.PersistentVolumeClaimRetentionPolicy.WhenDeleted != appsv1.DeletePersistentVolumeClaimRetentionPolicyType { - t.Fatalf("expected persistentVolumeClaimDeletePolicy.WhenDeleted to be %s but got %s", appsv1.DeletePersistentVolumeClaimRetentionPolicyType, sset.Spec.PersistentVolumeClaimRetentionPolicy.WhenDeleted) - } - - if sset.Spec.PersistentVolumeClaimRetentionPolicy.WhenScaled != appsv1.DeletePersistentVolumeClaimRetentionPolicyType { - t.Fatalf("expected persistentVolumeClaimDeletePolicy.WhenScaled to be %s but got %s", appsv1.DeletePersistentVolumeClaimRetentionPolicyType, sset.Spec.PersistentVolumeClaimRetentionPolicy.WhenScaled) - } + require.Equal(t, appsv1.DeletePersistentVolumeClaimRetentionPolicyType, sset.Spec.PersistentVolumeClaimRetentionPolicy.WhenDeleted, "expected persistentVolumeClaimDeletePolicy.WhenDeleted to be %s but got %s", appsv1.DeletePersistentVolumeClaimRetentionPolicyType, sset.Spec.PersistentVolumeClaimRetentionPolicy.WhenDeleted) + require.Equal(t, appsv1.DeletePersistentVolumeClaimRetentionPolicyType, sset.Spec.PersistentVolumeClaimRetentionPolicy.WhenScaled, "expected persistentVolumeClaimDeletePolicy.WhenScaled to be %s but got %s", appsv1.DeletePersistentVolumeClaimRetentionPolicyType, sset.Spec.PersistentVolumeClaimRetentionPolicy.WhenScaled) } func TestPodTopologySpreadConstraintWithAdditionalLabels(t *testing.T) { @@ -3141,9 +2948,42 @@ func TestIfThanosVersionDontHaveHttpClientFlag(t *testing.T) { require.NoError(t, err) for _, c := range sset.Spec.Template.Spec.Containers { for _, arg := range c.Args { - if strings.Contains(arg, "http-client") { - t.Fatalf("Expecting http-client flag to not be present in Thanos sidecar") - } + require.NotContains(t, arg, "http-client", "Expecting http-client flag to not be present in Thanos sidecar") + } + } + }) + } +} + +func TestThanosWithPrometheusHTTPClientConfigFile(t *testing.T) { + version := "0.24.0" + + for _, tc := range []struct { + name string + spec monitoringv1.PrometheusSpec + }{ + { + name: "thanos sidecar with prometheus.http-client-file", + spec: monitoringv1.PrometheusSpec{ + Thanos: &monitoringv1.ThanosSpec{ + Version: &version, + }, + }, + }, + } { + t.Run(tc.name, func(t *testing.T) { + p := monitoringv1.Prometheus{Spec: tc.spec} + sset, err := makeStatefulSetFromPrometheus(p) + require.NoError(t, err) + for _, v := range sset.Spec.Template.Spec.Volumes { + if v.Name == thanosPrometheusHTTPClientConfigSecretNameSuffix { + require.Equal(t, v.VolumeSource.Secret.SecretName, thanosPrometheusHTTPClientConfigSecretName(&p)) + } + } + for _, c := range sset.Spec.Template.Spec.Containers { + if c.Name == "thanos-sidecar" { + require.NotEmpty(t, c.VolumeMounts) + require.Equal(t, thanosPrometheusHTTPClientConfigSecretNameSuffix, c.VolumeMounts[0].Name) } } }) @@ -3183,12 +3023,91 @@ func TestAutomountServiceAccountToken(t *testing.T) { }) require.NoError(t, err) - if sset.Spec.Template.Spec.AutomountServiceAccountToken == nil { - t.Fatalf("expected automountServiceAccountToken to be set") + require.NotNil(t, sset.Spec.Template.Spec.AutomountServiceAccountToken, "expected automountServiceAccountToken to be set") + + require.Equal(t, tc.expectedValue, *sset.Spec.Template.Spec.AutomountServiceAccountToken, "expected automountServiceAccountToken to be %v", tc.expectedValue) + }) + } +} + +func TestDNSPolicyAndDNSConfig(t *testing.T) { + tests := []struct { + name string + dnsPolicy v1.DNSPolicy + dnsConfig *v1.PodDNSConfig + expectedDNSPolicy v1.DNSPolicy + expectedDNSConfig *v1.PodDNSConfig + }{ + { + name: "Default DNSPolicy and DNSConfig", + dnsPolicy: v1.DNSClusterFirst, + dnsConfig: nil, + expectedDNSPolicy: v1.DNSClusterFirst, + expectedDNSConfig: nil, + }, + { + name: "Custom DNSPolicy", + dnsPolicy: v1.DNSDefault, + dnsConfig: nil, + expectedDNSPolicy: v1.DNSDefault, + expectedDNSConfig: nil, + }, + { + name: "Custom DNSConfig", + dnsPolicy: v1.DNSClusterFirst, + dnsConfig: &v1.PodDNSConfig{ + Nameservers: []string{"8.8.8.8", "8.8.4.4"}, + Searches: []string{"custom.svc.cluster.local"}, + }, + expectedDNSPolicy: v1.DNSClusterFirst, + expectedDNSConfig: &v1.PodDNSConfig{ + Nameservers: []string{"8.8.8.8", "8.8.4.4"}, + Searches: []string{"custom.svc.cluster.local"}, + }, + }, + { + name: "Custom DNS Policy with Search Domains", + dnsPolicy: v1.DNSDefault, + dnsConfig: &v1.PodDNSConfig{ + Searches: []string{"kitsos.com", "kitsos.org"}, + }, + expectedDNSPolicy: v1.DNSDefault, + expectedDNSConfig: &v1.PodDNSConfig{ + Searches: []string{"kitsos.com", "kitsos.org"}, + }, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + monitoringDNSPolicyPtr := ptr.To(monitoringv1.DNSPolicy(test.dnsPolicy)) + + var monitoringDNSConfig *monitoringv1.PodDNSConfig + if test.dnsConfig != nil { + monitoringDNSConfig = &monitoringv1.PodDNSConfig{ + Nameservers: test.dnsConfig.Nameservers, + Searches: test.dnsConfig.Searches, + } } - if *sset.Spec.Template.Spec.AutomountServiceAccountToken != tc.expectedValue { - t.Fatalf("expected automountServiceAccountToken to be %v", tc.expectedValue) + sset, err := makeStatefulSetFromPrometheus(monitoringv1.Prometheus{ + ObjectMeta: metav1.ObjectMeta{}, + Spec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + DNSPolicy: monitoringDNSPolicyPtr, + DNSConfig: monitoringDNSConfig, + }, + }, + }) + require.NoError(t, err) + + require.Equal(t, test.expectedDNSPolicy, sset.Spec.Template.Spec.DNSPolicy, "expected DNSPolicy to match, want %v, got %v", test.expectedDNSPolicy, sset.Spec.Template.Spec.DNSPolicy) + if test.expectedDNSConfig != nil { + require.NotNil(t, sset.Spec.Template.Spec.DNSConfig, "expected DNSConfig to be set") + require.Equal(t, test.expectedDNSConfig.Nameservers, sset.Spec.Template.Spec.DNSConfig.Nameservers, "expected DNSConfig Nameservers to match, want %v, got %v", test.expectedDNSConfig.Nameservers, sset.Spec.Template.Spec.DNSConfig.Nameservers) + require.Equal(t, test.expectedDNSConfig.Searches, sset.Spec.Template.Spec.DNSConfig.Searches, "expected DNSConfig Searches to match, want %v, got %v", test.expectedDNSConfig.Searches, sset.Spec.Template.Spec.DNSConfig.Searches) + } else { + require.Nil(t, sset.Spec.Template.Spec.DNSConfig, "expected DNSConfig to be nil") } }) } diff --git a/pkg/prometheus/server/thanos_sidecar_config.go b/pkg/prometheus/server/thanos_sidecar_config.go new file mode 100644 index 00000000000..59ec351b589 --- /dev/null +++ b/pkg/prometheus/server/thanos_sidecar_config.go @@ -0,0 +1,67 @@ +// Copyright 2020 The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package prometheus + +import ( + "fmt" + + "gopkg.in/yaml.v2" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + prompkg "github.com/prometheus-operator/prometheus-operator/pkg/prometheus" +) + +const ( + thanosConfigDir = "/etc/thanos/config" + thanosPrometheusHTTPClientConfigFileName = "prometheus.http-client-file.yaml" + thanosPrometheusHTTPClientConfigSecretNameSuffix = "thanos-prometheus-http-client-file" +) + +// buildPrometheusHTTPClientConfigSecret returns a kubernetes secret with the HTTP configuration for the Thanos sidecar +// to communicated with prometheus server. +// https://thanos.io/tip/components/sidecar.md/#prometheus-http-client +func buildPrometheusHTTPClientConfigSecret(p *monitoringv1.Prometheus) (*v1.Secret, error) { + dataYaml := yaml.MapSlice{} + dataYaml = append(dataYaml, yaml.MapItem{ + Key: "tls_config", + Value: yaml.MapSlice{ + { + Key: "insecure_skip_verify", + Value: true, + }, + }, + }) + + data, err := yaml.Marshal(dataYaml) + if err != nil { + return nil, err + } + + return &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: thanosPrometheusHTTPClientConfigSecretName(p), + Namespace: p.Namespace, + }, + Data: map[string][]byte{ + thanosPrometheusHTTPClientConfigFileName: data, + }, + }, nil +} + +func thanosPrometheusHTTPClientConfigSecretName(p monitoringv1.PrometheusInterface) string { + return fmt.Sprintf("%s-%s", prompkg.PrefixedName(p), thanosPrometheusHTTPClientConfigSecretNameSuffix) +} diff --git a/pkg/prometheus/store.go b/pkg/prometheus/store.go index 1f35c49ce35..82947d3fbc5 100644 --- a/pkg/prometheus/store.go +++ b/pkg/prometheus/store.go @@ -18,14 +18,14 @@ import ( "context" "fmt" + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" "github.com/prometheus-operator/prometheus-operator/pkg/assets" ) func AddRemoteWritesToStore(ctx context.Context, store *assets.StoreBuilder, namespace string, remotes []monv1.RemoteWriteSpec) error { - for i, remote := range remotes { - if err := ValidateRemoteWriteSpec(remote); err != nil { + if err := validateRemoteWriteSpec(remote); err != nil { return fmt.Errorf("remote write %d: %w", i, err) } @@ -79,6 +79,10 @@ func AddRemoteReadsToStore(ctx context.Context, store *assets.StoreBuilder, name return fmt.Errorf("remote read %d: %w", i, err) } + if err := remote.ProxyConfig.Validate(); err != nil { + return fmt.Errorf("remote read %d: %w", i, err) + } + if err := store.AddProxyConfig(ctx, namespace, remote.ProxyConfig); err != nil { return fmt.Errorf("remote read %d: %w", i, err) } @@ -86,6 +90,7 @@ func AddRemoteReadsToStore(ctx context.Context, store *assets.StoreBuilder, name return nil } + func AddAPIServerConfigToStore(ctx context.Context, store *assets.StoreBuilder, namespace string, config *monv1.APIServerConfig) error { if config == nil { return nil @@ -114,3 +119,11 @@ func AddScrapeClassesToStore(ctx context.Context, store *assets.StoreBuilder, na } return nil } + +func addProxyConfigToStore(ctx context.Context, pc monitoringv1.ProxyConfig, store *assets.StoreBuilder, namespace string) error { + if err := pc.Validate(); err != nil { + return err + } + + return store.AddProxyConfig(ctx, namespace, pc) +} diff --git a/pkg/prometheus/test_utils.go b/pkg/prometheus/test_utils.go index 425345dd089..27cf994158c 100644 --- a/pkg/prometheus/test_utils.go +++ b/pkg/prometheus/test_utils.go @@ -15,12 +15,13 @@ package prometheus import ( - "os" + "fmt" + "log/slog" - "github.com/go-kit/log" - "github.com/go-kit/log/level" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" + + logging "github.com/prometheus-operator/prometheus-operator/internal/log" ) func makeExpectedProbeHandler(probePath string) v1.ProbeHandler { @@ -60,6 +61,15 @@ func MakeExpectedReadinessProbe() *v1.Probe { } } -func NewLogger() log.Logger { - return level.NewFilter(log.NewLogfmtLogger(os.Stdout), level.AllowWarn()) +func NewLogger() *slog.Logger { + l, err := logging.NewLoggerSlog(logging.Config{ + Level: logging.LevelWarn, + Format: logging.FormatLogFmt, + }) + + if err != nil { + panic(fmt.Sprintf("failed to create logger: %v", err)) + } + + return l } diff --git a/pkg/prometheus/testdata/AlertmanagerConfigEndpointSlice.golden b/pkg/prometheus/testdata/AlertmanagerConfigEndpointSlice.golden new file mode 100644 index 00000000000..6bdb57e9952 --- /dev/null +++ b/pkg/prometheus/testdata/AlertmanagerConfigEndpointSlice.golden @@ -0,0 +1,28 @@ +global: + evaluation_interval: "" + scrape_interval: "" + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: [] +alerting: + alert_relabel_configs: + - action: labeldrop + regex: prometheus_replica + alertmanagers: + - path_prefix: / + scheme: http + kubernetes_sd_configs: + - role: endpointslice + namespaces: + names: + - default + relabel_configs: + - action: keep + source_labels: + - __meta_kubernetes_service_name + regex: foo + - action: keep + source_labels: + - __meta_kubernetes_endpointslice_port_name + regex: web diff --git a/pkg/prometheus/testdata/AlertmanagerConfigOtherNamespace.golden b/pkg/prometheus/testdata/AlertmanagerConfigOtherNamespace.golden index 90a36bf1aeb..6f0669abf8e 100644 --- a/pkg/prometheus/testdata/AlertmanagerConfigOtherNamespace.golden +++ b/pkg/prometheus/testdata/AlertmanagerConfigOtherNamespace.golden @@ -22,3 +22,7 @@ alerting: source_labels: - __meta_kubernetes_service_name regex: foo + - action: keep + source_labels: + - __meta_kubernetes_endpoint_port_name + regex: web diff --git a/pkg/prometheus/testdata/AlertmanagerConfigTLSconfig.golden b/pkg/prometheus/testdata/AlertmanagerConfigTLSconfig.golden index 0ddca6cbbcf..b1c66645e84 100644 --- a/pkg/prometheus/testdata/AlertmanagerConfigTLSconfig.golden +++ b/pkg/prometheus/testdata/AlertmanagerConfigTLSconfig.golden @@ -26,3 +26,7 @@ alerting: source_labels: - __meta_kubernetes_service_name regex: foo + - action: keep + source_labels: + - __meta_kubernetes_endpoint_port_name + regex: web diff --git a/pkg/prometheus/testdata/AlertmanagerConfigTLSconfigOtherNamespace.golden b/pkg/prometheus/testdata/AlertmanagerConfigTLSconfigOtherNamespace.golden index 220bf8e8482..2af00e18d42 100644 --- a/pkg/prometheus/testdata/AlertmanagerConfigTLSconfigOtherNamespace.golden +++ b/pkg/prometheus/testdata/AlertmanagerConfigTLSconfigOtherNamespace.golden @@ -26,3 +26,7 @@ alerting: source_labels: - __meta_kubernetes_service_name regex: foo + - action: keep + source_labels: + - __meta_kubernetes_endpoint_port_name + regex: web diff --git a/pkg/prometheus/testdata/AlertmanagerTLSConfig_Valid_Prom_TLSConfig.golden b/pkg/prometheus/testdata/AlertmanagerTLSConfig_Valid_Prom_TLSConfig.golden new file mode 100644 index 00000000000..220bf8e8482 --- /dev/null +++ b/pkg/prometheus/testdata/AlertmanagerTLSConfig_Valid_Prom_TLSConfig.golden @@ -0,0 +1,28 @@ +global: + evaluation_interval: "" + scrape_interval: "" + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: [] +alerting: + alert_relabel_configs: + - action: labeldrop + regex: prometheus_replica + alertmanagers: + - path_prefix: / + scheme: http + tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_private-key + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - other + relabel_configs: + - action: keep + source_labels: + - __meta_kubernetes_service_name + regex: foo diff --git a/pkg/prometheus/testdata/AlertmanagerTLSConfig_Valid_Prom_TLSConfig_MaxVersion.golden b/pkg/prometheus/testdata/AlertmanagerTLSConfig_Valid_Prom_TLSConfig_MaxVersion.golden new file mode 100644 index 00000000000..1194f2a5e45 --- /dev/null +++ b/pkg/prometheus/testdata/AlertmanagerTLSConfig_Valid_Prom_TLSConfig_MaxVersion.golden @@ -0,0 +1,29 @@ +global: + evaluation_interval: "" + scrape_interval: "" + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: [] +alerting: + alert_relabel_configs: + - action: labeldrop + regex: prometheus_replica + alertmanagers: + - path_prefix: / + scheme: http + tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_private-key + max_version: TLS12 + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - other + relabel_configs: + - action: keep + source_labels: + - __meta_kubernetes_service_name + regex: foo diff --git a/pkg/prometheus/testdata/AlertmanagerTLSConfig_Valid_Prom_TLSConfig_MaxVersion_MinVersion.golden b/pkg/prometheus/testdata/AlertmanagerTLSConfig_Valid_Prom_TLSConfig_MaxVersion_MinVersion.golden new file mode 100644 index 00000000000..769e7e78219 --- /dev/null +++ b/pkg/prometheus/testdata/AlertmanagerTLSConfig_Valid_Prom_TLSConfig_MaxVersion_MinVersion.golden @@ -0,0 +1,30 @@ +global: + evaluation_interval: "" + scrape_interval: "" + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: [] +alerting: + alert_relabel_configs: + - action: labeldrop + regex: prometheus_replica + alertmanagers: + - path_prefix: / + scheme: http + tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_private-key + min_version: TLS10 + max_version: TLS12 + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - other + relabel_configs: + - action: keep + source_labels: + - __meta_kubernetes_service_name + regex: foo diff --git a/pkg/prometheus/testdata/AlertmanagerTLSConfig_Valid_Prom_TLSConfig_MinVersion.golden b/pkg/prometheus/testdata/AlertmanagerTLSConfig_Valid_Prom_TLSConfig_MinVersion.golden new file mode 100644 index 00000000000..d76fc371112 --- /dev/null +++ b/pkg/prometheus/testdata/AlertmanagerTLSConfig_Valid_Prom_TLSConfig_MinVersion.golden @@ -0,0 +1,29 @@ +global: + evaluation_interval: "" + scrape_interval: "" + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: [] +alerting: + alert_relabel_configs: + - action: labeldrop + regex: prometheus_replica + alertmanagers: + - path_prefix: / + scheme: http + tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_private-key + min_version: TLS10 + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - other + relabel_configs: + - action: keep + source_labels: + - __meta_kubernetes_service_name + regex: foo diff --git a/pkg/prometheus/testdata/K8SSDConfigGenerationThree.golden b/pkg/prometheus/testdata/K8SSDConfigGenerationThree.golden new file mode 100644 index 00000000000..cc0797c81ce --- /dev/null +++ b/pkg/prometheus/testdata/K8SSDConfigGenerationThree.golden @@ -0,0 +1,5 @@ +kubernetes_sd_configs: +- role: endpointslice + namespaces: + names: + - test diff --git a/pkg/prometheus/testdata/NativeHistogramConfig.golden b/pkg/prometheus/testdata/NativeHistogramConfig.golden new file mode 100644 index 00000000000..8b7ea81f23e --- /dev/null +++ b/pkg/prometheus/testdata/NativeHistogramConfig.golden @@ -0,0 +1,71 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: serviceMonitor/default/testservicemonitor1/0 + honor_labels: false + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - default + scrape_interval: 30s + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name + - action: keep + source_labels: + - __meta_kubernetes_endpoint_port_name + regex: web + - source_labels: + - __meta_kubernetes_endpoint_address_target_kind + - __meta_kubernetes_endpoint_address_target_name + separator: ; + regex: Node;(.*) + replacement: ${1} + target_label: node + - source_labels: + - __meta_kubernetes_endpoint_address_target_kind + - __meta_kubernetes_endpoint_address_target_name + separator: ; + regex: Pod;(.*) + replacement: ${1} + target_label: pod + - source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - source_labels: + - __meta_kubernetes_service_name + target_label: service + - source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - action: drop + source_labels: + - __meta_kubernetes_pod_phase + regex: (Failed|Succeeded) + - source_labels: + - __meta_kubernetes_service_name + target_label: job + replacement: ${1} + - target_label: endpoint + replacement: web + - source_labels: + - __address__ + target_label: __tmp_hash + modulus: 1 + action: hashmod + - source_labels: + - __tmp_hash + regex: $(SHARD) + action: keep + native_histogram_bucket_limit: 10 + native_histogram_min_bucket_factor: 12.124 + scrape_classic_histograms: true diff --git a/pkg/prometheus/testdata/NativeHistogramConfigWithMissALL.golden b/pkg/prometheus/testdata/NativeHistogramConfigWithMissALL.golden new file mode 100644 index 00000000000..163ee25039a --- /dev/null +++ b/pkg/prometheus/testdata/NativeHistogramConfigWithMissALL.golden @@ -0,0 +1,68 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: serviceMonitor/default/testservicemonitor1/0 + honor_labels: false + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - default + scrape_interval: 30s + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name + - action: keep + source_labels: + - __meta_kubernetes_endpoint_port_name + regex: web + - source_labels: + - __meta_kubernetes_endpoint_address_target_kind + - __meta_kubernetes_endpoint_address_target_name + separator: ; + regex: Node;(.*) + replacement: ${1} + target_label: node + - source_labels: + - __meta_kubernetes_endpoint_address_target_kind + - __meta_kubernetes_endpoint_address_target_name + separator: ; + regex: Pod;(.*) + replacement: ${1} + target_label: pod + - source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - source_labels: + - __meta_kubernetes_service_name + target_label: service + - source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - action: drop + source_labels: + - __meta_kubernetes_pod_phase + regex: (Failed|Succeeded) + - source_labels: + - __meta_kubernetes_service_name + target_label: job + replacement: ${1} + - target_label: endpoint + replacement: web + - source_labels: + - __address__ + target_label: __tmp_hash + modulus: 1 + action: hashmod + - source_labels: + - __tmp_hash + regex: $(SHARD) + action: keep diff --git a/pkg/prometheus/testdata/NativeHistogramConfigWithMissNativeHistogramMinBucketFactor.golden b/pkg/prometheus/testdata/NativeHistogramConfigWithMissNativeHistogramMinBucketFactor.golden new file mode 100644 index 00000000000..180f4e16057 --- /dev/null +++ b/pkg/prometheus/testdata/NativeHistogramConfigWithMissNativeHistogramMinBucketFactor.golden @@ -0,0 +1,70 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: serviceMonitor/default/testservicemonitor1/0 + honor_labels: false + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - default + scrape_interval: 30s + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name + - action: keep + source_labels: + - __meta_kubernetes_endpoint_port_name + regex: web + - source_labels: + - __meta_kubernetes_endpoint_address_target_kind + - __meta_kubernetes_endpoint_address_target_name + separator: ; + regex: Node;(.*) + replacement: ${1} + target_label: node + - source_labels: + - __meta_kubernetes_endpoint_address_target_kind + - __meta_kubernetes_endpoint_address_target_name + separator: ; + regex: Pod;(.*) + replacement: ${1} + target_label: pod + - source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - source_labels: + - __meta_kubernetes_service_name + target_label: service + - source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - action: drop + source_labels: + - __meta_kubernetes_pod_phase + regex: (Failed|Succeeded) + - source_labels: + - __meta_kubernetes_service_name + target_label: job + replacement: ${1} + - target_label: endpoint + replacement: web + - source_labels: + - __address__ + target_label: __tmp_hash + modulus: 1 + action: hashmod + - source_labels: + - __tmp_hash + regex: $(SHARD) + action: keep + native_histogram_bucket_limit: 10 + scrape_classic_histograms: true diff --git a/pkg/prometheus/testdata/OTLPConfig_Config_empty_attributes.golden b/pkg/prometheus/testdata/OTLPConfig_Config_empty_attributes.golden new file mode 100644 index 00000000000..15f3b4533cc --- /dev/null +++ b/pkg/prometheus/testdata/OTLPConfig_Config_empty_attributes.golden @@ -0,0 +1,9 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: [] +otlp: + promote_resource_attributes: [] diff --git a/pkg/prometheus/testdata/OTLPConfig_Config_promote_resource_attributes.golden b/pkg/prometheus/testdata/OTLPConfig_Config_promote_resource_attributes.golden new file mode 100644 index 00000000000..b1267111efc --- /dev/null +++ b/pkg/prometheus/testdata/OTLPConfig_Config_promote_resource_attributes.golden @@ -0,0 +1,12 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: [] +otlp: + promote_resource_attributes: + - aa + - bb + - cc diff --git a/pkg/prometheus/testdata/PromAgentDaemonSetPodMonitorConfig.golden b/pkg/prometheus/testdata/PromAgentDaemonSetPodMonitorConfig.golden new file mode 100644 index 00000000000..c9e2d088c2d --- /dev/null +++ b/pkg/prometheus/testdata/PromAgentDaemonSetPodMonitorConfig.golden @@ -0,0 +1,47 @@ +global: + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: podMonitor/default/defaultPodMonitor/0 + honor_labels: false + kubernetes_sd_configs: + - role: pod + namespaces: + names: + - default + selectors: + - role: pod + field: spec.nodeName=$(NODE_NAME) + scrape_interval: 30s + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name + - action: drop + source_labels: + - __meta_kubernetes_pod_phase + regex: (Failed|Succeeded) + - action: keep + source_labels: + - __meta_kubernetes_pod_label_group + - __meta_kubernetes_pod_labelpresent_group + regex: (group1);true + - action: keep + source_labels: + - __meta_kubernetes_pod_container_port_name + regex: web + - source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - target_label: job + replacement: default/defaultPodMonitor + - target_label: endpoint + replacement: web diff --git a/pkg/prometheus/testdata/PrometheusAgent_TSDB_config_greater_than_or_equal_to_v2.54.0.golden b/pkg/prometheus/testdata/PrometheusAgent_TSDB_config_greater_than_or_equal_to_v2.54.0.golden new file mode 100644 index 00000000000..294e722257a --- /dev/null +++ b/pkg/prometheus/testdata/PrometheusAgent_TSDB_config_greater_than_or_equal_to_v2.54.0.golden @@ -0,0 +1,9 @@ +global: + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: [] +storage: + tsdb: + out_of_order_time_window: 10m diff --git a/pkg/prometheus/testdata/PrometheusAgent_TSDB_config_less_than_v2.53.0.golden b/pkg/prometheus/testdata/PrometheusAgent_TSDB_config_less_than_v2.53.0.golden new file mode 100644 index 00000000000..8d09a4dc239 --- /dev/null +++ b/pkg/prometheus/testdata/PrometheusAgent_TSDB_config_less_than_v2.53.0.golden @@ -0,0 +1,6 @@ +global: + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: [] diff --git a/pkg/prometheus/testdata/PrometheusAgent_no_TSDB_config.golden b/pkg/prometheus/testdata/PrometheusAgent_no_TSDB_config.golden new file mode 100644 index 00000000000..8d09a4dc239 --- /dev/null +++ b/pkg/prometheus/testdata/PrometheusAgent_no_TSDB_config.golden @@ -0,0 +1,6 @@ +global: + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: [] diff --git a/pkg/prometheus/testdata/RemoteReadConfig_v2.25.0.golden b/pkg/prometheus/testdata/RemoteReadConfig_v2.25.0.golden index 4e2ac4aeed9..b3a8af5d0ab 100644 --- a/pkg/prometheus/testdata/RemoteReadConfig_v2.25.0.golden +++ b/pkg/prometheus/testdata/RemoteReadConfig_v2.25.0.golden @@ -7,4 +7,3 @@ global: scrape_configs: [] remote_read: - url: http://example.com - remote_timeout: 30s diff --git a/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0.golden b/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0.golden index 4e2ac4aeed9..b3a8af5d0ab 100644 --- a/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0.golden +++ b/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0.golden @@ -7,4 +7,3 @@ global: scrape_configs: [] remote_read: - url: http://example.com - remote_timeout: 30s diff --git a/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0_AuthorizationSafe.golden b/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0_AuthorizationSafe.golden index a51b16a63da..4943f110d8e 100644 --- a/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0_AuthorizationSafe.golden +++ b/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0_AuthorizationSafe.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_read: - url: http://example.com - remote_timeout: 30s authorization: type: Bearer credentials: secret diff --git a/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0_FilterExternalLabels.golden b/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0_FilterExternalLabels.golden index 4e2ac4aeed9..b3a8af5d0ab 100644 --- a/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0_FilterExternalLabels.golden +++ b/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0_FilterExternalLabels.golden @@ -7,4 +7,3 @@ global: scrape_configs: [] remote_read: - url: http://example.com - remote_timeout: 30s diff --git a/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0_NotFollowRedirects.golden b/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0_NotFollowRedirects.golden index 0eed3aac6dc..e25f39da3c8 100644 --- a/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0_NotFollowRedirects.golden +++ b/pkg/prometheus/testdata/RemoteReadConfig_v2.26.0_NotFollowRedirects.golden @@ -7,5 +7,4 @@ global: scrape_configs: [] remote_read: - url: http://example.com - remote_timeout: 30s follow_redirects: false diff --git a/pkg/prometheus/testdata/RemoteReadConfig_v2.27.1.golden b/pkg/prometheus/testdata/RemoteReadConfig_v2.27.1.golden index 522404fc1fc..61906fd4c10 100644 --- a/pkg/prometheus/testdata/RemoteReadConfig_v2.27.1.golden +++ b/pkg/prometheus/testdata/RemoteReadConfig_v2.27.1.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_read: - url: http://example.com - remote_timeout: 30s oauth2: client_id: client-id client_secret: client-secret diff --git a/pkg/prometheus/testdata/RemoteReadConfig_v2.34.0.golden b/pkg/prometheus/testdata/RemoteReadConfig_v2.34.0.golden index 4e2ac4aeed9..b3a8af5d0ab 100644 --- a/pkg/prometheus/testdata/RemoteReadConfig_v2.34.0.golden +++ b/pkg/prometheus/testdata/RemoteReadConfig_v2.34.0.golden @@ -7,4 +7,3 @@ global: scrape_configs: [] remote_read: - url: http://example.com - remote_timeout: 30s diff --git a/pkg/prometheus/testdata/RemoteReadConfig_v2.34.0_FilterExternalLabels.golden b/pkg/prometheus/testdata/RemoteReadConfig_v2.34.0_FilterExternalLabels.golden index dffdf55a3e2..3797e259cff 100644 --- a/pkg/prometheus/testdata/RemoteReadConfig_v2.34.0_FilterExternalLabels.golden +++ b/pkg/prometheus/testdata/RemoteReadConfig_v2.34.0_FilterExternalLabels.golden @@ -7,5 +7,4 @@ global: scrape_configs: [] remote_read: - url: http://example.com - remote_timeout: 30s filter_external_labels: true diff --git a/pkg/prometheus/testdata/RemoteReadConfig_v2.34.0_NotFilterExternalLabels.golden b/pkg/prometheus/testdata/RemoteReadConfig_v2.34.0_NotFilterExternalLabels.golden index 5d6a38fc8c3..92df1d0d01e 100644 --- a/pkg/prometheus/testdata/RemoteReadConfig_v2.34.0_NotFilterExternalLabels.golden +++ b/pkg/prometheus/testdata/RemoteReadConfig_v2.34.0_NotFilterExternalLabels.golden @@ -7,5 +7,4 @@ global: scrape_configs: [] remote_read: - url: http://example.com - remote_timeout: 30s filter_external_labels: false diff --git a/pkg/prometheus/testdata/RemoteReadConfig_v2.43.0_ProxyConfig.golden b/pkg/prometheus/testdata/RemoteReadConfig_v2.43.0_ProxyConfig.golden index 9567a5b6560..364e0885713 100644 --- a/pkg/prometheus/testdata/RemoteReadConfig_v2.43.0_ProxyConfig.golden +++ b/pkg/prometheus/testdata/RemoteReadConfig_v2.43.0_ProxyConfig.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_read: - url: http://example.com - remote_timeout: 30s proxy_url: http://no-proxy.com no_proxy: 0.0.0.0 proxy_from_environment: false diff --git a/pkg/prometheus/testdata/RemoteWriteConfigAzureADOAuth_v2.47.0_1.golden b/pkg/prometheus/testdata/RemoteWriteConfigAzureADOAuth_v2.47.0_1.golden index 53cf1025182..c70c2368c4c 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfigAzureADOAuth_v2.47.0_1.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfigAzureADOAuth_v2.47.0_1.golden @@ -7,6 +7,5 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s azuread: cloud: AzureGovernment diff --git a/pkg/prometheus/testdata/RemoteWriteConfigAzureADOAuth_v2.48.0_1.golden b/pkg/prometheus/testdata/RemoteWriteConfigAzureADOAuth_v2.48.0_1.golden index c24c74705b0..40c022368d3 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfigAzureADOAuth_v2.48.0_1.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfigAzureADOAuth_v2.48.0_1.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s azuread: oauth: client_id: 00000000-0000-0000-0000-000000000000 diff --git a/pkg/prometheus/testdata/RemoteWriteConfigAzureADSDK_v2.51.0.golden b/pkg/prometheus/testdata/RemoteWriteConfigAzureADSDK_v2.51.0.golden index 53cf1025182..c70c2368c4c 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfigAzureADSDK_v2.51.0.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfigAzureADSDK_v2.51.0.golden @@ -7,6 +7,5 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s azuread: cloud: AzureGovernment diff --git a/pkg/prometheus/testdata/RemoteWriteConfigAzureADSDK_v2.52.0.golden b/pkg/prometheus/testdata/RemoteWriteConfigAzureADSDK_v2.52.0.golden index ef3e6afa396..21c48f17df2 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfigAzureADSDK_v2.52.0.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfigAzureADSDK_v2.52.0.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s azuread: sdk: tenant_id: 00000000-a12b-3cd4-e56f-000000000000 diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_3.golden b/pkg/prometheus/testdata/RemoteWriteConfig_3.golden index 87576323be6..3f674a0cee4 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_3.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_3.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s sigv4: region: us-central-0 access_key: access-key diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.10.0_1.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.10.0_1.golden index b33b219105f..23640b963b3 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.10.0_1.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.10.0_1.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s queue_config: capacity: 1000 min_shards: 1 diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.22.0_1.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.22.0_1.golden index 9d9af231daa..2e7d30b4dbc 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.22.0_1.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.22.0_1.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s queue_config: capacity: 1000 min_shards: 1 diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.23.0_1.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.23.0_1.golden index cfe0a1f34d4..6b73d0ba8b7 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.23.0_1.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.23.0_1.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s queue_config: capacity: 1000 min_shards: 1 diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.23.0_2.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.23.0_2.golden index cfe0a1f34d4..6b73d0ba8b7 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.23.0_2.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.23.0_2.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s queue_config: capacity: 1000 min_shards: 1 diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.26.0_2.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.26.0_2.golden index 30ff9e83261..735ff282a21 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.26.0_2.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.26.0_2.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s authorization: type: Bearer credentials: secret diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.27.1_1.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.27.1_1.golden index d22d222fe48..a234be3ad73 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.27.1_1.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.27.1_1.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s oauth2: client_id: client-id client_secret: client-secret diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.30.0_2.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.30.0_2.golden index 05cf1cb78e5..bad63a95f49 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.30.0_2.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.30.0_2.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s queue_config: capacity: 1000 min_shards: 1 diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.39.0_1.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.39.0_1.golden index fce352c93c4..05ccd25cb7c 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.39.0_1.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.39.0_1.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s enable_http2: false queue_config: capacity: 1000 diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.43.0_2.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.43.0_2.golden index 1dde1442f67..5248b3efcb2 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.43.0_2.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.43.0_2.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s send_native_histograms: true queue_config: capacity: 1000 diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.43.0_ProxyConfig.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.43.0_ProxyConfig.golden index ec73c528e17..da343681bb3 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.43.0_ProxyConfig.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.43.0_ProxyConfig.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s proxy_url: http://no-proxy.com no_proxy: 0.0.0.0 proxy_from_environment: false diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.43.0_ProxyConfigWithMutiValues.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.43.0_ProxyConfigWithMutiValues.golden index 9cba42095fb..75598924049 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.43.0_ProxyConfigWithMutiValues.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.43.0_ProxyConfigWithMutiValues.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s proxy_url: http://no-proxy.com no_proxy: 0.0.0.0 proxy_from_environment: false diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.45.0_1.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.45.0_1.golden index 166368c3eca..2e639158c33 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.45.0_1.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.45.0_1.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s azuread: managed_identity: client_id: client-id diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.49.0.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.49.0.golden index e14b87e8e1c..ffe7bad1386 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.49.0.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.49.0.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s send_native_histograms: true enable_http2: false queue_config: diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.50.0.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.50.0.golden index f4ff6b990ec..78979b7780c 100644 --- a/pkg/prometheus/testdata/RemoteWriteConfig_v2.50.0.golden +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.50.0.golden @@ -7,7 +7,6 @@ global: scrape_configs: [] remote_write: - url: http://example.com - remote_timeout: 30s send_native_histograms: true enable_http2: false queue_config: diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.53.0_MessageVersion2.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.53.0_MessageVersion2.golden new file mode 100644 index 00000000000..b9841ea0029 --- /dev/null +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.53.0_MessageVersion2.golden @@ -0,0 +1,9 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: [] +remote_write: +- url: http://example.com diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.54.0_MessageVersion2.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.54.0_MessageVersion2.golden new file mode 100644 index 00000000000..d341b453b2e --- /dev/null +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.54.0_MessageVersion2.golden @@ -0,0 +1,10 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: [] +remote_write: +- url: http://example.com + protobuf_message: io.prometheus.write.v2.Request diff --git a/pkg/prometheus/testdata/RuntimeConfig_GoGC25.golden b/pkg/prometheus/testdata/RuntimeConfig_GoGC25.golden new file mode 100644 index 00000000000..468d10e7763 --- /dev/null +++ b/pkg/prometheus/testdata/RuntimeConfig_GoGC25.golden @@ -0,0 +1,9 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +runtime: + gogc: 25 +scrape_configs: [] diff --git a/pkg/prometheus/testdata/RuntimeConfig_GoGC_Not_Set.golden b/pkg/prometheus/testdata/RuntimeConfig_GoGC_Not_Set.golden new file mode 100644 index 00000000000..3e7a5bdbe7f --- /dev/null +++ b/pkg/prometheus/testdata/RuntimeConfig_GoGC_Not_Set.golden @@ -0,0 +1,7 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: [] diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_Authorization.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_Authorization.golden index 8265829af02..0aac12a625d 100644 --- a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_Authorization.golden +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_Authorization.golden @@ -10,10 +10,10 @@ scrape_configs: type: Bearer credentials: scrape-secret http_sd_configs: - - url: http://localhost:9100/sd.json - authorization: + - authorization: type: Bearer credentials: http-sd-secret + url: http://localhost:9100/sd.json relabel_configs: - source_labels: - job diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_BasicAuth.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_BasicAuth.golden index be9d97e9908..459b0d24fe6 100644 --- a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_BasicAuth.golden +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_BasicAuth.golden @@ -10,10 +10,10 @@ scrape_configs: username: scrape-bob password: scrape-alice http_sd_configs: - - url: http://localhost:9100/sd.json - basic_auth: + - basic_auth: username: http-sd-bob password: http-sd-alice + url: http://localhost:9100/sd.json relabel_configs: - source_labels: - job diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DNSSD_MXRecord.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DNSSD_MXRecord.golden new file mode 100644 index 00000000000..503b7125827 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DNSSD_MXRecord.golden @@ -0,0 +1,17 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + dns_sd_configs: + - names: + - node.demo.do.prometheus.io + type: MX + port: 9100 + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSDConfig.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSDConfig.golden index c53cef6896c..27283533307 100644 --- a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSDConfig.golden +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSDConfig.golden @@ -16,14 +16,11 @@ scrape_configs: proxy_connect_header: header: - value - host: hostAddress - tls_config: - ca_file: /etc/prometheus/certs/0_default_tls_ca - cert_file: /etc/prometheus/certs/0_default_tls_cert - key_file: /etc/prometheus/certs/0_default_tls_private-key - port: 9100 - host_networking_host: localhost filters: + - name: a_dummy_label_1 + values: + - dummy_value_2 + - dummy_value_3 - name: dummy_label_1 values: - dummy_value_1 @@ -31,6 +28,13 @@ scrape_configs: values: - dummy_value_2 - dummy_value_3 + host: hostAddress + tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_private-key + port: 9100 + host_networking_host: localhost refresh_interval: 30s follow_redirects: true enable_http2: true diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_BasicAuth.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_BasicAuth.golden index 0e3b16f8e7e..82b0fdd95f8 100644 --- a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_BasicAuth.golden +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_BasicAuth.golden @@ -10,11 +10,6 @@ scrape_configs: - basic_auth: username: "" password: "" - host: hostAddress - tls_config: - ca_file: /etc/prometheus/certs/0_default_tls_ca - cert_file: /etc/prometheus/certs/0_default_tls_cert - key_file: /etc/prometheus/certs/0_default_tls_private-key filters: - name: dummy_label_1 values: @@ -23,6 +18,11 @@ scrape_configs: values: - dummy_value_2 - dummy_value_3 + host: hostAddress + tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_private-key relabel_configs: - source_labels: - job diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_MatchFirstNetwork.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_MatchFirstNetwork.golden new file mode 100644 index 00000000000..19eef2da919 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_MatchFirstNetwork.golden @@ -0,0 +1,30 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + docker_sd_configs: + - basic_auth: + username: "" + password: "" + filters: + - name: dummy_label_1 + values: + - dummy_value_1 + - name: dummy_label_2 + values: + - dummy_value_2 + - dummy_value_3 + host: hostAddress + tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_private-key + match_first_network: true + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_MatchFirstNetwork_OldVersion.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_MatchFirstNetwork_OldVersion.golden new file mode 100644 index 00000000000..82b0fdd95f8 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_MatchFirstNetwork_OldVersion.golden @@ -0,0 +1,29 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + docker_sd_configs: + - basic_auth: + username: "" + password: "" + filters: + - name: dummy_label_1 + values: + - dummy_value_1 + - name: dummy_label_2 + values: + - dummy_value_2 + - dummy_value_3 + host: hostAddress + tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_private-key + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_OAuth.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_OAuth.golden index cef12f9af42..6028d83eb5a 100644 --- a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_OAuth.golden +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerSD_with_OAuth.golden @@ -17,11 +17,6 @@ scrape_configs: endpoint_params: param1: value1 param2: value2 - host: hostAddress - tls_config: - ca_file: /etc/prometheus/certs/0_default_tls_ca - cert_file: /etc/prometheus/certs/0_default_tls_cert - key_file: /etc/prometheus/certs/0_default_tls_private-key filters: - name: dummy_label_1 values: @@ -30,6 +25,11 @@ scrape_configs: values: - dummy_value_2 - dummy_value_3 + host: hostAddress + tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_private-key relabel_configs: - source_labels: - job diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerswarmSD.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerswarmSD.golden index 303b777563a..903fd3972cf 100644 --- a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerswarmSD.golden +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_DockerswarmSD.golden @@ -16,12 +16,12 @@ scrape_configs: proxy_connect_header: header: - value - host: https://www.example.com - role: nodes filters: - name: foo values: - bar + host: https://www.example.com + role: nodes refresh_interval: 30s follow_redirects: true enable_http2: true diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SDConfigFilters_Unsupported_Version.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SDConfigFilters_Unsupported_Version.golden new file mode 100644 index 00000000000..44305e470bf --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SDConfigFilters_Unsupported_Version.golden @@ -0,0 +1,17 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + ec2_sd_configs: + - region: us-east-1 + role_arn: arn:aws:iam::123456789:role/prometheus-role + refresh_interval: 30s + port: 9100 + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_withBasicAuth.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_withBasicAuth.golden new file mode 100644 index 00000000000..c10258eead4 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_withBasicAuth.golden @@ -0,0 +1,23 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + ec2_sd_configs: + - proxy_url: http://no-proxy.com + no_proxy: 0.0.0.0 + proxy_from_environment: true + proxy_connect_header: + header: + - "" + region: us-east-1 + refresh_interval: 30s + follow_redirects: true + enable_http2: true + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_withProxyConfig.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_withProxyConfig.golden new file mode 100644 index 00000000000..c10258eead4 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_withProxyConfig.golden @@ -0,0 +1,23 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + ec2_sd_configs: + - proxy_url: http://no-proxy.com + no_proxy: 0.0.0.0 + proxy_from_environment: true + proxy_connect_header: + header: + - "" + region: us-east-1 + refresh_interval: 30s + follow_redirects: true + enable_http2: true + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_with_OAuth.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_with_OAuth.golden new file mode 100644 index 00000000000..d40683b94d6 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_with_OAuth.golden @@ -0,0 +1,14 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + ec2_sd_configs: + - region: us-east-1 + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_with_TLSConfig.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_with_TLSConfig.golden new file mode 100644 index 00000000000..e4dad6ad161 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_with_TLSConfig.golden @@ -0,0 +1,20 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + ec2_sd_configs: + - region: us-east-1 + follow_redirects: true + enable_http2: true + tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_private-key + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_with_TLSConfig_Unsupported_Version.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_with_TLSConfig_Unsupported_Version.golden new file mode 100644 index 00000000000..d40683b94d6 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_EC2SD_with_TLSConfig_Unsupported_Version.golden @@ -0,0 +1,14 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + ec2_sd_configs: + - region: us-east-1 + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD.golden index 01e3c8db340..b9151ed773e 100644 --- a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD.golden +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD.golden @@ -7,14 +7,14 @@ global: scrape_configs: - job_name: scrapeConfig/default/testscrapeconfig1 http_sd_configs: - - url: http://localhost:9100/sd.json - refresh_interval: 5m - proxy_url: http://no-proxy.com + - proxy_url: http://no-proxy.com no_proxy: 0.0.0.0 proxy_from_environment: false proxy_connect_header: header: - value + url: http://localhost:9100/sd.json + refresh_interval: 5m relabel_configs: - source_labels: - job diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_Authorization.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_Authorization.golden new file mode 100644 index 00000000000..362e88806d6 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_Authorization.golden @@ -0,0 +1,17 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + http_sd_configs: + - authorization: + type: Bearer + credentials: value + url: http://localhost:9100/sd.json + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_BasicAuth.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_BasicAuth.golden new file mode 100644 index 00000000000..736251acbbf --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_BasicAuth.golden @@ -0,0 +1,17 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + http_sd_configs: + - basic_auth: + username: kube-admin + password: password + url: http://localhost:9100/sd.json + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_OAuth.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_OAuth.golden new file mode 100644 index 00000000000..d91fd6157ca --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_OAuth.golden @@ -0,0 +1,24 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + http_sd_configs: + - oauth2: + client_id: client-id + client_secret: client-secret + token_url: http://test.url + scopes: + - scope 1 + - scope 2 + endpoint_params: + param1: value1 + param2: value2 + url: http://localhost:9100/sd.json + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_ProxyConfig.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_ProxyConfig.golden new file mode 100644 index 00000000000..0b4eaadf0a3 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_ProxyConfig.golden @@ -0,0 +1,22 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + http_sd_configs: + - proxy_url: http://no-proxy.com + no_proxy: 0.0.0.0 + proxy_from_environment: false + proxy_connect_header: + header: + - "" + url: http://localhost:9100/sd.json + follow_redirects: true + enable_http2: true + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_TLSConfig.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_TLSConfig.golden new file mode 100644 index 00000000000..73c52300535 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_HTTPSD_with_TLSConfig.golden @@ -0,0 +1,18 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + http_sd_configs: + - tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_private-key + url: http://localhost:9100/sd.json + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_IonosSD.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_IonosSD.golden new file mode 100644 index 00000000000..1d09b579f3d --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_IonosSD.golden @@ -0,0 +1,27 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + ionos_sd_configs: + - authorization: + type: Bearer + credentials: value + proxy_url: http://no-proxy.com + no_proxy: 0.0.0.0 + proxy_from_environment: true + proxy_connect_header: + header: + - value + datacenter_id: 11111111-1111-1111-1111-111111111111 + follow_redirects: true + enable_http2: true + port: 9100 + refresh_interval: 30s + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_IonosSD_withTLSConfig.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_IonosSD_withTLSConfig.golden new file mode 100644 index 00000000000..ce9b8dae3c3 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_IonosSD_withTLSConfig.golden @@ -0,0 +1,21 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + ionos_sd_configs: + - authorization: + type: Bearer + credentials: value + tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_private-key + datacenter_id: 11111111-1111-1111-1111-111111111111 + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_K8SSD_with_Selectors.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_K8SSD_with_Selectors.golden index f6711072de2..e31e8840ee2 100644 --- a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_K8SSD_with_Selectors.golden +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_K8SSD_with_Selectors.golden @@ -9,9 +9,8 @@ scrape_configs: kubernetes_sd_configs: - role: node selectors: - - role: node - label: type=infra - field: spec.unschedulable=false + - role: pod + label: component=executor relabel_configs: - source_labels: - job diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_K8SSD_with_Selectors_Unsupported_Version.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_K8SSD_with_Selectors_Unsupported_Version.golden new file mode 100644 index 00000000000..5a26cf6f290 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_K8SSD_with_Selectors_Unsupported_Version.golden @@ -0,0 +1,14 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + kubernetes_sd_configs: + - role: node + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_KumaSD_with_TLSConfig_TLSVersion.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_KumaSD_with_TLSConfig_TLSVersion.golden new file mode 100644 index 00000000000..1e1acf8c590 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_KumaSD_with_TLSConfig_TLSVersion.golden @@ -0,0 +1,23 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + kuma_sd_configs: + - authorization: + type: Bearer + credentials: value + server: "" + tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_key + min_version: TLS10 + max_version: TLS12 + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_ProxySettingsIncompatiblePrometheusVersion.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_ProxySettingsIncompatiblePrometheusVersion.golden index 07324ebdd32..60168036c05 100644 --- a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_ProxySettingsIncompatiblePrometheusVersion.golden +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_ProxySettingsIncompatiblePrometheusVersion.golden @@ -6,6 +6,7 @@ global: prometheus_replica: $(POD_NAME) scrape_configs: - job_name: scrapeConfig/default/testscrapeconfig1 + proxy_url: http://no-proxy.com relabel_configs: - source_labels: - job diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_ScaleWaySD.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_ScaleWaySD.golden new file mode 100644 index 00000000000..c9caf5546f9 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_ScaleWaySD.golden @@ -0,0 +1,33 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + scaleway_sd_configs: + - access_key: AccessKey + secret_key: value + project_id: "1" + role: instance + port: 23456 + api_url: https://api.scaleway.com/ + zone: beijing-1 + name_filter: name + tags_filter: + - aa + - bb + refresh_interval: 30s + proxy_url: http://no-proxy.com + no_proxy: 0.0.0.0 + proxy_from_environment: true + proxy_connect_header: + header: + - value + follow_redirects: true + enable_http2: true + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_ScaleWaySD_with_TLSConfig.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_ScaleWaySD_with_TLSConfig.golden new file mode 100644 index 00000000000..ae9fa360192 --- /dev/null +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_ScaleWaySD_with_TLSConfig.golden @@ -0,0 +1,21 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: scrapeConfig/default/testscrapeconfig1 + scaleway_sd_configs: + - access_key: AccessKey + secret_key: value + project_id: "1" + role: instance + tls_config: + ca_file: /etc/prometheus/certs/0_default_tls_ca + cert_file: /etc/prometheus/certs/0_default_tls_cert + key_file: /etc/prometheus/certs/0_default_tls_private-key + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name diff --git a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_TLSConfig.golden b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_TLSConfig.golden index 74b87fec46e..3157d58ee4a 100644 --- a/pkg/prometheus/testdata/ScrapeConfigSpecConfig_TLSConfig.golden +++ b/pkg/prometheus/testdata/ScrapeConfigSpecConfig_TLSConfig.golden @@ -11,10 +11,10 @@ scrape_configs: cert_file: /etc/prometheus/certs/0_default_tls_cert key_file: /etc/prometheus/certs/0_default_tls_private-key http_sd_configs: - - url: http://localhost:9100/sd.json - tls_config: + - tls_config: insecure_skip_verify: true ca_file: /etc/prometheus/certs/0_default_tls_ca2 + url: http://localhost:9100/sd.json relabel_configs: - source_labels: - job diff --git a/pkg/prometheus/testdata/external_label_specified.golden b/pkg/prometheus/testdata/external_label_specified.golden index 04c22cbfcf3..3ce6f9a67be 100644 --- a/pkg/prometheus/testdata/external_label_specified.golden +++ b/pkg/prometheus/testdata/external_label_specified.golden @@ -4,6 +4,6 @@ global: external_labels: key1: value1 key2: value2 - prometheus: / + prometheus: test/example prometheus_replica: $(POD_NAME) scrape_configs: [] diff --git a/pkg/prometheus/testdata/external_label_specified_along_with_reserved_labels.golden b/pkg/prometheus/testdata/external_label_specified_along_with_reserved_labels.golden index 5484be5fdaa..e8d6b7b0bde 100644 --- a/pkg/prometheus/testdata/external_label_specified_along_with_reserved_labels.golden +++ b/pkg/prometheus/testdata/external_label_specified_along_with_reserved_labels.golden @@ -2,7 +2,7 @@ global: evaluation_interval: 30s scrape_interval: 30s external_labels: - prometheus: / + prometheus: test/example prometheus_replica: $(POD_NAME) some-other-key: some-value scrape_configs: [] diff --git a/pkg/prometheus/testdata/global_settings_valid_config_v2.15.2.golden b/pkg/prometheus/testdata/global_settings_valid_config_v2.15.2.golden index 981b67dbbc2..f5c3ffcb5d6 100644 --- a/pkg/prometheus/testdata/global_settings_valid_config_v2.15.2.golden +++ b/pkg/prometheus/testdata/global_settings_valid_config_v2.15.2.golden @@ -2,6 +2,6 @@ global: evaluation_interval: 30s scrape_interval: 15s external_labels: - prometheus: / + prometheus: test/example prometheus_replica: $(POD_NAME) scrape_configs: [] diff --git a/pkg/prometheus/testdata/monitorObjectWithDefaultScrapeClassAndTLSConfig.golden b/pkg/prometheus/testdata/monitorObjectWithDefaultScrapeClassAndTLSConfig.golden index 742536d2095..de915ff05c1 100644 --- a/pkg/prometheus/testdata/monitorObjectWithDefaultScrapeClassAndTLSConfig.golden +++ b/pkg/prometheus/testdata/monitorObjectWithDefaultScrapeClassAndTLSConfig.golden @@ -174,11 +174,11 @@ scrape_configs: cert_file: /etc/prometheus/secrets/default/tls.crt key_file: /etc/prometheus/secrets/default/tls.key http_sd_configs: - - url: http://localhost:9100/sd.json - refresh_interval: 5m - proxy_url: http://no-proxy.com + - proxy_url: http://no-proxy.com no_proxy: 0.0.0.0 proxy_from_environment: false + url: http://localhost:9100/sd.json + refresh_interval: 5m relabel_configs: - source_labels: - job diff --git a/pkg/prometheus/testdata/monitorObjectWithNonDefaultScrapeClassAndTLSConfig.golden b/pkg/prometheus/testdata/monitorObjectWithNonDefaultScrapeClassAndTLSConfig.golden index 82c5c4b1bd2..d124d775420 100644 --- a/pkg/prometheus/testdata/monitorObjectWithNonDefaultScrapeClassAndTLSConfig.golden +++ b/pkg/prometheus/testdata/monitorObjectWithNonDefaultScrapeClassAndTLSConfig.golden @@ -174,11 +174,11 @@ scrape_configs: cert_file: /etc/prometheus/secrets/tls.crt key_file: /etc/prometheus/secrets/tls.key http_sd_configs: - - url: http://localhost:9100/sd.json - refresh_interval: 5m - proxy_url: http://no-proxy.com + - proxy_url: http://no-proxy.com no_proxy: 0.0.0.0 proxy_from_environment: false + url: http://localhost:9100/sd.json + refresh_interval: 5m relabel_configs: - source_labels: - job diff --git a/pkg/prometheus/testdata/monitorObjectWithoutScrapeClass.golden b/pkg/prometheus/testdata/monitorObjectWithoutScrapeClass.golden index 4fd92a2ddda..7a52ceecf35 100644 --- a/pkg/prometheus/testdata/monitorObjectWithoutScrapeClass.golden +++ b/pkg/prometheus/testdata/monitorObjectWithoutScrapeClass.golden @@ -158,11 +158,11 @@ scrape_configs: action: labeldrop - job_name: scrapeConfig/default/defaultScrapeConfig http_sd_configs: - - url: http://localhost:9100/sd.json - refresh_interval: 5m - proxy_url: http://no-proxy.com + - proxy_url: http://no-proxy.com no_proxy: 0.0.0.0 proxy_from_environment: false + url: http://localhost:9100/sd.json + refresh_interval: 5m relabel_configs: - source_labels: - job diff --git a/pkg/prometheus/testdata/podMonitorObjectWithDefaultScrapeClassWithAttachMetadata.golden b/pkg/prometheus/testdata/podMonitorObjectWithDefaultScrapeClassWithAttachMetadata.golden new file mode 100644 index 00000000000..5f22a06f57d --- /dev/null +++ b/pkg/prometheus/testdata/podMonitorObjectWithDefaultScrapeClassWithAttachMetadata.golden @@ -0,0 +1,61 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: podMonitor/default/defaultPodMonitor/0 + honor_labels: false + kubernetes_sd_configs: + - role: pod + namespaces: + names: + - default + attach_metadata: + node: true + scrape_interval: 30s + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name + - action: drop + source_labels: + - __meta_kubernetes_pod_phase + regex: (Failed|Succeeded) + - action: keep + source_labels: + - __meta_kubernetes_pod_label_group + - __meta_kubernetes_pod_labelpresent_group + regex: (group1);true + - action: keep + source_labels: + - __meta_kubernetes_pod_container_port_name + regex: web + - source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - target_label: job + replacement: default/defaultPodMonitor + - target_label: endpoint + replacement: web + - target_label: namespace + replacement: default + - source_labels: + - __address__ + target_label: __tmp_hash + modulus: 1 + action: hashmod + - source_labels: + - __tmp_hash + regex: $(SHARD) + action: keep + metric_relabel_configs: + - target_label: namespace + replacement: default diff --git a/pkg/prometheus/testdata/podMonitorObjectWithNonDefaultScrapeClassWithAttachMetadata.golden b/pkg/prometheus/testdata/podMonitorObjectWithNonDefaultScrapeClassWithAttachMetadata.golden new file mode 100644 index 00000000000..5f22a06f57d --- /dev/null +++ b/pkg/prometheus/testdata/podMonitorObjectWithNonDefaultScrapeClassWithAttachMetadata.golden @@ -0,0 +1,61 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: podMonitor/default/defaultPodMonitor/0 + honor_labels: false + kubernetes_sd_configs: + - role: pod + namespaces: + names: + - default + attach_metadata: + node: true + scrape_interval: 30s + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name + - action: drop + source_labels: + - __meta_kubernetes_pod_phase + regex: (Failed|Succeeded) + - action: keep + source_labels: + - __meta_kubernetes_pod_label_group + - __meta_kubernetes_pod_labelpresent_group + regex: (group1);true + - action: keep + source_labels: + - __meta_kubernetes_pod_container_port_name + regex: web + - source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - target_label: job + replacement: default/defaultPodMonitor + - target_label: endpoint + replacement: web + - target_label: namespace + replacement: default + - source_labels: + - __address__ + target_label: __tmp_hash + modulus: 1 + action: hashmod + - source_labels: + - __tmp_hash + regex: $(SHARD) + action: keep + metric_relabel_configs: + - target_label: namespace + replacement: default diff --git a/pkg/prometheus/testdata/pod_monitor_with_oauth2.golden b/pkg/prometheus/testdata/pod_monitor_with_oauth2.golden index da13421848b..fd03a2d5802 100644 --- a/pkg/prometheus/testdata/pod_monitor_with_oauth2.golden +++ b/pkg/prometheus/testdata/pod_monitor_with_oauth2.golden @@ -22,6 +22,15 @@ scrape_configs: endpoint_params: param1: value1 param2: value2 + proxy_url: http://no-proxy.com + no_proxy: 0.0.0.0 + proxy_from_environment: false + proxy_connect_header: + header: + - value + tls_config: + insecure_skip_verify: true + ca_file: /etc/prometheus/certs/0_default_tls_ca2 relabel_configs: - source_labels: - job diff --git a/pkg/prometheus/testdata/probe_monitor_with_oauth2.golden b/pkg/prometheus/testdata/probe_monitor_with_oauth2.golden index 574b41584b4..a93c773e623 100644 --- a/pkg/prometheus/testdata/probe_monitor_with_oauth2.golden +++ b/pkg/prometheus/testdata/probe_monitor_with_oauth2.golden @@ -44,3 +44,12 @@ scrape_configs: endpoint_params: param1: value1 param2: value2 + proxy_url: http://no-proxy.com + no_proxy: 0.0.0.0 + proxy_from_environment: false + proxy_connect_header: + header: + - value + tls_config: + insecure_skip_verify: true + ca_file: /etc/prometheus/certs/0_default_tls_ca2 diff --git a/pkg/prometheus/testdata/query_log_file.golden b/pkg/prometheus/testdata/query_log_file.golden index 8704b4b9a8c..e7bf2f85514 100644 --- a/pkg/prometheus/testdata/query_log_file.golden +++ b/pkg/prometheus/testdata/query_log_file.golden @@ -2,7 +2,7 @@ global: evaluation_interval: 30s scrape_interval: 30s external_labels: - prometheus: / + prometheus: test/example prometheus_replica: $(POD_NAME) query_log_file: /var/log/prometheus/test.log scrape_configs: [] diff --git a/pkg/prometheus/testdata/serviceMonitorObjectWithDefaultScrapeClassWithAttachMetadata.golden b/pkg/prometheus/testdata/serviceMonitorObjectWithDefaultScrapeClassWithAttachMetadata.golden new file mode 100644 index 00000000000..8a87edca0e5 --- /dev/null +++ b/pkg/prometheus/testdata/serviceMonitorObjectWithDefaultScrapeClassWithAttachMetadata.golden @@ -0,0 +1,80 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: serviceMonitor/default/defaultServiceMonitor/0 + honor_labels: false + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - default + attach_metadata: + node: true + scrape_interval: 30s + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name + - action: keep + source_labels: + - __meta_kubernetes_service_label_group + - __meta_kubernetes_service_labelpresent_group + regex: (group1);true + - action: keep + source_labels: + - __meta_kubernetes_endpoint_port_name + regex: web + - source_labels: + - __meta_kubernetes_endpoint_address_target_kind + - __meta_kubernetes_endpoint_address_target_name + separator: ; + regex: Node;(.*) + replacement: ${1} + target_label: node + - source_labels: + - __meta_kubernetes_endpoint_address_target_kind + - __meta_kubernetes_endpoint_address_target_name + separator: ; + regex: Pod;(.*) + replacement: ${1} + target_label: pod + - source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - source_labels: + - __meta_kubernetes_service_name + target_label: service + - source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - action: drop + source_labels: + - __meta_kubernetes_pod_phase + regex: (Failed|Succeeded) + - source_labels: + - __meta_kubernetes_service_name + target_label: job + replacement: ${1} + - target_label: endpoint + replacement: web + - target_label: namespace + replacement: default + - source_labels: + - __address__ + target_label: __tmp_hash + modulus: 1 + action: hashmod + - source_labels: + - __tmp_hash + regex: $(SHARD) + action: keep + metric_relabel_configs: + - target_label: namespace + replacement: default diff --git a/pkg/prometheus/testdata/serviceMonitorObjectWithNonDefaultScrapeClassWithAttachMetadata.golden b/pkg/prometheus/testdata/serviceMonitorObjectWithNonDefaultScrapeClassWithAttachMetadata.golden new file mode 100644 index 00000000000..8a87edca0e5 --- /dev/null +++ b/pkg/prometheus/testdata/serviceMonitorObjectWithNonDefaultScrapeClassWithAttachMetadata.golden @@ -0,0 +1,80 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) +scrape_configs: +- job_name: serviceMonitor/default/defaultServiceMonitor/0 + honor_labels: false + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - default + attach_metadata: + node: true + scrape_interval: 30s + relabel_configs: + - source_labels: + - job + target_label: __tmp_prometheus_job_name + - action: keep + source_labels: + - __meta_kubernetes_service_label_group + - __meta_kubernetes_service_labelpresent_group + regex: (group1);true + - action: keep + source_labels: + - __meta_kubernetes_endpoint_port_name + regex: web + - source_labels: + - __meta_kubernetes_endpoint_address_target_kind + - __meta_kubernetes_endpoint_address_target_name + separator: ; + regex: Node;(.*) + replacement: ${1} + target_label: node + - source_labels: + - __meta_kubernetes_endpoint_address_target_kind + - __meta_kubernetes_endpoint_address_target_name + separator: ; + regex: Pod;(.*) + replacement: ${1} + target_label: pod + - source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - source_labels: + - __meta_kubernetes_service_name + target_label: service + - source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - action: drop + source_labels: + - __meta_kubernetes_pod_phase + regex: (Failed|Succeeded) + - source_labels: + - __meta_kubernetes_service_name + target_label: job + replacement: ${1} + - target_label: endpoint + replacement: web + - target_label: namespace + replacement: default + - source_labels: + - __address__ + target_label: __tmp_hash + modulus: 1 + action: hashmod + - source_labels: + - __tmp_hash + regex: $(SHARD) + action: keep + metric_relabel_configs: + - target_label: namespace + replacement: default diff --git a/pkg/prometheus/testdata/service_monitor_with_oauth2.golden b/pkg/prometheus/testdata/service_monitor_with_oauth2.golden index 2148a0007d6..b1d78409466 100644 --- a/pkg/prometheus/testdata/service_monitor_with_oauth2.golden +++ b/pkg/prometheus/testdata/service_monitor_with_oauth2.golden @@ -22,6 +22,15 @@ scrape_configs: endpoint_params: param1: value1 param2: value2 + proxy_url: http://no-proxy.com + no_proxy: 0.0.0.0 + proxy_from_environment: false + proxy_connect_header: + header: + - value + tls_config: + insecure_skip_verify: true + ca_file: /etc/prometheus/certs/0_default_tls_ca2 relabel_configs: - source_labels: - job diff --git a/pkg/prometheus/testdata/valid_global_config_with_keep_dropped_targets.golden b/pkg/prometheus/testdata/valid_global_config_with_keep_dropped_targets.golden index 099f09f3767..12bd8307786 100644 --- a/pkg/prometheus/testdata/valid_global_config_with_keep_dropped_targets.golden +++ b/pkg/prometheus/testdata/valid_global_config_with_keep_dropped_targets.golden @@ -2,7 +2,7 @@ global: evaluation_interval: 30s scrape_interval: 30s external_labels: - prometheus: / + prometheus: test/example prometheus_replica: $(POD_NAME) keep_dropped_targets: 50 scrape_configs: [] diff --git a/pkg/prometheus/testdata/valid_global_config_with_label_limits.golden b/pkg/prometheus/testdata/valid_global_config_with_label_limits.golden index eb3957f1033..2ea0dea28fc 100644 --- a/pkg/prometheus/testdata/valid_global_config_with_label_limits.golden +++ b/pkg/prometheus/testdata/valid_global_config_with_label_limits.golden @@ -2,7 +2,7 @@ global: evaluation_interval: 30s scrape_interval: 30s external_labels: - prometheus: / + prometheus: test/example prometheus_replica: $(POD_NAME) body_size_limit: 1000MB sample_limit: 10000 diff --git a/pkg/prometheus/testdata/valid_global_config_with_rule_query_offset.golden b/pkg/prometheus/testdata/valid_global_config_with_rule_query_offset.golden new file mode 100644 index 00000000000..754c6e0f1ad --- /dev/null +++ b/pkg/prometheus/testdata/valid_global_config_with_rule_query_offset.golden @@ -0,0 +1,8 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + rule_query_offset: 30s + external_labels: + prometheus: test/example + prometheus_replica: $(POD_NAME) +scrape_configs: [] diff --git a/pkg/prometheus/testdata/valid_global_config_with_scrape_protocols.golden b/pkg/prometheus/testdata/valid_global_config_with_scrape_protocols.golden index 9296d92cced..080a96878ae 100644 --- a/pkg/prometheus/testdata/valid_global_config_with_scrape_protocols.golden +++ b/pkg/prometheus/testdata/valid_global_config_with_scrape_protocols.golden @@ -6,6 +6,6 @@ global: - OpenMetricsText0.0.1 - PrometheusText0.0.4 external_labels: - prometheus: / + prometheus: test/example prometheus_replica: $(POD_NAME) scrape_configs: [] diff --git a/pkg/prometheus/testdata/valid_global_config_without_rule_query_offset.golden b/pkg/prometheus/testdata/valid_global_config_without_rule_query_offset.golden new file mode 100644 index 00000000000..a16a4a5717c --- /dev/null +++ b/pkg/prometheus/testdata/valid_global_config_without_rule_query_offset.golden @@ -0,0 +1,7 @@ +global: + evaluation_interval: 30s + scrape_interval: 30s + external_labels: + prometheus: test/example + prometheus_replica: $(POD_NAME) +scrape_configs: [] diff --git a/pkg/prometheus/testdata/valid_global_limits.golden b/pkg/prometheus/testdata/valid_global_limits.golden index 3c6a6e827f7..a4f9ffded7a 100644 --- a/pkg/prometheus/testdata/valid_global_limits.golden +++ b/pkg/prometheus/testdata/valid_global_limits.golden @@ -2,7 +2,7 @@ global: evaluation_interval: 30s scrape_interval: 30s external_labels: - prometheus: / + prometheus: test/example prometheus_replica: $(POD_NAME) body_size_limit: 1000MB sample_limit: 10000 diff --git a/pkg/prometheus/testdata/valid_scrape_timeout_along_with_valid_scrape_interval_specified.golden b/pkg/prometheus/testdata/valid_scrape_timeout_along_with_valid_scrape_interval_specified.golden index bdca569c99f..bf856e6e9b9 100644 --- a/pkg/prometheus/testdata/valid_scrape_timeout_along_with_valid_scrape_interval_specified.golden +++ b/pkg/prometheus/testdata/valid_scrape_timeout_along_with_valid_scrape_interval_specified.golden @@ -3,6 +3,6 @@ global: scrape_interval: 60s scrape_timeout: 10s external_labels: - prometheus: / + prometheus: test/example prometheus_replica: $(POD_NAME) scrape_configs: [] diff --git a/pkg/server/server.go b/pkg/server/server.go index edf61f6e72e..d861044074c 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -19,15 +19,14 @@ import ( "crypto/tls" "flag" "fmt" - stdlog "log" + "log/slog" + "math" "net" "net/http" "os" "path/filepath" "time" - "github.com/go-kit/log" - "github.com/go-kit/log/level" "k8s.io/apiserver/pkg/server/dynamiccertificates" kflag "k8s.io/component-base/cli/flag" @@ -105,9 +104,14 @@ type TLSConfig struct { // Convert returns a *tls.Config from the given TLSConfig. // It returns nil when TLS isn't enabled/configured. -func (tc *TLSConfig) Convert(logger log.Logger) (*tls.Config, error) { +func (tc *TLSConfig) Convert(logger *slog.Logger) (*tls.Config, error) { if logger == nil { - logger = log.NewNopLogger() + logger = slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{ + // slog level math.MaxInt means no logging + // We would like to use the slog buil-in No-op level once it is available + // More: https://github.com/golang/go/issues/62005 + Level: slog.Level(math.MaxInt), + })) } if !tc.Enabled { @@ -120,7 +124,7 @@ func (tc *TLSConfig) Convert(logger log.Logger) (*tls.Config, error) { } // Disable TLS. - level.Warn(logger).Log("msg", "server key and certificate not provided, TLS disabled") + logger.Warn("server key and certificate not provided, TLS disabled") return nil, nil } @@ -157,15 +161,15 @@ func (tc *TLSConfig) Convert(logger log.Logger) (*tls.Config, error) { info, err := os.Stat(tc.ClientCAFile) switch { case err != nil: - level.Warn(logger).Log("msg", "server TLS client verification disabled", "client_ca_file", tc.ClientCAFile, "err", err) + logger.Warn("server TLS client verification disabled", "client_ca_file", tc.ClientCAFile, "err", err) case !info.Mode().IsRegular(): - level.Warn(logger).Log("msg", "server TLS client verification disabled", "client_ca_file", tc.ClientCAFile, "file_mode", info.Mode().String()) + logger.Warn("server TLS client verification disabled", "client_ca_file", tc.ClientCAFile, "file_mode", info.Mode().String()) default: // The client CA content will be checked by the cert controller. tlsCfg.ClientAuth = tls.RequireAndVerifyClientCert - level.Info(logger).Log("msg", "server TLS client verification enabled", "client_ca_file", tc.ClientCAFile) + logger.Info("server TLS client verification enabled", "client_ca_file", tc.ClientCAFile) } return tlsCfg, nil @@ -173,7 +177,7 @@ func (tc *TLSConfig) Convert(logger log.Logger) (*tls.Config, error) { // Server is a web server. type Server struct { - logger log.Logger + logger *slog.Logger listener net.Listener srv *http.Server @@ -183,7 +187,7 @@ type Server struct { } // NewServer initializes a web server with the given handler (typically an http.MuxServe). -func NewServer(logger log.Logger, c *Config, handler http.Handler) (*Server, error) { +func NewServer(logger *slog.Logger, c *Config, handler http.Handler) (*Server, error) { listener, err := net.Listen("tcp", c.ListenAddress) if err != nil { return nil, err @@ -268,10 +272,7 @@ func NewServer(logger log.Logger, c *Config, handler http.Handler) (*Server, err TLSConfig: tlsConfig, ReadHeaderTimeout: 30 * time.Second, ReadTimeout: 30 * time.Second, - // use flags on standard logger to align with base logger and get consistent parsed fields form adapter: - // use shortfile flag to get proper 'caller' field (avoid being wrongly parsed/extracted from message) - // and no datetime related flag to keep 'ts' field from base logger (with controlled format) - ErrorLog: stdlog.New(log.NewStdlibAdapter(logger), "", stdlog.Lshortfile), + ErrorLog: slog.NewLogLogger(logger.Handler(), slog.LevelError), } if !c.EnableHTTP2 { @@ -295,9 +296,9 @@ func (s *Server) Serve(ctx context.Context) error { } if s.srv.TLSConfig == nil { - level.Info(s.logger).Log("msg", "starting insecure server", "address", s.listener.Addr().String()) + s.logger.Info("starting insecure server", "address", s.listener.Addr().String()) } else { - level.Info(s.logger).Log("msg", "starting secure server", "address", s.listener.Addr().String(), "http2", s.cfg.EnableHTTP2) + s.logger.Info("starting secure server", "address", s.listener.Addr().String(), "http2", s.cfg.EnableHTTP2) } if err := s.srv.Serve(s.listener); err != http.ErrServerClosed { @@ -309,6 +310,6 @@ func (s *Server) Serve(ctx context.Context) error { // Shutdown closes gracefully all active connections. func (s *Server) Shutdown(ctx context.Context) error { - level.Info(s.logger).Log("msg", "shutting down web server") + s.logger.Info("shutting down web server") return s.srv.Shutdown(ctx) } diff --git a/pkg/thanos/operator.go b/pkg/thanos/operator.go index 54f31e7c4d4..8a0302a987d 100644 --- a/pkg/thanos/operator.go +++ b/pkg/thanos/operator.go @@ -17,6 +17,7 @@ package thanos import ( "context" "fmt" + "log/slog" "strings" "time" @@ -59,7 +60,8 @@ type Operator struct { kclient kubernetes.Interface mdClient metadata.Interface mclient monitoringclient.Interface - logger log.Logger + + logger *slog.Logger accessor *operator.Accessor controllerID string @@ -94,9 +96,19 @@ type Config struct { Labels operator.Map } +type ControllerOption func(*Operator) + +// WithStorageClassValidation tells that the controller should verify that the +// Prometheus spec references a valid StorageClass name. +func WithStorageClassValidation() ControllerOption { + return func(o *Operator) { + o.canReadStorageClass = true + } +} + // New creates a new controller. -func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger log.Logger, r prometheus.Registerer, canReadStorageClass bool, erf operator.EventRecorderFactory) (*Operator, error) { - logger = log.With(logger, "component", controllerName) +func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger *slog.Logger, r prometheus.Registerer, options ...ControllerOption) (*Operator, error) { + logger = logger.With("component", controllerName) client, err := kubernetes.NewForConfig(restConfig) if err != nil { @@ -117,16 +129,15 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger r = prometheus.WrapRegistererWith(prometheus.Labels{"controller": "thanos"}, r) o := &Operator{ - kclient: client, - mdClient: mdClient, - mclient: mclient, - logger: logger, - accessor: operator.NewAccessor(logger), - metrics: operator.NewMetrics(r), - eventRecorder: erf(client, controllerName), - reconciliations: &operator.ReconciliationTracker{}, - controllerID: c.ControllerID, - canReadStorageClass: canReadStorageClass, + kclient: client, + mdClient: mdClient, + mclient: mclient, + logger: logger, + accessor: operator.NewAccessor(logger), + metrics: operator.NewMetrics(r), + eventRecorder: c.EventRecorderFactory(client, controllerName), + reconciliations: &operator.ReconciliationTracker{}, + controllerID: c.ControllerID, config: Config{ ReloaderConfig: c.ReloaderConfig, ThanosDefaultBaseImage: c.ThanosDefaultBaseImage, @@ -135,6 +146,9 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger LocalHost: c.LocalHost, }, } + for _, opt := range options { + opt(o) + } o.rr = operator.NewResourceReconciler( o.logger, @@ -183,6 +197,16 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger } o.metrics.MustRegister(newThanosRulerCollectorForStores(thanosStores...)) + o.rr = operator.NewResourceReconciler( + o.logger, + o, + o.thanosRulerInfs, + o.metrics, + monitoringv1.ThanosRulerKind, + r, + o.controllerID, + ) + o.ruleInfs, err = informers.NewInformersForResource( informers.NewMonitoringInformerFactories( c.Namespaces.AllowList, @@ -224,7 +248,7 @@ func New(ctx context.Context, restConfig *rest.Config, c operator.Config, logger return nil, err } - level.Debug(o.logger).Log("msg", "creating namespace informer", "privileged", privileged) + o.logger.Debug("creating namespace informer", "privileged", privileged) return cache.NewSharedIndexInformer( o.metrics.NewInstrumentedListerWatcher(lw), &v1.Namespace{}, @@ -262,7 +286,7 @@ func (o *Operator) waitForCacheSync(ctx context.Context) error { {"StatefulSet", o.ssetInfs}, } { for _, inf := range infs.informersForResource.GetInformers() { - if !operator.WaitForNamedCacheSync(ctx, "thanos", log.With(o.logger, "informer", infs.name), inf.Informer()) { + if !operator.WaitForNamedCacheSync(ctx, "thanos", o.logger.With("informer", infs.name), inf.Informer()) { return fmt.Errorf("failed to sync cache for %s informer", infs.name) } } @@ -275,12 +299,12 @@ func (o *Operator) waitForCacheSync(ctx context.Context) error { {"ThanosRulerNamespace", o.nsThanosRulerInf}, {"RuleNamespace", o.nsRuleInf}, } { - if !operator.WaitForNamedCacheSync(ctx, "thanos", log.With(o.logger, "informer", inf.name), inf.informer) { + if !operator.WaitForNamedCacheSync(ctx, "thanos", o.logger.With("informer", inf.name), inf.informer) { return fmt.Errorf("failed to sync cache for %s informer", inf.name) } } - level.Info(o.logger).Log("msg", "successfully synced all caches") + o.logger.Info("successfully synced all caches") return nil } @@ -353,7 +377,7 @@ func (o *Operator) Iterate(processFn func(metav1.Object, []monitoringv1.Conditio a := o.(*monitoringv1.ThanosRuler) processFn(a, a.Status.Conditions) }); err != nil { - level.Error(o.logger).Log("msg", "failed to list ThanosRuler objects", "err", err) + o.logger.Error("failed to list ThanosRuler objects", "err", err) } } @@ -362,32 +386,6 @@ func (o *Operator) RefreshStatusFor(obj metav1.Object) { o.rr.EnqueueForStatus(obj) } -// Resolve implements the operator.Syncer interface. -func (o *Operator) Resolve(ss *appsv1.StatefulSet) metav1.Object { - key, ok := o.accessor.MetaNamespaceKey(ss) - if !ok { - return nil - } - - thanosKey := statefulSetKeyToThanosKey(key) - tr, err := o.thanosRulerInfs.Get(thanosKey) - if apierrors.IsNotFound(err) { - return nil - } - - if err != nil { - level.Error(o.logger).Log("msg", "ThanosRuler lookup failed", "err", err) - return nil - } - - return tr.(*monitoringv1.ThanosRuler) -} - -func statefulSetKeyToThanosKey(key string) string { - keyParts := strings.Split(key, "/") - return keyParts[0] + "/" + strings.TrimPrefix(keyParts[1], "thanos-ruler-") -} - func thanosKeyToStatefulSetKey(key string) string { keyParts := strings.Split(key, "/") return keyParts[0] + "/thanos-ruler-" + keyParts[1] @@ -397,14 +395,14 @@ func (o *Operator) handleNamespaceUpdate(oldo, curo interface{}) { old := oldo.(*v1.Namespace) cur := curo.(*v1.Namespace) - level.Debug(o.logger).Log("msg", "update handler", "namespace", cur.GetName(), "old", old.ResourceVersion, "cur", cur.ResourceVersion) + o.logger.Debug("update handler", "namespace", cur.GetName(), "old", old.ResourceVersion, "cur", cur.ResourceVersion) // Periodic resync may resend the Namespace without changes in-between. if old.ResourceVersion == cur.ResourceVersion { return } - level.Debug(o.logger).Log("msg", "Namespace updated", "namespace", cur.GetName()) + o.logger.Debug("Namespace updated", "namespace", cur.GetName()) o.metrics.TriggerByCounter("Namespace", operator.UpdateEvent).Inc() // Check for ThanosRuler instances selecting PrometheusRules in the namespace. @@ -413,7 +411,8 @@ func (o *Operator) handleNamespaceUpdate(oldo, curo interface{}) { sync, err := k8sutil.LabelSelectionHasChanged(old.Labels, cur.Labels, tr.Spec.RuleNamespaceSelector) if err != nil { - level.Error(o.logger).Log( + o.logger.Error( + "failed to detect label selection change", "err", err, "name", tr.Name, "namespace", tr.Namespace, @@ -426,8 +425,7 @@ func (o *Operator) handleNamespaceUpdate(oldo, curo interface{}) { } }) if err != nil { - level.Error(o.logger).Log( - "msg", "listing all ThanosRuler instances from cache failed", + o.logger.Error("listing all ThanosRuler instances from cache failed", "err", err, ) } @@ -467,8 +465,12 @@ func (o *Operator) sync(ctx context.Context, key string) error { return nil } - logger := log.With(o.logger, "key", key) - level.Info(logger).Log("msg", "sync thanos-ruler") + logger := o.logger.With("key", key) + logger.Info("sync thanos-ruler") + + if err := operator.CheckStorageClass(ctx, o.canReadStorageClass, o.kclient, tr.Spec.Storage); err != nil { + return err + } if err := operator.CheckStorageClass(ctx, o.canReadStorageClass, o.kclient, tr.Spec.Storage); err != nil { return err @@ -492,7 +494,7 @@ func (o *Operator) sync(ctx context.Context, key string) error { // Create governing service if it doesn't exist. svcClient := o.kclient.CoreV1().Services(tr.Namespace) - if err = k8sutil.CreateOrUpdateService(ctx, svcClient, makeStatefulSetService(tr, o.config)); err != nil { + if _, err = k8sutil.CreateOrUpdateService(ctx, svcClient, makeStatefulSetService(tr, o.config)); err != nil { return fmt.Errorf("synchronizing governing service failed: %w", err) } @@ -533,11 +535,12 @@ func (o *Operator) sync(ctx context.Context, key string) error { operator.SanitizeSTS(sset) - if newSSetInputHash == existingStatefulSet.ObjectMeta.Annotations[sSetInputHashName] { - level.Debug(logger).Log("msg", "new statefulset generation inputs match current, skipping any actions") + if newSSetInputHash == existingStatefulSet.ObjectMeta.Annotations[operator.InputHashAnnotationName] { + logger.Debug("new statefulset generation inputs match current, skipping any actions", "hash", newSSetInputHash) return nil } + logger.Debug("new hash differs from the existing value", "new", newSSetInputHash, "existing", existingStatefulSet.ObjectMeta.Annotations[operator.InputHashAnnotationName]) ssetClient := o.kclient.AppsV1().StatefulSets(tr.Namespace) err = k8sutil.UpdateStatefulSet(ctx, ssetClient, sset) sErr, ok := err.(*apierrors.StatusError) @@ -551,7 +554,7 @@ func (o *Operator) sync(ctx context.Context, key string) error { failMsg[i] = cause.Message } - level.Info(logger).Log("msg", "recreating ThanosRuler StatefulSet because the update operation wasn't possible", "reason", strings.Join(failMsg, ", ")) + logger.Info("recreating ThanosRuler StatefulSet because the update operation wasn't possible", "reason", strings.Join(failMsg, ", ")) propagationPolicy := metav1.DeletePropagationForeground if err := ssetClient.Delete(ctx, sset.GetName(), metav1.DeleteOptions{PropagationPolicy: &propagationPolicy}); err != nil { return fmt.Errorf("failed to delete StatefulSet to avoid forbidden action: %w", err) @@ -572,7 +575,7 @@ func (o *Operator) getThanosRulerFromKey(key string) (*monitoringv1.ThanosRuler, obj, err := o.thanosRulerInfs.Get(key) if err != nil { if apierrors.IsNotFound(err) { - level.Info(o.logger).Log("msg", "ThanosRuler not found", "key", key) + o.logger.Info("ThanosRuler not found", "key", key) return nil, nil } return nil, fmt.Errorf("failed to retrieve ThanosRuler from informer: %w", err) @@ -590,7 +593,7 @@ func (o *Operator) getStatefulSetFromThanosRulerKey(key string) (*appsv1.Statefu obj, err := o.ssetInfs.Get(ssetName) if err != nil { if apierrors.IsNotFound(err) { - level.Info(o.logger).Log("msg", "StatefulSet not found", "key", ssetName) + o.logger.Info("StatefulSet not found", "key", ssetName) return nil, nil } return nil, fmt.Errorf("failed to retrieve StatefulSet from informer: %w", err) @@ -691,15 +694,13 @@ func (o *Operator) enqueueForRulesNamespace(nsName string) { func (o *Operator) enqueueForNamespace(store cache.Store, nsName string) { nsObject, exists, err := store.GetByKey(nsName) if err != nil { - level.Error(o.logger).Log( - "msg", "get namespace to enqueue ThanosRuler instances failed", + o.logger.Error("get namespace to enqueue ThanosRuler instances failed", "err", err, ) return } if !exists { - level.Error(o.logger).Log( - "msg", "get namespace to enqueue ThanosRuler instances failed: namespace does not exist", + o.logger.Error("get namespace to enqueue ThanosRuler instances failed: namespace does not exist", "namespace", nsName, ) return @@ -718,7 +719,7 @@ func (o *Operator) enqueueForNamespace(store cache.Store, nsName string) { // the namespace. ruleNSSelector, err := metav1.LabelSelectorAsSelector(tr.Spec.RuleNamespaceSelector) if err != nil { - level.Error(o.logger).Log( + o.logger.Error("", "err", fmt.Errorf("failed to convert RuleNamespaceSelector: %w", err), "name", tr.Name, "namespace", tr.Namespace, @@ -733,8 +734,7 @@ func (o *Operator) enqueueForNamespace(store cache.Store, nsName string) { } }) if err != nil { - level.Error(o.logger).Log( - "msg", "listing all ThanosRuler instances from cache failed", + o.logger.Error("listing all ThanosRuler instances from cache failed", "err", err, ) } diff --git a/pkg/thanos/operator_test.go b/pkg/thanos/operator_test.go index fd4e3aca2f5..678852509b3 100644 --- a/pkg/thanos/operator_test.go +++ b/pkg/thanos/operator_test.go @@ -16,13 +16,13 @@ package thanos import ( "testing" + + "github.com/stretchr/testify/require" ) func TestListOptions(t *testing.T) { for i := 0; i < 1000; i++ { o := ListOptions("test") - if o.LabelSelector != "app.kubernetes.io/name=thanos-ruler,thanos-ruler=test" && o.LabelSelector != "thanos-ruler=test,app.kubernetes.io/name=thanos-ruler" { - t.Fatalf("LabelSelector not computed correctly\n\nExpected: \"app.kubernetes.io/name=thanos-ruler,thanos-ruler=test\"\n\nGot: %#+v", o.LabelSelector) - } + require.True(t, o.LabelSelector == "app.kubernetes.io/name=thanos-ruler,thanos-ruler=test" || o.LabelSelector == "thanos-ruler=test,app.kubernetes.io/name=thanos-ruler") } } diff --git a/pkg/thanos/rules.go b/pkg/thanos/rules.go index 2890f8499fd..405c3b9685b 100644 --- a/pkg/thanos/rules.go +++ b/pkg/thanos/rules.go @@ -18,14 +18,12 @@ import ( "context" "fmt" "reflect" - "sort" "strings" - "github.com/go-kit/log" - "github.com/go-kit/log/level" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/prometheus-operator/prometheus-operator/internal/util" "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" namespacelabeler "github.com/prometheus-operator/prometheus-operator/pkg/namespacelabeler" @@ -34,12 +32,6 @@ import ( const labelThanosRulerName = "thanos-ruler-name" -// The maximum `Data` size of a ConfigMap seems to differ between -// environments. This is probably due to different meta data sizes which count -// into the overall maximum size of a ConfigMap. Thereby lets leave a -// large buffer. -var maxConfigMapDataSize = int(float64(v1.MaxSecretSize) * 0.5) - func (o *Operator) createOrUpdateRuleConfigMaps(ctx context.Context, t *monitoringv1.ThanosRuler) ([]string, error) { cClient := o.kclient.CoreV1().ConfigMaps(t.Namespace) @@ -65,7 +57,7 @@ func (o *Operator) createOrUpdateRuleConfigMaps(ctx context.Context, t *monitori false, ) - logger := log.With(o.logger, "thanos", t.Name, "namespace", t.Namespace) + logger := o.logger.With("thanos", t.Name, "namespace", t.Namespace) thanosVersion := operator.StringValOrDefault(t.Spec.Version, operator.DefaultThanosVersion) promRuleSelector, err := operator.NewPrometheusRuleSelector(operator.ThanosFormat, thanosVersion, t.Spec.RuleSelector, nsLabeler, o.ruleInfs, o.eventRecorder, logger) @@ -98,8 +90,7 @@ func (o *Operator) createOrUpdateRuleConfigMaps(ctx context.Context, t *monitori equal := reflect.DeepEqual(newRules, currentRules) if equal && len(currentConfigMaps) != 0 { - level.Debug(o.logger).Log( - "msg", "no PrometheusRule changes", + o.logger.Debug("no PrometheusRule changes", "namespace", t.Namespace, "thanos", t.Name, ) @@ -126,8 +117,7 @@ func (o *Operator) createOrUpdateRuleConfigMaps(ctx context.Context, t *monitori } if len(currentConfigMaps) == 0 { - level.Debug(o.logger).Log( - "msg", "no PrometheusRule configmap found, creating new one", + o.logger.Debug("no PrometheusRule configmap found, creating new one", "namespace", t.Namespace, "thanos", t.Name, ) @@ -149,8 +139,7 @@ func (o *Operator) createOrUpdateRuleConfigMaps(ctx context.Context, t *monitori } } - level.Debug(o.logger).Log( - "msg", "updating PrometheusRule", + o.logger.Debug("updating PrometheusRule", "namespace", t.Namespace, "thanos", t.Name, ) @@ -186,8 +175,7 @@ func (o *Operator) selectRuleNamespaces(p *monitoringv1.ThanosRuler) ([]string, } } - level.Debug(o.logger).Log( - "msg", "selected RuleNamespaces", + o.logger.Debug("selected RuleNamespaces", "namespaces", strings.Join(namespaces, ","), "namespace", p.Namespace, "thanos", p.Name, @@ -205,15 +193,6 @@ func (o *Operator) selectRuleNamespaces(p *monitoringv1.ThanosRuler) ([]string, // simplicity should be sufficient. // [1] https://en.wikipedia.org/wiki/Bin_packing_problem#First-fit_algorithm func makeRulesConfigMaps(t *monitoringv1.ThanosRuler, ruleFiles map[string]string, opts ...operator.ObjectOption) ([]v1.ConfigMap, error) { - //check if none of the rule files is too large for a single ConfigMap - for filename, file := range ruleFiles { - if len(file) > maxConfigMapDataSize { - return nil, fmt.Errorf( - "rule file '%v' is too large for a single Kubernetes ConfigMap", - filename, - ) - } - } buckets := []map[string]string{ {}, @@ -222,15 +201,9 @@ func makeRulesConfigMaps(t *monitoringv1.ThanosRuler, ruleFiles map[string]strin // To make bin packing algorithm deterministic, sort ruleFiles filenames and // iterate over filenames instead of ruleFiles map (not deterministic). - fileNames := []string{} - for n := range ruleFiles { - fileNames = append(fileNames, n) - } - sort.Strings(fileNames) - - for _, filename := range fileNames { + for _, filename := range util.SortedKeys(ruleFiles) { // If rule file doesn't fit into current bucket, create new bucket. - if bucketSize(buckets[currBucketIndex])+len(ruleFiles[filename]) > maxConfigMapDataSize { + if bucketSize(buckets[currBucketIndex])+len(ruleFiles[filename]) > operator.MaxConfigMapDataSize { buckets = append(buckets, map[string]string{}) currBucketIndex++ } diff --git a/pkg/thanos/statefulset.go b/pkg/thanos/statefulset.go index beb45f365a4..4e25ef68424 100644 --- a/pkg/thanos/statefulset.go +++ b/pkg/thanos/statefulset.go @@ -19,7 +19,6 @@ import ( "fmt" "net/url" "path" - "strings" "github.com/blang/semver/v4" appsv1 "k8s.io/api/apps/v1" @@ -46,7 +45,6 @@ const ( defaultRetention = "24h" defaultEvaluationInterval = "15s" defaultReplicaLabelName = "thanos_ruler_replica" - sSetInputHashName = "prometheus-operator-input-hash" ) var ( @@ -67,43 +65,34 @@ func makeStatefulSet(tr *monitoringv1.ThanosRuler, config Config, ruleConfigMapN return nil, err } - annotations := map[string]string{ - sSetInputHashName: inputHash, - } - - // do not transfer kubectl annotations to the statefulset so it is not - // pruned by kubectl - for key, value := range tr.ObjectMeta.Annotations { - if key != sSetInputHashName && !strings.HasPrefix(key, "kubectl.kubernetes.io/") { - annotations[key] = value - } - } - statefulset := &appsv1.StatefulSet{Spec: *spec} - operator.UpdateObject( statefulset, operator.WithName(prefixedName(tr.Name)), - operator.WithAnnotations(annotations), + operator.WithInputHashAnnotation(inputHash), + operator.WithAnnotations(tr.GetAnnotations()), operator.WithAnnotations(config.Annotations), operator.WithLabels(tr.GetLabels()), operator.WithLabels(config.Labels), - operator.WithOwner(tr), + operator.WithManagingOwner(tr), + operator.WithoutKubectlAnnotations(), ) - if tr.Spec.ImagePullSecrets != nil && len(tr.Spec.ImagePullSecrets) > 0 { + if len(tr.Spec.ImagePullSecrets) > 0 { statefulset.Spec.Template.Spec.ImagePullSecrets = tr.Spec.ImagePullSecrets } storageSpec := tr.Spec.Storage - if storageSpec == nil { + switch { + case storageSpec == nil: statefulset.Spec.Template.Spec.Volumes = append(statefulset.Spec.Template.Spec.Volumes, v1.Volume{ Name: volumeName(tr.Name), VolumeSource: v1.VolumeSource{ EmptyDir: &v1.EmptyDirVolumeSource{}, }, }) - } else if storageSpec.EmptyDir != nil { + + case storageSpec.EmptyDir != nil: emptyDir := storageSpec.EmptyDir statefulset.Spec.Template.Spec.Volumes = append(statefulset.Spec.Template.Spec.Volumes, v1.Volume{ Name: volumeName(tr.Name), @@ -111,7 +100,8 @@ func makeStatefulSet(tr *monitoringv1.ThanosRuler, config Config, ruleConfigMapN EmptyDir: emptyDir, }, }) - } else if storageSpec.Ephemeral != nil { + + case storageSpec.Ephemeral != nil: ephemeral := storageSpec.Ephemeral statefulset.Spec.Template.Spec.Volumes = append(statefulset.Spec.Template.Spec.Volumes, v1.Volume{ Name: volumeName(tr.Name), @@ -119,7 +109,8 @@ func makeStatefulSet(tr *monitoringv1.ThanosRuler, config Config, ruleConfigMapN Ephemeral: ephemeral, }, }) - } else { + + default: // storageSpec.VolumeClaimTemplate pvcTemplate := operator.MakeVolumeClaimTemplate(storageSpec.VolumeClaimTemplate) if pvcTemplate.Name == "" { pvcTemplate.Name = volumeName(tr.Name) @@ -450,12 +441,12 @@ func makeStatefulSetSpec(tr *monitoringv1.ThanosRuler, config Config, ruleConfig minReadySeconds = int32(*tr.Spec.MinReadySeconds) } - // PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164 - // This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations - return &appsv1.StatefulSetSpec{ - ServiceName: governingServiceName, - Replicas: tr.Spec.Replicas, - MinReadySeconds: minReadySeconds, + spec := appsv1.StatefulSetSpec{ + ServiceName: governingServiceName, + Replicas: tr.Spec.Replicas, + MinReadySeconds: minReadySeconds, + // PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164 + // This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations PodManagementPolicy: appsv1.ParallelPodManagement, UpdateStrategy: appsv1.StatefulSetUpdateStrategy{ Type: appsv1.RollingUpdateStatefulSetStrategyType, @@ -483,7 +474,12 @@ func makeStatefulSetSpec(tr *monitoringv1.ThanosRuler, config Config, ruleConfig HostAliases: operator.MakeHostAliases(tr.Spec.HostAliases), }, }, - }, nil + } + + k8sutil.UpdateDNSConfig(&spec.Template.Spec, tr.Spec.DNSConfig) + k8sutil.UpdateDNSPolicy(&spec.Template.Spec, tr.Spec.DNSPolicy) + + return &spec, nil } func makeStatefulSetService(tr *monitoringv1.ThanosRuler, config Config) *v1.Service { diff --git a/pkg/thanos/statefulset_test.go b/pkg/thanos/statefulset_test.go index ca4fd6ef6b6..3c964bc05e6 100644 --- a/pkg/thanos/statefulset_test.go +++ b/pkg/thanos/statefulset_test.go @@ -16,7 +16,6 @@ package thanos import ( "fmt" - "reflect" "strings" "testing" @@ -25,6 +24,7 @@ import ( appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" "github.com/prometheus-operator/prometheus-operator/pkg/operator" @@ -69,15 +69,9 @@ func TestStatefulSetLabelingAndAnnotations(t *testing.T) { require.NoError(t, err) - if !reflect.DeepEqual(labels, sset.Labels) { - t.Log(pretty.Compare(labels, sset.Labels)) - t.Fatal("Labels are not properly being propagated to the StatefulSet") - } + require.Equal(t, labels, sset.Labels, pretty.Compare(labels, sset.Labels)) - if !reflect.DeepEqual(expectedAnnotations, sset.Annotations) { - t.Log(pretty.Compare(expectedAnnotations, sset.Annotations)) - t.Fatal("Annotations are not properly being propagated to the StatefulSet") - } + require.Equal(t, expectedAnnotations, sset.Annotations, pretty.Compare(expectedAnnotations, sset.Annotations)) } func TestPodLabelsAnnotations(t *testing.T) { @@ -98,12 +92,12 @@ func TestPodLabelsAnnotations(t *testing.T) { }, }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) require.NoError(t, err) - if val, ok := sset.Spec.Template.ObjectMeta.Labels["testlabel"]; !ok || val != "testvalue" { - t.Fatal("Pod labels are not properly propagated") - } - if val, ok := sset.Spec.Template.ObjectMeta.Annotations["testannotation"]; !ok || val != "testvalue" { - t.Fatal("Pod annotations are not properly propagated") - } + + valLabel := sset.Spec.Template.ObjectMeta.Labels["testlabel"] + require.Equal(t, "testvalue", valLabel) + + valAnnotations := sset.Spec.Template.ObjectMeta.Annotations["testannotation"] + require.Equal(t, "testvalue", valAnnotations) } func TestThanosDefaultBaseImageFlag(t *testing.T) { @@ -119,10 +113,7 @@ func TestThanosDefaultBaseImageFlag(t *testing.T) { image := sset.Spec.Template.Spec.Containers[0].Image expected := "nondefaultuseflag/quay.io/thanos/thanos" + ":" + operator.DefaultThanosVersion - if image != expected { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", expected, image) - } - + require.Equal(t, expected, image) } func TestStatefulSetVolumes(t *testing.T) { @@ -240,15 +231,8 @@ func TestStatefulSetVolumes(t *testing.T) { }, }, defaultTestConfig, []string{"rules-configmap-one"}, "", &operator.ShardedSecret{}) require.NoError(t, err) - if !reflect.DeepEqual(expected.Spec.Template.Spec.Volumes, sset.Spec.Template.Spec.Volumes) { - fmt.Println(pretty.Compare(expected.Spec.Template.Spec.Volumes, sset.Spec.Template.Spec.Volumes)) - t.Fatal("expected volumes to match") - } - - if !reflect.DeepEqual(expected.Spec.Template.Spec.Containers[0].VolumeMounts, sset.Spec.Template.Spec.Containers[0].VolumeMounts) { - fmt.Println(pretty.Compare(expected.Spec.Template.Spec.Containers[0].VolumeMounts, sset.Spec.Template.Spec.Containers[0].VolumeMounts)) - t.Fatal("expected volume mounts to match") - } + require.Equal(t, expected.Spec.Template.Spec.Volumes, sset.Spec.Template.Spec.Volumes) + require.Equal(t, expected.Spec.Template.Spec.Containers[0].VolumeMounts, sset.Spec.Template.Spec.Containers[0].VolumeMounts) } func TestTracing(t *testing.T) { @@ -272,13 +256,9 @@ func TestTracing(t *testing.T) { }, }, }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) - if err != nil { - t.Fatalf("Unexpected error while making StatefulSet: %v", err) - } + require.NoError(t, err) - if sset.Spec.Template.Spec.Containers[0].Name != containerName { - t.Fatalf("expected 1st containers to be thanos-ruler, got %s", sset.Spec.Template.Spec.Containers[0].Name) - } + require.Equal(t, containerName, sset.Spec.Template.Spec.Containers[0].Name) { var containsVolume bool for _, volume := range sset.Spec.Template.Spec.Volumes { @@ -289,9 +269,7 @@ func TestTracing(t *testing.T) { } } } - if !containsVolume { - t.Fatalf("Thanos ruler is missing tracing-config volume with correct secret name and key") - } + require.True(t, containsVolume) } { var containsVolumeMount bool @@ -300,9 +278,7 @@ func TestTracing(t *testing.T) { containsVolumeMount = true } } - if !containsVolumeMount { - t.Fatalf("Thanos ruler is missing tracing-config volume mount with correct name and mountPath") - } + require.True(t, containsVolumeMount) } { const expectedArg = "--tracing.config-file=" + fullPath @@ -313,9 +289,44 @@ func TestTracing(t *testing.T) { break } } - if !containsArg { - t.Fatalf("Thanos ruler is missing expected argument: %s", expectedArg) + require.True(t, containsArg) + } +} + +func TestTracingFile(t *testing.T) { + testPath := "/vault/secret/config.yaml" + testKey := "thanos-tracing-config-secret" + + sset, err := makeStatefulSet(&monitoringv1.ThanosRuler{ + ObjectMeta: metav1.ObjectMeta{}, + Spec: monitoringv1.ThanosRulerSpec{ + QueryEndpoints: emptyQueryEndpoints, + TracingConfigFile: testPath, + TracingConfig: &v1.SecretKeySelector{ + Key: testKey, + }, + }, + }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) + require.NoError(t, err) + + { + var containsArgConfigFile, containsArgConfig bool + expectedArgConfigFile := "--tracing.config-file=" + testPath + expectedArgConfig := "--tracing.config=$(TRACING_CONFIG)" + for _, container := range sset.Spec.Template.Spec.Containers { + if container.Name == "thanos-ruler" { + for _, arg := range container.Args { + if arg == expectedArgConfigFile { + containsArgConfigFile = true + } + if arg == expectedArgConfig { + containsArgConfig = true + } + } + } } + require.True(t, containsArgConfigFile) + require.False(t, containsArgConfig) } } @@ -383,13 +394,9 @@ func TestObjectStorage(t *testing.T) { }, }, }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) - if err != nil { - t.Fatalf("Unexpected error while making StatefulSet: %v", err) - } + require.NoError(t, err) - if sset.Spec.Template.Spec.Containers[0].Name != containerName { - t.Fatalf("expected 1st containers to be thanos-ruler, got %s", sset.Spec.Template.Spec.Containers[0].Name) - } + require.Equal(t, containerName, sset.Spec.Template.Spec.Containers[0].Name) { var containsVolume bool for _, volume := range sset.Spec.Template.Spec.Volumes { @@ -400,9 +407,7 @@ func TestObjectStorage(t *testing.T) { } } } - if !containsVolume { - t.Fatalf("Thanos ruler is missing objstorage-config volume with correct secret name and key") - } + require.True(t, containsVolume) } { var containsVolumeMount bool @@ -411,9 +416,7 @@ func TestObjectStorage(t *testing.T) { containsVolumeMount = true } } - if !containsVolumeMount { - t.Fatalf("Thanos ruler is missing objstorage-config volume mount with correct name and mountPath") - } + require.True(t, containsVolumeMount) } { const expectedArg = "--objstore.config-file=" + fullPath @@ -424,9 +427,7 @@ func TestObjectStorage(t *testing.T) { break } } - if !containsArg { - t.Fatalf("Thanos ruler is missing expected argument: %s", expectedArg) - } + require.True(t, containsArg) } } @@ -444,9 +445,7 @@ func TestObjectStorageFile(t *testing.T) { }, }, }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) - if err != nil { - t.Fatalf("Unexpected error while making StatefulSet: %v", err) - } + require.NoError(t, err) { var containsArgConfigFile, containsArgConfig bool @@ -464,12 +463,8 @@ func TestObjectStorageFile(t *testing.T) { } } } - if !containsArgConfigFile { - t.Fatalf("Thanos ruler is missing expected argument: %s", expectedArgConfigFile) - } - if containsArgConfig { - t.Fatalf("Thanos ruler should not contain argument: %s", expectedArgConfig) - } + require.True(t, containsArgConfigFile) + require.False(t, containsArgConfig) } } @@ -494,13 +489,9 @@ func TestAlertRelabel(t *testing.T) { }, }, }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) - if err != nil { - t.Fatalf("Unexpected error while making StatefulSet: %v", err) - } + require.NoError(t, err) - if sset.Spec.Template.Spec.Containers[0].Name != containerName { - t.Fatalf("expected 1st containers to be thanos-ruler, got %s", sset.Spec.Template.Spec.Containers[0].Name) - } + require.Equal(t, containerName, sset.Spec.Template.Spec.Containers[0].Name) { var containsVolume bool for _, volume := range sset.Spec.Template.Spec.Volumes { @@ -511,9 +502,7 @@ func TestAlertRelabel(t *testing.T) { } } } - if !containsVolume { - t.Fatalf("Thanos ruler is missing alertrelabel-config volume with correct secret name and key") - } + require.True(t, containsVolume) } { var containsVolumeMount bool @@ -522,9 +511,7 @@ func TestAlertRelabel(t *testing.T) { containsVolumeMount = true } } - if !containsVolumeMount { - t.Fatalf("Thanos ruler is missing alertrelabel-config volume mount with correct name and mountPath") - } + require.True(t, containsVolumeMount) } { const expectedArg = "--alert.relabel-config-file=" + fullPath @@ -535,9 +522,7 @@ func TestAlertRelabel(t *testing.T) { break } } - if !containsArg { - t.Fatalf("Thanos ruler is missing expected argument: %s", expectedArg) - } + require.True(t, containsArg) } } @@ -555,9 +540,7 @@ func TestAlertRelabelFile(t *testing.T) { }, }, }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) - if err != nil { - t.Fatalf("Unexpected error while making StatefulSet: %v", err) - } + require.NoError(t, err) { var containsArgConfigFile, containsArgConfigs bool @@ -575,12 +558,8 @@ func TestAlertRelabelFile(t *testing.T) { } } } - if !containsArgConfigFile { - t.Fatalf("Thanos ruler is missing expected argument: %s", expectedArgConfigFile) - } - if containsArgConfigs { - t.Fatalf("Thanos ruler should not contain argument: %s", expectedArgConfigs) - } + require.True(t, containsArgConfigFile) + require.False(t, containsArgConfigs) } } @@ -656,14 +635,10 @@ func TestLabelsAndAlertDropLabels(t *testing.T) { AlertDropLabels: tc.AlertDropLabels, }, }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) - if err != nil { - t.Fatalf("Unexpected error while making StatefulSet: %v", err) - } + require.NoError(t, err) ruler := sset.Spec.Template.Spec.Containers[0] - if ruler.Name != "thanos-ruler" { - t.Fatalf("Expected 1st containers to be thanos-ruler, got %s", ruler.Name) - } + require.Equal(t, "thanos-ruler", ruler.Name) for _, arg := range ruler.Args { if strings.HasPrefix(arg, labelPrefix) { @@ -672,13 +647,8 @@ func TestLabelsAndAlertDropLabels(t *testing.T) { actualDropLabels = append(actualDropLabels, strings.TrimPrefix(arg, alertDropLabelPrefix)) } } - if !reflect.DeepEqual(actualLabels, tc.ExpectedLabels) { - t.Fatalf("labels mismatch expected %v but got %v", tc.ExpectedLabels, actualLabels) - } - - if !reflect.DeepEqual(actualDropLabels, tc.ExpectedAlertDropLabels) { - t.Fatalf("alert drop labels mismatch, expected %v, but got %v", tc.ExpectedAlertDropLabels, actualDropLabels) - } + require.Equal(t, tc.ExpectedLabels, actualLabels) + require.Equal(t, tc.ExpectedAlertDropLabels, actualDropLabels) }) } } @@ -703,9 +673,7 @@ func TestAdditionalContainers(t *testing.T) { }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) require.NoError(t, err) - if len(baseSet.Spec.Template.Spec.Containers)+1 != len(addSset.Spec.Template.Spec.Containers) { - t.Fatalf("container count mismatch") - } + require.Len(t, addSset.Spec.Template.Spec.Containers, len(baseSet.Spec.Template.Spec.Containers)+1) // Adding a new container with the same name results in a merge and just one container const existingContainerName = "thanos-ruler" @@ -723,15 +691,11 @@ func TestAdditionalContainers(t *testing.T) { }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) require.NoError(t, err) - if len(baseSet.Spec.Template.Spec.Containers) != len(modSset.Spec.Template.Spec.Containers) { - t.Fatalf("container count mismatch. container %s was added instead of merged", existingContainerName) - } + require.Equal(t, len(baseSet.Spec.Template.Spec.Containers), len(modSset.Spec.Template.Spec.Containers)) // Check that adding a container with an existing name results in a single patched container. for _, c := range modSset.Spec.Template.Spec.Containers { - if c.Name == existingContainerName && c.Image != containerImage { - t.Fatalf("expected container %s to have the image %s but got %s", existingContainerName, containerImage, c.Image) - } + require.False(t, c.Name == existingContainerName && c.Image != containerImage) } } @@ -750,9 +714,7 @@ func TestRetention(t *testing.T) { }, }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) - if err != nil { - t.Fatalf("expecting no error but got %q", err) - } + require.NoError(t, err) trArgs := sset.Spec.Template.Spec.Containers[0].Args expectedRetentionArg := fmt.Sprintf("--tsdb.retention=%s", tc.expectedRetention) @@ -764,9 +726,7 @@ func TestRetention(t *testing.T) { } } - if !found { - t.Fatalf("expected ThanosRuler args to contain %v, but got %v", expectedRetentionArg, trArgs) - } + require.True(t, found) }) } } @@ -834,52 +794,24 @@ func TestPodTemplateConfig(t *testing.T) { AdditionalArgs: additionalArgs, }, }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) - if err != nil { - t.Fatalf("Unexpected error while making StatefulSet: %v", err) - } + require.NoError(t, err) - if !reflect.DeepEqual(sset.Spec.Template.Spec.NodeSelector, nodeSelector) { - t.Fatalf("expected node selector to match, want %v, got %v", nodeSelector, sset.Spec.Template.Spec.NodeSelector) - } - if !reflect.DeepEqual(*sset.Spec.Template.Spec.Affinity, affinity) { - t.Fatalf("expected affinity to match, want %v, got %v", affinity, *sset.Spec.Template.Spec.Affinity) - } - if !reflect.DeepEqual(sset.Spec.Template.Spec.Tolerations, tolerations) { - t.Fatalf("expected tolerations to match, want %v, got %v", tolerations, sset.Spec.Template.Spec.Tolerations) - } - if !reflect.DeepEqual(*sset.Spec.Template.Spec.SecurityContext, securityContext) { - t.Fatalf("expected security context to match, want %v, got %v", securityContext, *sset.Spec.Template.Spec.SecurityContext) - } - if sset.Spec.Template.Spec.PriorityClassName != priorityClassName { - t.Fatalf("expected priority class name to match, want %s, got %s", priorityClassName, sset.Spec.Template.Spec.PriorityClassName) - } - if sset.Spec.Template.Spec.ServiceAccountName != serviceAccountName { - t.Fatalf("expected service account name to match, want %s, got %s", serviceAccountName, sset.Spec.Template.Spec.ServiceAccountName) - } - if len(sset.Spec.Template.Spec.HostAliases) != len(hostAliases) { - t.Fatalf("expected length of host aliases to match, want %d, got %d", len(hostAliases), len(sset.Spec.Template.Spec.HostAliases)) - } - if !reflect.DeepEqual(sset.Spec.Template.Spec.ImagePullSecrets, imagePullSecrets) { - t.Fatalf("expected image pull secrets to match, want %s, got %s", imagePullSecrets, sset.Spec.Template.Spec.ImagePullSecrets) - } + require.Equal(t, nodeSelector, sset.Spec.Template.Spec.NodeSelector) + require.Equal(t, affinity, *sset.Spec.Template.Spec.Affinity) + require.Equal(t, tolerations, sset.Spec.Template.Spec.Tolerations) + require.Equal(t, securityContext, *sset.Spec.Template.Spec.SecurityContext) + require.Equal(t, priorityClassName, sset.Spec.Template.Spec.PriorityClassName) + require.Equal(t, serviceAccountName, sset.Spec.Template.Spec.ServiceAccountName) + require.Equal(t, len(hostAliases), len(sset.Spec.Template.Spec.HostAliases)) + require.Equal(t, imagePullSecrets, sset.Spec.Template.Spec.ImagePullSecrets) for _, initContainer := range sset.Spec.Template.Spec.InitContainers { - if !reflect.DeepEqual(initContainer.ImagePullPolicy, imagePullPolicy) { - t.Fatalf("expected imagePullPolicy to match, want %s, got %s", imagePullPolicy, sset.Spec.Template.Spec.Containers[0].ImagePullPolicy) - } + require.Equal(t, imagePullPolicy, initContainer.ImagePullPolicy) } for _, container := range sset.Spec.Template.Spec.Containers { - if !reflect.DeepEqual(container.ImagePullPolicy, imagePullPolicy) { - t.Fatalf("expected imagePullPolicy to match, want %s, got %s", imagePullPolicy, sset.Spec.Template.Spec.Containers[0].ImagePullPolicy) - } - } - if !strings.Contains( - sset.Spec.Template.Spec.Containers[0].Args[len(sset.Spec.Template.Spec.Containers[0].Args)-1], - "--additional.arg=additional-arg-value") { - t.Fatalf("expected additional arguments to match, want %s, got %s", additionalArgs, sset.Spec.Template.Spec.Containers[0].Args[len(sset.Spec.Template.Spec.Containers[0].Args)-1]) - } - if sset.Spec.Template.Spec.Containers[0].Args[0] != "rule" { - t.Fatalf("expected first argument to match, want `rule`, got %s", sset.Spec.Template.Spec.Containers[0].Args[0]) + require.Equal(t, imagePullPolicy, container.ImagePullPolicy) } + require.Contains(t, sset.Spec.Template.Spec.Containers[0].Args[len(sset.Spec.Template.Spec.Containers[0].Args)-1], "--additional.arg=additional-arg-value") + require.Equal(t, "rule", sset.Spec.Template.Spec.Containers[0].Args[0]) } func TestExternalQueryURL(t *testing.T) { @@ -889,13 +821,8 @@ func TestExternalQueryURL(t *testing.T) { QueryEndpoints: emptyQueryEndpoints, }, }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) - if err != nil { - t.Fatalf("Unexpected error while making StatefulSet: %v", err) - } - - if sset.Spec.Template.Spec.Containers[0].Name != containerName { - t.Fatalf("expected 1st containers to be thanos-ruler, got %s", sset.Spec.Template.Spec.Containers[0].Name) - } + require.NoError(t, err) + require.Equal(t, containerName, sset.Spec.Template.Spec.Containers[0].Name) const expectedArg = "--alert.query-url=https://example.com/" for _, arg := range sset.Spec.Template.Spec.Containers[0].Args { @@ -903,7 +830,7 @@ func TestExternalQueryURL(t *testing.T) { return } } - t.Fatalf("Thanos ruler is missing expected argument: %s", expectedArg) + require.FailNow(t, "Thanos ruler is missing expected argument: %s", expectedArg) } func TestSidecarResources(t *testing.T) { @@ -934,23 +861,29 @@ func TestStatefulSetMinReadySeconds(t *testing.T) { } statefulSet, err := makeStatefulSetSpec(&tr, defaultTestConfig, nil, &operator.ShardedSecret{}) - if err != nil { - t.Fatal(err) - } - if statefulSet.MinReadySeconds != 0 { - t.Fatalf("expected MinReadySeconds to be zero but got %d", statefulSet.MinReadySeconds) - } + require.NoError(t, err) + require.Equal(t, int32(0), statefulSet.MinReadySeconds) // assert set correctly if not nil var expect uint32 = 5 tr.Spec.MinReadySeconds = &expect statefulSet, err = makeStatefulSetSpec(&tr, defaultTestConfig, nil, &operator.ShardedSecret{}) - if err != nil { - t.Fatal(err) - } - if statefulSet.MinReadySeconds != int32(expect) { - t.Fatalf("expected MinReadySeconds to be %d but got %d", expect, statefulSet.MinReadySeconds) + require.NoError(t, err) + require.Equal(t, int32(expect), statefulSet.MinReadySeconds) +} + +func TestStatefulSetServiceName(t *testing.T) { + tr := monitoringv1.ThanosRuler{ + Spec: monitoringv1.ThanosRulerSpec{ + QueryEndpoints: emptyQueryEndpoints, + }, } + + // assert set correctly + expect := governingServiceName + spec, err := makeStatefulSetSpec(&tr, defaultTestConfig, nil, &operator.ShardedSecret{}) + require.NoError(t, err) + require.Equal(t, expect, spec.ServiceName) } func TestStatefulSetServiceName(t *testing.T) { @@ -1006,9 +939,7 @@ func TestStatefulSetPVC(t *testing.T) { require.NoError(t, err) ssetPvc := sset.Spec.VolumeClaimTemplates[0] - if !reflect.DeepEqual(*pvc.Spec.StorageClassName, *ssetPvc.Spec.StorageClassName) { - t.Fatal("Error adding PVC Spec to StatefulSetSpec") - } + require.Equal(t, *pvc.Spec.StorageClassName, *ssetPvc.Spec.StorageClassName) } func TestStatefulEmptyDir(t *testing.T) { @@ -1038,9 +969,8 @@ func TestStatefulEmptyDir(t *testing.T) { require.NoError(t, err) ssetVolumes := sset.Spec.Template.Spec.Volumes - if ssetVolumes[len(ssetVolumes)-1].VolumeSource.EmptyDir == nil || !reflect.DeepEqual(emptyDir.Medium, ssetVolumes[len(ssetVolumes)-1].VolumeSource.EmptyDir.Medium) { - t.Fatal("Error adding EmptyDir Spec to StatefulSetSpec") - } + require.NotNil(t, ssetVolumes[len(ssetVolumes)-1].VolumeSource.EmptyDir) + require.Equal(t, emptyDir.Medium, ssetVolumes[len(ssetVolumes)-1].VolumeSource.EmptyDir.Medium) } func TestStatefulSetEphemeral(t *testing.T) { @@ -1077,10 +1007,8 @@ func TestStatefulSetEphemeral(t *testing.T) { require.NoError(t, err) ssetVolumes := sset.Spec.Template.Spec.Volumes - if ssetVolumes[len(ssetVolumes)-1].VolumeSource.Ephemeral == nil || - !reflect.DeepEqual(ephemeral.VolumeClaimTemplate.Spec.StorageClassName, ssetVolumes[len(ssetVolumes)-1].VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.StorageClassName) { - t.Fatal("Error adding Ephemeral Spec to StatefulSetSpec") - } + require.NotNil(t, ssetVolumes[len(ssetVolumes)-1].VolumeSource.Ephemeral) + require.Equal(t, ephemeral.VolumeClaimTemplate.Spec.StorageClassName, ssetVolumes[len(ssetVolumes)-1].VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.StorageClassName) } func TestThanosVersion(t *testing.T) { @@ -1104,16 +1032,47 @@ func TestThanosVersion(t *testing.T) { }, }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) - if tc.expectedError && err == nil { - t.Fatal("expected error but got nil") + if tc.expectedError { + require.Error(t, err) } if !tc.expectedError { image := sset.Spec.Template.Spec.Containers[0].Image - if image != tc.expectedImage { - t.Fatalf("Unexpected container image.\n\nExpected: %s\n\nGot: %s", tc.expectedImage, image) - } + require.Equal(t, tc.expectedImage, image) } }) } } + +func TestStatefulSetDNSPolicyAndDNSConfig(t *testing.T) { + sset, err := makeStatefulSet(&monitoringv1.ThanosRuler{ + ObjectMeta: metav1.ObjectMeta{}, + Spec: monitoringv1.ThanosRulerSpec{ + QueryEndpoints: emptyQueryEndpoints, + DNSPolicy: ptr.To(monitoringv1.DNSClusterFirst), + DNSConfig: &monitoringv1.PodDNSConfig{ + Nameservers: []string{"8.8.8.8"}, + Searches: []string{"custom.search"}, + Options: []monitoringv1.PodDNSConfigOption{ + { + Name: "ndots", + Value: ptr.To("5"), + }, + }, + }, + }, + }, defaultTestConfig, nil, "", &operator.ShardedSecret{}) + require.NoError(t, err) + + require.Equal(t, v1.DNSClusterFirst, sset.Spec.Template.Spec.DNSPolicy, "expected DNS policy to match") + require.Equal(t, &v1.PodDNSConfig{ + Nameservers: []string{"8.8.8.8"}, + Searches: []string{"custom.search"}, + Options: []v1.PodDNSConfigOption{ + { + Name: "ndots", + Value: ptr.To("5"), + }, + }, + }, sset.Spec.Template.Spec.DNSConfig, "expected DNS configuration to match") +} diff --git a/pkg/webconfig/config.go b/pkg/webconfig/config.go index f2d61cec3e6..f57771f45fb 100644 --- a/pkg/webconfig/config.go +++ b/pkg/webconfig/config.go @@ -56,12 +56,7 @@ func New(mountingDir string, secretName string, configFileFields monitoringv1.We var tlsCreds *tlsCredentials if tlsConfig != nil { - tlsCreds = &tlsCredentials{ - mountPath: mountingDir, - keySecret: tlsConfig.KeySecret, - cert: tlsConfig.Cert, - clientCA: tlsConfig.ClientCA, - } + tlsCreds = newTLSCredentials(mountingDir, tlsConfig.KeySecret, tlsConfig.KeyFile, tlsConfig.Cert, tlsConfig.CertFile, tlsConfig.ClientCA, tlsConfig.ClientCAFile) } return &Config{ @@ -139,12 +134,19 @@ func (c Config) addTLSServerConfigToYaml(cfg yaml.MapSlice) yaml.MapSlice { } tlsServerConfig := yaml.MapSlice{} - if certPath := c.tlsCredentials.getCertMountPath(); certPath != "" { - tlsServerConfig = append(tlsServerConfig, yaml.MapItem{Key: "cert_file", Value: fmt.Sprintf("%s/%s", certPath, c.tlsCredentials.getCertFilename())}) + + switch { + case c.tlsCredentials.certFile != "": + tlsServerConfig = append(tlsServerConfig, yaml.MapItem{Key: "cert_file", Value: c.tlsCredentials.certFile}) + case c.tlsCredentials.getCertMountPath() != "": + tlsServerConfig = append(tlsServerConfig, yaml.MapItem{Key: "cert_file", Value: fmt.Sprintf("%s/%s", c.tlsCredentials.getCertMountPath(), c.tlsCredentials.getCertFilename())}) } - if keyPath := c.tlsCredentials.getKeyMountPath(); keyPath != "" { - tlsServerConfig = append(tlsServerConfig, yaml.MapItem{Key: "key_file", Value: fmt.Sprintf("%s/%s", keyPath, c.tlsCredentials.getKeyFilename())}) + switch { + case c.tlsCredentials.keyFile != "": + tlsServerConfig = append(tlsServerConfig, yaml.MapItem{Key: "key_file", Value: c.tlsCredentials.keyFile}) + case c.tlsCredentials.getKeyMountPath() != "": + tlsServerConfig = append(tlsServerConfig, yaml.MapItem{Key: "key_file", Value: fmt.Sprintf("%s/%s", c.tlsCredentials.getKeyMountPath(), c.tlsCredentials.getKeyFilename())}) } if tls.ClientAuthType != "" { @@ -154,8 +156,11 @@ func (c Config) addTLSServerConfigToYaml(cfg yaml.MapSlice) yaml.MapSlice { }) } - if caPath := c.tlsCredentials.getCAMountPath(); caPath != "" { - tlsServerConfig = append(tlsServerConfig, yaml.MapItem{Key: "client_ca_file", Value: fmt.Sprintf("%s/%s", caPath, c.tlsCredentials.getCAFilename())}) + switch { + case c.tlsCredentials.clientCAFile != "": + tlsServerConfig = append(tlsServerConfig, yaml.MapItem{Key: "client_ca_file", Value: c.tlsCredentials.clientCAFile}) + case c.tlsCredentials.getCAMountPath() != "": + tlsServerConfig = append(tlsServerConfig, yaml.MapItem{Key: "client_ca_file", Value: fmt.Sprintf("%s/%s", c.tlsCredentials.getCAMountPath(), c.tlsCredentials.getCAFilename())}) } if tls.MinVersion != "" { diff --git a/pkg/webconfig/config_test.go b/pkg/webconfig/config_test.go index dc8b48d78f5..3457c5c28de 100644 --- a/pkg/webconfig/config_test.go +++ b/pkg/webconfig/config_test.go @@ -150,6 +150,17 @@ func TestCreateOrUpdateWebConfigSecret(t *testing.T) { }, golden: "TLS_config_with_all_parameters_from_secrets.golden", }, + { + name: "TLS config with client CA, cert and key files", + webConfigFileFields: monitoringv1.WebConfigFileFields{ + TLSConfig: &monitoringv1.WebTLSConfig{ + ClientCAFile: "/etc/ssl/certs/tls.client_ca", + CertFile: "/etc/ssl/certs/tls.crt", + KeyFile: "/etc/ssl/secrets/tls.key", + }, + }, + golden: "TLS_config_with_client_CA_cert_and_key_files.golden", + }, { name: "HTTP config with all parameters", webConfigFileFields: monitoringv1.WebConfigFileFields{ diff --git a/pkg/webconfig/testdata/TLS_config_with_client_CA_cert_and_key_files.golden b/pkg/webconfig/testdata/TLS_config_with_client_CA_cert_and_key_files.golden new file mode 100644 index 00000000000..26e7b27fbcc --- /dev/null +++ b/pkg/webconfig/testdata/TLS_config_with_client_CA_cert_and_key_files.golden @@ -0,0 +1,4 @@ +tls_server_config: + cert_file: /etc/ssl/certs/tls.crt + key_file: /etc/ssl/secrets/tls.key + client_ca_file: /etc/ssl/certs/tls.client_ca diff --git a/pkg/webconfig/tls_credentials.go b/pkg/webconfig/tls_credentials.go index dd407b7c1bd..7b6b9336b5e 100644 --- a/pkg/webconfig/tls_credentials.go +++ b/pkg/webconfig/tls_credentials.go @@ -35,10 +35,37 @@ type tlsCredentials struct { // keySecret is the Kubernetes secret containing the TLS key. keySecret corev1.SecretKeySelector - // cert is the Kubernetes secret or configmap containing the TLS certificate. + // keyFile is file path containing the TLS key + keyFile string + // cert is the kubernetes secret or configmap containing the TLS certificate cert monitoringv1.SecretOrConfigMap - // clientCA is the Kubernetes secret or configmap containing the client CA certificate. + // certFile is file path containing the TLS certificate + certFile string + // clientCA is the kubernetes secret or configmap containing the client CA certificate clientCA monitoringv1.SecretOrConfigMap + // clientCAFile is file path containing the client CA certificate + clientCAFile string +} + +// newTLSCredentials creates new tlsCredentials from secrets of configmaps. +func newTLSCredentials( + mountPath string, + keySecret corev1.SecretKeySelector, + keyFile string, + cert monitoringv1.SecretOrConfigMap, + certFile string, + clientCA monitoringv1.SecretOrConfigMap, + clientCAFile string, +) *tlsCredentials { + return &tlsCredentials{ + mountPath: mountPath, + keySecret: keySecret, + keyFile: keyFile, + cert: cert, + certFile: certFile, + clientCA: clientCA, + clientCAFile: clientCAFile, + } } // getMountParameters creates volumes and volume mounts referencing the TLS credentials. diff --git a/scripts/docs/templates/pkg.tpl b/scripts/docs/templates/pkg.tpl index d429a35c33c..0dfa360d248 100644 --- a/scripts/docs/templates/pkg.tpl +++ b/scripts/docs/templates/pkg.tpl @@ -5,7 +5,7 @@ description: "Prometheus operator generated API reference docs" draft: false images: [] menu: "operator" -weight: 211 +weight: 151 toc: true --- diff --git a/scripts/go.mod b/scripts/go.mod index fe74f3daf2f..35858daa54f 100644 --- a/scripts/go.mod +++ b/scripts/go.mod @@ -1,34 +1,35 @@ module github.com/prometheus-operator/prometheus-operator/tooling -go 1.22.0 +go 1.23 -toolchain go1.22.3 +toolchain go1.23.1 require ( github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20230629042818-f2b666635240 github.com/brancz/gojsontoyaml v0.1.0 github.com/bwplotka/mdox v0.9.1-0.20220713080221-769034ad8cfe - github.com/golangci/golangci-lint v1.57.2 + github.com/golangci/golangci-lint v1.61.0 github.com/google/go-jsonnet v0.20.0 github.com/jsonnet-bundler/jsonnet-bundler v0.5.1 - github.com/yeya24/promlinter v0.2.0 - k8s.io/code-generator v0.30.1 - sigs.k8s.io/controller-tools v0.15.0 + github.com/yeya24/promlinter v0.3.0 + k8s.io/code-generator v0.31.1 + sigs.k8s.io/controller-tools v0.16.4 ) require ( 4d63.com/gocheckcompilerdirectives v1.2.1 // indirect 4d63.com/gochecknoglobals v0.2.1 // indirect - github.com/4meepo/tagalign v1.3.3 // indirect - github.com/Abirdcfly/dupword v0.0.14 // indirect - github.com/Antonboom/errname v0.1.12 // indirect - github.com/Antonboom/nilnil v0.1.7 // indirect - github.com/Antonboom/testifylint v1.2.0 // indirect - github.com/BurntSushi/toml v1.3.2 // indirect + github.com/4meepo/tagalign v1.3.4 // indirect + github.com/Abirdcfly/dupword v0.1.1 // indirect + github.com/Antonboom/errname v0.1.13 // indirect + github.com/Antonboom/nilnil v0.1.9 // indirect + github.com/Antonboom/testifylint v1.4.3 // indirect + github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c // indirect + github.com/Crocmagnon/fatcontext v0.5.2 // indirect github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect - github.com/GaijinEntertainment/go-exhaustruct/v3 v3.2.0 // indirect + github.com/GaijinEntertainment/go-exhaustruct/v3 v3.3.0 // indirect github.com/Kunde21/markdownfmt/v2 v2.1.1-0.20210810103848-727f02f4c51c // indirect - github.com/Masterminds/semver v1.5.0 // indirect + github.com/Masterminds/semver/v3 v3.3.0 // indirect github.com/OpenPeeDeeP/depguard/v2 v2.2.0 // indirect github.com/PuerkitoBio/goquery v1.5.1 // indirect github.com/alecthomas/chroma v0.10.0 // indirect @@ -50,43 +51,44 @@ require ( github.com/bep/golibsass v1.1.0 // indirect github.com/bkielbasa/cyclop v1.2.1 // indirect github.com/blizzy78/varnamelen v0.8.0 // indirect - github.com/bombsimon/wsl/v4 v4.2.1 // indirect + github.com/bombsimon/wsl/v4 v4.4.1 // indirect github.com/breml/bidichk v0.2.7 // indirect github.com/breml/errchkjson v0.3.6 // indirect github.com/butuzov/ireturn v0.3.0 // indirect - github.com/butuzov/mirror v1.1.0 // indirect + github.com/butuzov/mirror v1.2.0 // indirect github.com/catenacyber/perfsprint v0.7.1 // indirect github.com/ccojocar/zxcvbn-go v1.0.2 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/charithe/durationcheck v0.0.10 // indirect github.com/charmbracelet/glamour v0.5.0 // indirect github.com/chavacava/garif v0.1.0 // indirect - github.com/ckaznocha/intrange v0.1.1 // indirect + github.com/ckaznocha/intrange v0.2.0 // indirect github.com/clbanning/mxj/v2 v2.5.6 // indirect github.com/cli/safeexec v1.0.0 // indirect github.com/curioswitch/go-reassign v0.2.0 // indirect - github.com/daixiang0/gci v0.12.3 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/daixiang0/gci v0.13.5 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/denis-tingaikin/go-header v0.5.0 // indirect github.com/dlclark/regexp2 v1.4.0 // indirect github.com/efficientgo/tools/core v0.0.0-20210609125236-d73259166f20 // indirect github.com/efficientgo/tools/extkingpin v0.0.0-20210609125236-d73259166f20 // indirect github.com/ettle/strcase v0.2.0 // indirect - github.com/fatih/color v1.16.0 // indirect + github.com/fatih/color v1.17.0 // indirect github.com/fatih/structtag v1.2.0 // indirect github.com/felixge/fgprof v0.9.1 // indirect - github.com/firefart/nonamedreturns v1.0.4 // indirect + github.com/firefart/nonamedreturns v1.0.5 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/fzipp/gocyclo v0.6.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect - github.com/ghostiam/protogetter v0.3.5 // indirect - github.com/go-critic/go-critic v0.11.2 // indirect + github.com/ghostiam/protogetter v0.3.6 // indirect + github.com/go-critic/go-critic v0.11.4 // indirect github.com/go-kit/kit v0.10.0 // indirect github.com/go-logfmt/logfmt v0.5.1 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/swag v0.22.4 // indirect github.com/go-toolsmith/astcast v1.1.0 // indirect github.com/go-toolsmith/astcopy v1.1.0 // indirect github.com/go-toolsmith/astequal v1.2.0 // indirect @@ -94,53 +96,55 @@ require ( github.com/go-toolsmith/astp v1.1.0 // indirect github.com/go-toolsmith/strparse v1.1.0 // indirect github.com/go-toolsmith/typep v1.1.0 // indirect - github.com/go-viper/mapstructure/v2 v2.0.0-alpha.1 // indirect + github.com/go-viper/mapstructure/v2 v2.1.0 // indirect github.com/go-xmlfmt/xmlfmt v1.1.2 // indirect - github.com/gobuffalo/flect v1.0.2 // indirect + github.com/gobuffalo/flect v1.0.3 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gocolly/colly/v2 v2.1.1-0.20201013153555-8252c346cfb0 // indirect - github.com/gofrs/flock v0.8.1 // indirect + github.com/gofrs/flock v0.12.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/gohugoio/hugo v0.101.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a // indirect - github.com/golangci/gofmt v0.0.0-20231018234816-f50ced29576e // indirect - github.com/golangci/misspell v0.4.1 // indirect + github.com/golangci/gofmt v0.0.0-20240816233607-d8596aa466a9 // indirect + github.com/golangci/misspell v0.6.0 // indirect + github.com/golangci/modinfo v0.3.4 // indirect github.com/golangci/plugin-module-register v0.1.1 // indirect - github.com/golangci/revgrep v0.5.2 // indirect + github.com/golangci/revgrep v0.5.3 // indirect github.com/golangci/unconvert v0.0.0-20240309020433-c5143eacb3ed // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect + github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect github.com/gordonklaus/ineffassign v0.1.0 // indirect github.com/gorilla/css v1.0.0 // indirect github.com/gostaticanalysis/analysisutil v0.7.1 // indirect github.com/gostaticanalysis/comment v1.4.2 // indirect github.com/gostaticanalysis/forcetypeassert v0.1.0 // indirect github.com/gostaticanalysis/nilerr v0.1.1 // indirect - github.com/hashicorp/go-version v1.6.0 // indirect + github.com/hashicorp/go-version v1.7.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hexops/gotextdiff v1.0.3 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jgautheron/goconst v1.7.1 // indirect github.com/jingyugao/rowserrcheck v1.1.1 // indirect github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af // indirect - github.com/jjti/go-spancheck v0.5.3 // indirect + github.com/jjti/go-spancheck v0.6.2 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/julz/importas v0.1.0 // indirect - github.com/karamaru-alpha/copyloopvar v1.0.10 // indirect + github.com/karamaru-alpha/copyloopvar v1.1.0 // indirect github.com/kennygrant/sanitize v1.2.4 // indirect github.com/kisielk/errcheck v1.7.0 // indirect github.com/kkHAIKE/contextcheck v1.1.5 // indirect github.com/kulti/thelper v0.6.3 // indirect github.com/kunwardeep/paralleltest v1.0.10 // indirect github.com/kyoh86/exportloopref v0.1.11 // indirect + github.com/lasiar/canonicalheader v1.1.1 // indirect github.com/ldez/gomoddirectives v0.2.4 // indirect github.com/ldez/tagliatelle v0.5.0 // indirect - github.com/leonklingele/grouper v1.1.1 // indirect + github.com/leonklingele/grouper v1.1.2 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/lufeee/execinquery v1.2.1 // indirect github.com/macabu/inamedparam v0.1.3 // indirect @@ -153,16 +157,16 @@ require ( github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.13 // indirect github.com/mattn/go-shellwords v1.0.10 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect - github.com/mgechev/revive v1.3.7 // indirect + github.com/mgechev/revive v1.3.9 // indirect github.com/microcosm-cc/bluemonday v1.0.17 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/moricho/tparallel v0.3.1 // indirect + github.com/moricho/tparallel v0.3.2 // indirect github.com/muesli/reflow v0.3.0 // indirect github.com/muesli/termenv v0.9.0 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/nakabonne/nestif v0.3.1 // indirect github.com/niklasfasching/go-org v1.6.5 // indirect github.com/nishanths/exhaustive v0.12.0 // indirect @@ -171,38 +175,39 @@ require ( github.com/oklog/run v1.1.0 // indirect github.com/olekukonko/tablewriter v0.0.5 // indirect github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pelletier/go-toml/v2 v2.2.0 // indirect + github.com/pelletier/go-toml/v2 v2.2.3 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/polyfloyd/go-errorlint v1.4.8 // indirect - github.com/prometheus/client_golang v1.16.0 // indirect - github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.10.1 // indirect - github.com/quasilyte/go-ruleguard v0.4.2 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/polyfloyd/go-errorlint v1.6.0 // indirect + github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + github.com/quasilyte/go-ruleguard v0.4.3-0.20240823090925-0fe6f58b47b1 // indirect + github.com/quasilyte/go-ruleguard/dsl v0.3.22 // indirect github.com/quasilyte/gogrep v0.5.0 // indirect github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 // indirect github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect github.com/rivo/uniseg v0.2.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/ryancurrah/gomodguard v1.3.1 // indirect + github.com/ryancurrah/gomodguard v1.3.5 // indirect github.com/ryanrolds/sqlclosecheck v0.5.1 // indirect github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect github.com/sanposhiho/wastedassign/v2 v2.0.7 // indirect github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect github.com/sashamelentyev/interfacebloat v1.1.0 // indirect - github.com/sashamelentyev/usestdlibvars v1.25.0 // indirect - github.com/securego/gosec/v2 v2.19.0 // indirect + github.com/sashamelentyev/usestdlibvars v1.27.0 // indirect + github.com/securego/gosec/v2 v2.21.2 // indirect github.com/sergi/go-diff v1.1.0 // indirect github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/sivchari/containedctx v1.0.3 // indirect - github.com/sivchari/tenv v1.7.1 // indirect + github.com/sivchari/tenv v1.10.0 // indirect github.com/sonatard/noctx v0.0.2 // indirect github.com/sourcegraph/go-diff v0.7.0 // indirect github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.5.0 // indirect - github.com/spf13/cobra v1.8.0 // indirect + github.com/spf13/cobra v1.8.1 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/viper v1.13.0 // indirect @@ -211,57 +216,57 @@ require ( github.com/stretchr/objx v0.5.2 // indirect github.com/stretchr/testify v1.9.0 // indirect github.com/subosito/gotenv v1.4.1 // indirect - github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c // indirect github.com/tdakkota/asciicheck v0.2.0 // indirect github.com/tdewolff/parse/v2 v2.6.0 // indirect github.com/temoto/robotstxt v1.1.1 // indirect - github.com/tetafro/godot v1.4.16 // indirect + github.com/tetafro/godot v1.4.17 // indirect github.com/theckman/yacspin v0.8.0 // indirect github.com/timakin/bodyclose v0.0.0-20230421092635-574207250966 // indirect github.com/timonwong/loggercheck v0.9.4 // indirect - github.com/tomarrell/wrapcheck/v2 v2.8.3 // indirect + github.com/tomarrell/wrapcheck/v2 v2.9.0 // indirect github.com/tommy-muehle/go-mnd/v2 v2.5.1 // indirect github.com/ultraware/funlen v0.1.0 // indirect - github.com/ultraware/whitespace v0.1.0 // indirect - github.com/uudashr/gocognit v1.1.2 // indirect + github.com/ultraware/whitespace v0.1.1 // indirect + github.com/uudashr/gocognit v1.1.3 // indirect + github.com/x448/float16 v0.8.4 // indirect github.com/xen0n/gosmopolitan v1.2.2 // indirect github.com/yagipy/maintidx v1.0.0 // indirect github.com/ykadowak/zerologlint v0.1.5 // indirect github.com/yuin/goldmark v1.4.13 // indirect github.com/yuin/goldmark-emoji v1.0.1 // indirect - gitlab.com/bosi/decorder v0.4.1 // indirect - go-simpler.org/musttag v0.9.0 // indirect - go-simpler.org/sloglint v0.5.0 // indirect + gitlab.com/bosi/decorder v0.4.2 // indirect + go-simpler.org/musttag v0.12.2 // indirect + go-simpler.org/sloglint v0.7.2 // indirect go.uber.org/automaxprocs v1.5.3 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc // indirect + golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e // indirect golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f // indirect - golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.24.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect - golang.org/x/tools v0.20.0 // indirect + golang.org/x/mod v0.21.0 // indirect + golang.org/x/net v0.30.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/text v0.19.0 // indirect + golang.org/x/tools v0.26.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/protobuf v1.34.2 // indirect gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - honnef.co/go/tools v0.4.7 // indirect - k8s.io/api v0.30.0 // indirect - k8s.io/apiextensions-apiserver v0.30.0 // indirect - k8s.io/apimachinery v0.30.1 // indirect + honnef.co/go/tools v0.5.1 // indirect + k8s.io/api v0.31.1 // indirect + k8s.io/apiextensions-apiserver v0.31.1 // indirect + k8s.io/apimachinery v0.31.1 // indirect k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect k8s.io/klog v1.0.0 // indirect - k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect - mvdan.cc/gofumpt v0.6.0 // indirect - mvdan.cc/unparam v0.0.0-20240104100049-c549a3470d14 // indirect + k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect + mvdan.cc/gofumpt v0.7.0 // indirect + mvdan.cc/unparam v0.0.0-20240528143540-8a5130ca722f // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/scripts/go.sum b/scripts/go.sum index d8c35a8991b..c0e28bbbf8e 100644 --- a/scripts/go.sum +++ b/scripts/go.sum @@ -77,16 +77,16 @@ contrib.go.opencensus.io/exporter/aws v0.0.0-20200617204711-c478e41e60e9/go.mod contrib.go.opencensus.io/exporter/stackdriver v0.13.8/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= contrib.go.opencensus.io/integrations/ocsql v0.1.7/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/4meepo/tagalign v1.3.3 h1:ZsOxcwGD/jP4U/aw7qeWu58i7dwYemfy5Y+IF1ACoNw= -github.com/4meepo/tagalign v1.3.3/go.mod h1:Q9c1rYMZJc9dPRkbQPpcBNCLEmY2njbAsXhQOZFE2dE= -github.com/Abirdcfly/dupword v0.0.14 h1:3U4ulkc8EUo+CaT105/GJ1BQwtgyj6+VaBVbAX11Ba8= -github.com/Abirdcfly/dupword v0.0.14/go.mod h1:VKDAbxdY8YbKUByLGg8EETzYSuC4crm9WwI6Y3S0cLI= -github.com/Antonboom/errname v0.1.12 h1:oh9ak2zUtsLp5oaEd/erjB4GPu9w19NyoIskZClDcQY= -github.com/Antonboom/errname v0.1.12/go.mod h1:bK7todrzvlaZoQagP1orKzWXv59X/x0W0Io2XT1Ssro= -github.com/Antonboom/nilnil v0.1.7 h1:ofgL+BA7vlA1K2wNQOsHzLJ2Pw5B5DpWRLdDAVvvTow= -github.com/Antonboom/nilnil v0.1.7/go.mod h1:TP+ScQWVEq0eSIxqU8CbdT5DFWoHp0MbP+KMUO1BKYQ= -github.com/Antonboom/testifylint v1.2.0 h1:015bxD8zc5iY8QwTp4+RG9I4kIbqwvGX9TrBbb7jGdM= -github.com/Antonboom/testifylint v1.2.0/go.mod h1:rkmEqjqVnHDRNsinyN6fPSLnoajzFwsCcguJgwADBkw= +github.com/4meepo/tagalign v1.3.4 h1:P51VcvBnf04YkHzjfclN6BbsopfJR5rxs1n+5zHt+w8= +github.com/4meepo/tagalign v1.3.4/go.mod h1:M+pnkHH2vG8+qhE5bVc/zeP7HS/j910Fwa9TUSyZVI0= +github.com/Abirdcfly/dupword v0.1.1 h1:Bsxe0fIw6OwBtXMIncaTxCLHYO5BB+3mcsR5E8VXloY= +github.com/Abirdcfly/dupword v0.1.1/go.mod h1:B49AcJdTYYkpd4HjgAcutNGG9HZ2JWwKunH9Y2BA6sM= +github.com/Antonboom/errname v0.1.13 h1:JHICqsewj/fNckzrfVSe+T33svwQxmjC+1ntDsHOVvM= +github.com/Antonboom/errname v0.1.13/go.mod h1:uWyefRYRN54lBg6HseYCFhs6Qjcy41Y3Jl/dVhA87Ns= +github.com/Antonboom/nilnil v0.1.9 h1:eKFMejSxPSA9eLSensFmjW2XTgTwJMjZ8hUHtV4s/SQ= +github.com/Antonboom/nilnil v0.1.9/go.mod h1:iGe2rYwCq5/Me1khrysB4nwI7swQvjclR8/YRPl5ihQ= +github.com/Antonboom/testifylint v1.4.3 h1:ohMt6AHuHgttaQ1xb6SSnxCeK4/rnK7KKzbvs7DmEck= +github.com/Antonboom/testifylint v1.4.3/go.mod h1:+8Q9+AOLsz5ZiQiiYujJKs9mNz398+M6UgslP4qgJLA= github.com/Azure/azure-amqp-common-go/v3 v3.1.0/go.mod h1:PBIGdzcO1teYoufTKMcGibdKaYZv4avS+O6LNIp8bq0= github.com/Azure/azure-amqp-common-go/v3 v3.1.1/go.mod h1:YsDaPfaO9Ub2XeSKdIy2DfwuiQlHQCauHJwSqtrkECI= github.com/Azure/azure-pipeline-go v0.2.3/go.mod h1:x841ezTBIMG6O3lAcl8ATHnsOPVl2bqk7S3ta6S6u4k= @@ -121,19 +121,21 @@ github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/locker v0.0.0-20171006230638-a6e239ea1c69/go.mod h1:L1AbZdiDllfyYH5l5OkAaZtk7VkWe89bPJFmnDBNHxg= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c h1:pxW6RcqyfI9/kWtOwnv/G+AzdKuy2ZrqINhenH4HyNs= +github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/Crocmagnon/fatcontext v0.5.2 h1:vhSEg8Gqng8awhPju2w7MKHqMlg4/NI+gSDHtR3xgwA= +github.com/Crocmagnon/fatcontext v0.5.2/go.mod h1:87XhRMaInHP44Q7Tlc7jkgKKB7kZAOPiDkFMdKCC+74= github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 h1:sHglBQTwgx+rWPdisA5ynNEsoARbiCBOyGcJM4/OzsM= github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= -github.com/GaijinEntertainment/go-exhaustruct/v3 v3.2.0 h1:sATXp1x6/axKxz2Gjxv8MALP0bXaNRfQinEwyfMcx8c= -github.com/GaijinEntertainment/go-exhaustruct/v3 v3.2.0/go.mod h1:Nl76DrGNJTA1KJ0LePKBw/vznBX1EHbAZX8mwjR82nI= +github.com/GaijinEntertainment/go-exhaustruct/v3 v3.3.0 h1:/fTUt5vmbkAcMBt4YQiuC23cV0kEsN1MVMNqeOW43cU= +github.com/GaijinEntertainment/go-exhaustruct/v3 v3.3.0/go.mod h1:ONJg5sxcbsdQQ4pOW8TGdTidT2TMAUy/2Xhr8mrYaao= github.com/GoogleCloudPlatform/cloudsql-proxy v1.24.0/go.mod h1:3tx938GhY4FC+E1KT/jNjDw7Z5qxAEtIiERJ2sXjnII= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Kunde21/markdownfmt/v2 v2.1.1-0.20210810103848-727f02f4c51c h1:rnouiLtDKeaWKnxRViK454oCI8jkhWv5fItCvZ9nJOU= github.com/Kunde21/markdownfmt/v2 v2.1.1-0.20210810103848-727f02f4c51c/go.mod h1:LFJueuHZej/Z7Xhqh/XgClfkDjZiiEBOLVTt1Duq1r0= -github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= -github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= +github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= +github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OpenPeeDeeP/depguard/v2 v2.2.0 h1:vDfG60vDtIuf0MEOhmLlLLSzqaRM8EMcgJPdp74zmpA= github.com/OpenPeeDeeP/depguard/v2 v2.2.0/go.mod h1:CIzddKRvLBC4Au5aYP/i3nyaWQ+ClszLIuVocRiCYFQ= @@ -240,8 +242,8 @@ github.com/bkielbasa/cyclop v1.2.1 h1:AeF71HZDob1P2/pRm1so9cd1alZnrpyc4q2uP2l0gJ github.com/bkielbasa/cyclop v1.2.1/go.mod h1:K/dT/M0FPAiYjBgQGau7tz+3TMh4FWAEqlMhzFWCrgM= github.com/blizzy78/varnamelen v0.8.0 h1:oqSblyuQvFsW1hbBHh1zfwrKe3kcSj0rnXkKzsQ089M= github.com/blizzy78/varnamelen v0.8.0/go.mod h1:V9TzQZ4fLJ1DSrjVDfl89H7aMnTvKkApdHeyESmyR7k= -github.com/bombsimon/wsl/v4 v4.2.1 h1:Cxg6u+XDWff75SIFFmNsqnIOgob+Q9hG6y/ioKbRFiM= -github.com/bombsimon/wsl/v4 v4.2.1/go.mod h1:Xu/kDxGZTofQcDGCtQe9KCzhHphIe0fDuyWTxER9Feo= +github.com/bombsimon/wsl/v4 v4.4.1 h1:jfUaCkN+aUpobrMO24zwyAMwMAV5eSziCkOKEauOLdw= +github.com/bombsimon/wsl/v4 v4.4.1/go.mod h1:Xu/kDxGZTofQcDGCtQe9KCzhHphIe0fDuyWTxER9Feo= github.com/brancz/gojsontoyaml v0.1.0 h1:SdzR3+BCVOqaI42nFGTeaB7/2DgDM4fhuvRLqxatA8M= github.com/brancz/gojsontoyaml v0.1.0/go.mod h1:+ycZY94+V11XZBUaDEsbLr3hPNS/ZPrDVKKNUg3Sgvg= github.com/breml/bidichk v0.2.7 h1:dAkKQPLl/Qrk7hnP6P+E0xOodrq8Us7+U0o4UBOAlQY= @@ -250,8 +252,8 @@ github.com/breml/errchkjson v0.3.6 h1:VLhVkqSBH96AvXEyclMR37rZslRrY2kcyq+31HCsVr github.com/breml/errchkjson v0.3.6/go.mod h1:jhSDoFheAF2RSDOlCfhHO9KqhZgAYLyvHe7bRCX8f/U= github.com/butuzov/ireturn v0.3.0 h1:hTjMqWw3y5JC3kpnC5vXmFJAWI/m31jaCYQqzkS6PL0= github.com/butuzov/ireturn v0.3.0/go.mod h1:A09nIiwiqzN/IoVo9ogpa0Hzi9fex1kd9PSD6edP5ZA= -github.com/butuzov/mirror v1.1.0 h1:ZqX54gBVMXu78QLoiqdwpl2mgmoOJTk7s4p4o+0avZI= -github.com/butuzov/mirror v1.1.0/go.mod h1:8Q0BdQU6rC6WILDiBM60DBfvV78OLJmMmixe7GF45AE= +github.com/butuzov/mirror v1.2.0 h1:9YVK1qIjNspaqWutSv8gsge2e/Xpq1eqEkslEUHy5cs= +github.com/butuzov/mirror v1.2.0/go.mod h1:DqZZDtzm42wIAIyHXeN8W/qb1EPlb9Qn/if9icBOpdQ= github.com/bwplotka/mdox v0.9.1-0.20220713080221-769034ad8cfe h1:J0zyydIiJPyXY4xwUZOWFK6Bk/Zk7TlxRwY960dWE0k= github.com/bwplotka/mdox v0.9.1-0.20220713080221-769034ad8cfe/go.mod h1:Z2Z00nC4zPXMj+v8MzgBve6nPZiizr+NM/yhe6bXuts= github.com/campoy/embedmd v1.0.0/go.mod h1:oxyr9RCiSXg0M3VJ3ks0UGfp98BpSSGr0kpiX3MzVl8= @@ -266,8 +268,8 @@ github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/charithe/durationcheck v0.0.10 h1:wgw73BiocdBDQPik+zcEoBG/ob8uyBHf2iyoHGPf5w4= github.com/charithe/durationcheck v0.0.10/go.mod h1:bCWXb7gYRysD1CU3C+u4ceO49LoGOY1C1L6uouGNreQ= github.com/charmbracelet/glamour v0.5.0 h1:wu15ykPdB7X6chxugG/NNfDUbyyrCLV9XBalj5wdu3g= @@ -279,8 +281,8 @@ github.com/cheekybits/is v0.0.0-20150225183255-68e9c0620927/go.mod h1:h/aW8ynjgk github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/ckaznocha/intrange v0.1.1 h1:gHe4LfqCspWkh8KpJFs20fJz3XRHFBFUV9yI7Itu83Q= -github.com/ckaznocha/intrange v0.1.1/go.mod h1:RWffCw/vKBwHeOEwWdCikAtY0q4gGt8VhJZEEA5n+RE= +github.com/ckaznocha/intrange v0.2.0 h1:FykcZuJ8BD7oX93YbO1UY9oZtkRbp+1/kJcDjkefYLs= +github.com/ckaznocha/intrange v0.2.0/go.mod h1:r5I7nUlAAG56xmkOpw4XVr16BXhwYTUdcuRFeevn1oE= github.com/clbanning/mxj/v2 v2.5.6 h1:Jm4VaCI/+Ug5Q57IzEoZbwx4iQFA6wkXv72juUSeK+g= github.com/clbanning/mxj/v2 v2.5.6/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= @@ -304,17 +306,18 @@ github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/curioswitch/go-reassign v0.2.0 h1:G9UZyOcpk/d7Gd6mqYgd8XYWFMw/znxwGDUstnC9DIo= github.com/curioswitch/go-reassign v0.2.0/go.mod h1:x6OpXuWvgfQaMGks2BZybTngWjT84hqJfKoO8Tt/Roc= -github.com/daixiang0/gci v0.12.3 h1:yOZI7VAxAGPQmkb1eqt5g/11SUlwoat1fSblGLmdiQc= -github.com/daixiang0/gci v0.12.3/go.mod h1:xtHP9N7AHdNvtRNfcx9gwTDfw7FRJx4bZUsiEfiNNAI= +github.com/daixiang0/gci v0.13.5 h1:kThgmH1yBmZSBCh1EJVxQ7JsHpm5Oms0AMed/0LaH4c= +github.com/daixiang0/gci v0.13.5/go.mod h1:12etP2OniiIdP4q+kjUGrC/rUagga7ODbqsom5Eo5Yk= github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/denis-tingaikin/go-header v0.5.0 h1:SRdnP5ZKvcO9KKRP1KJrhFR3RrlGuD+42t4429eC9k8= github.com/denis-tingaikin/go-header v0.5.0/go.mod h1:mMenU5bWrok6Wl2UsZjy+1okegmwQ3UgWl4V1D8gjlY= github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= @@ -352,14 +355,14 @@ github.com/ettle/strcase v0.2.0/go.mod h1:DajmHElDSaX76ITe3/VHVyMin4LWSJN5Z909Wp github.com/evanw/esbuild v0.14.43/go.mod h1:GG+zjdi59yh3ehDn4ZWfPcATxjPDUH53iU4ZJbp7dkY= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= +github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4= github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94= github.com/felixge/fgprof v0.9.1 h1:E6FUJ2Mlv043ipLOCFqo8+cHo9MhQ203E2cdEK/isEs= github.com/felixge/fgprof v0.9.1/go.mod h1:7/HK6JFtFaARhIljgP2IV8rJLIoHDoOYoUphsnGvqxE= -github.com/firefart/nonamedreturns v1.0.4 h1:abzI1p7mAEPYuR4A+VLKn4eNDOycjYo2phmY9sfv40Y= -github.com/firefart/nonamedreturns v1.0.4/go.mod h1:TDhe/tjI1BXo48CmYbUduTV7BdIga8MAO/xbKdcVsGI= +github.com/firefart/nonamedreturns v1.0.5 h1:tM+Me2ZaXs8tfdDw3X6DOX++wMCOqzYUho6tUTYIdRA= +github.com/firefart/nonamedreturns v1.0.5/go.mod h1:gHJjDqhGM4WyPt639SOZs+G89Ko7QKH5R5BhnO6xJhw= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= @@ -368,25 +371,26 @@ github.com/frankban/quicktest v1.4.1/go.mod h1:36zfPVQyHxymz4cH7wlDmVwDrJuljRB60 github.com/frankban/quicktest v1.7.2/go.mod h1:jaStnuzAqU1AJdCO0l53JDCJrVDKcS03DbaAcR7Ks/o= github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU= github.com/frankban/quicktest v1.14.2/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= +github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= -github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= -github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo= github.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA= github.com/getkin/kin-openapi v0.97.0/go.mod h1:w4lRPHiyOdwGbOkLIyk+P0qCwlu7TXPCHD/64nSXzgE= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/ghostiam/protogetter v0.3.5 h1:+f7UiF8XNd4w3a//4DnusQ2SZjPkUjxkMEfjbxOK4Ug= -github.com/ghostiam/protogetter v0.3.5/go.mod h1:7lpeDnEJ1ZjL/YtyoN99ljO4z0pd3H0d18/t2dPBxHw= +github.com/ghostiam/protogetter v0.3.6 h1:R7qEWaSgFCsy20yYHNIJsU9ZOb8TziSRRxuAOTVKeOk= +github.com/ghostiam/protogetter v0.3.6/go.mod h1:7lpeDnEJ1ZjL/YtyoN99ljO4z0pd3H0d18/t2dPBxHw= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M= -github.com/go-critic/go-critic v0.11.2 h1:81xH/2muBphEgPtcwH1p6QD+KzXl2tMSi3hXjBSxDnM= -github.com/go-critic/go-critic v0.11.2/go.mod h1:OePaicfjsf+KPy33yq4gzv6CO7TEQ9Rom6ns1KsJnl8= +github.com/go-critic/go-critic v0.11.4 h1:O7kGOCx0NDIni4czrkRIXTnit0mkyKOCePh3My6OyEU= +github.com/go-critic/go-critic v0.11.4/go.mod h1:2QAdo4iuLik5S9YG0rT4wcZ8QxwHYkrr6/2MWAiv/vc= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -405,26 +409,29 @@ github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI= +github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= +github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-toolsmith/astcast v1.1.0 h1:+JN9xZV1A+Re+95pgnMgDboWNVnIMMQXwfBwLRPgSC8= github.com/go-toolsmith/astcast v1.1.0/go.mod h1:qdcuFWeGGS2xX5bLM/c3U9lewg7+Zu4mr+xPwZIB4ZU= github.com/go-toolsmith/astcopy v1.1.0 h1:YGwBN0WM+ekI/6SS6+52zLDEf8Yvp3n2seZITCUBt5s= @@ -444,13 +451,13 @@ github.com/go-toolsmith/strparse v1.1.0 h1:GAioeZUK9TGxnLS+qfdqNbA4z0SSm5zVNtCQi github.com/go-toolsmith/strparse v1.1.0/go.mod h1:7ksGy58fsaQkGQlY8WVoBFNyEPMGuJin1rfoPS4lBSQ= github.com/go-toolsmith/typep v1.1.0 h1:fIRYDyF+JywLfqzyhdiHzRop/GQDxxNhLGQ6gFUNHus= github.com/go-toolsmith/typep v1.1.0/go.mod h1:fVIw+7zjdsMxDA3ITWnH1yOiw1rnTQKCsF/sk2H/qig= -github.com/go-viper/mapstructure/v2 v2.0.0-alpha.1 h1:TQcrn6Wq+sKGkpyPvppOz99zsMBaUOKXq6HSv655U1c= -github.com/go-viper/mapstructure/v2 v2.0.0-alpha.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= +github.com/go-viper/mapstructure/v2 v2.1.0 h1:gHnMa2Y/pIxElCH2GlZZ1lZSsn6XMtufpGyP1XxdC/w= +github.com/go-viper/mapstructure/v2 v2.1.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= github.com/go-xmlfmt/xmlfmt v1.1.2 h1:Nea7b4icn8s57fTx1M5AI4qQT5HEM3rVUO8MuE6g80U= github.com/go-xmlfmt/xmlfmt v1.1.2/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM= github.com/gobuffalo/flect v0.2.5/go.mod h1:1ZyCLIbg0YD7sDkzvFdPoOydPtD8y9JQnrOROolUcM8= -github.com/gobuffalo/flect v1.0.2 h1:eqjPGSo2WmjgY2XlpGwo2NXgL3RucAKo4k4qQMNA5sA= -github.com/gobuffalo/flect v1.0.2/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= +github.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4= +github.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= @@ -460,8 +467,8 @@ github.com/gocolly/colly v1.2.0/go.mod h1:Hof5T3ZswNVsOHYmba1u03W65HDWgpV5HifSuu github.com/gocolly/colly/v2 v2.1.1-0.20201013153555-8252c346cfb0 h1:f+kHjWsqjft+/nCpQ6TcV3Lgs4lc+6rvBt2sfL4XsbE= github.com/gocolly/colly/v2 v2.1.1-0.20201013153555-8252c346cfb0/go.mod h1:I2MuhsLjQ+Ex+IzK3afNS8/1qP3AedHOusRPcRdC5o0= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= -github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E= +github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -515,16 +522,18 @@ github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8l github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a h1:w8hkcTqaFpzKqonE9uMCefW1WDie15eSP/4MssdenaM= github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk= -github.com/golangci/gofmt v0.0.0-20231018234816-f50ced29576e h1:ULcKCDV1LOZPFxGZaA6TlQbiM3J2GCPnkx/bGF6sX/g= -github.com/golangci/gofmt v0.0.0-20231018234816-f50ced29576e/go.mod h1:Pm5KhLPA8gSnQwrQ6ukebRcapGb/BG9iUkdaiCcGHJM= -github.com/golangci/golangci-lint v1.57.2 h1:NNhxfZyL5He1WWDrIvl1a4n5bvWZBcgAqBwlJAAgLTw= -github.com/golangci/golangci-lint v1.57.2/go.mod h1:ApiG3S3Ca23QyfGp5BmsorTiVxJpr5jGiNS0BkdSidg= -github.com/golangci/misspell v0.4.1 h1:+y73iSicVy2PqyX7kmUefHusENlrP9YwuHZHPLGQj/g= -github.com/golangci/misspell v0.4.1/go.mod h1:9mAN1quEo3DlpbaIKKyEvRxK1pwqR9s/Sea1bJCtlNI= +github.com/golangci/gofmt v0.0.0-20240816233607-d8596aa466a9 h1:/1322Qns6BtQxUZDTAT4SdcoxknUki7IAoK4SAXr8ME= +github.com/golangci/gofmt v0.0.0-20240816233607-d8596aa466a9/go.mod h1:Oesb/0uFAyWoaw1U1qS5zyjCg5NP9C9iwjnI4tIsXEE= +github.com/golangci/golangci-lint v1.61.0 h1:VvbOLaRVWmyxCnUIMTbf1kDsaJbTzH20FAMXTAlQGu8= +github.com/golangci/golangci-lint v1.61.0/go.mod h1:e4lztIrJJgLPhWvFPDkhiMwEFRrWlmFbrZea3FsJyN8= +github.com/golangci/misspell v0.6.0 h1:JCle2HUTNWirNlDIAUO44hUsKhOFqGPoC4LZxlaSXDs= +github.com/golangci/misspell v0.6.0/go.mod h1:keMNyY6R9isGaSAu+4Q8NMBwMPkh15Gtc8UCVoDtAWo= +github.com/golangci/modinfo v0.3.4 h1:oU5huX3fbxqQXdfspamej74DFX0kyGLkw1ppvXoJ8GA= +github.com/golangci/modinfo v0.3.4/go.mod h1:wytF1M5xl9u0ij8YSvhkEVPP3M5Mc7XLl1pxH3B2aUM= github.com/golangci/plugin-module-register v0.1.1 h1:TCmesur25LnyJkpsVrupv1Cdzo+2f7zX0H6Jkw1Ol6c= github.com/golangci/plugin-module-register v0.1.1/go.mod h1:TTpqoB6KkwOJMV8u7+NyXMrkwwESJLOkfl9TxR1DGFc= -github.com/golangci/revgrep v0.5.2 h1:EndcWoRhcnfj2NHQ+28hyuXpLMF+dQmCN+YaeeIl4FU= -github.com/golangci/revgrep v0.5.2/go.mod h1:bjAMA+Sh/QUfTDcHzxfyHxr4xKvllVr/0sCv2e7jJHA= +github.com/golangci/revgrep v0.5.3 h1:3tL7c1XBMtWHHqVpS5ChmiAAoe4PF/d5+ULzV9sLAzs= +github.com/golangci/revgrep v0.5.3/go.mod h1:U4R/s9dlXZsg8uJmaR1GrloUr14D7qDl8gi2iPXJH8k= github.com/golangci/unconvert v0.0.0-20240309020433-c5143eacb3ed h1:IURFTjxeTfNFP0hTEi1YKjB/ub8zkpaOqFFMApi2EAs= github.com/golangci/unconvert v0.0.0-20240309020433-c5143eacb3ed/go.mod h1:XLXN8bNw4CGRPaqgl3bv/lhz7bsGPh4/xSaMTbo2vkQ= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -579,8 +588,9 @@ github.com/google/pprof v0.0.0-20210506205249-923b5ab0fc1a/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210715191844-86eeefc3e471/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA= +github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -639,8 +649,8 @@ github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= -github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= +github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -669,8 +679,8 @@ github.com/jingyugao/rowserrcheck v1.1.1 h1:zibz55j/MJtLsjP1OF4bSdgXxwL1b+Vn7Tjz github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c= github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af h1:KA9BjwUk7KlCh6S9EAGWBt1oExIUv9WyNCiRz5amv48= github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0= -github.com/jjti/go-spancheck v0.5.3 h1:vfq4s2IB8T3HvbpiwDTYgVPj1Ze/ZSXrTtaZRTc7CuM= -github.com/jjti/go-spancheck v0.5.3/go.mod h1:eQdOX1k3T+nAKvZDyLC3Eby0La4dZ+I19iOl5NzSPFE= +github.com/jjti/go-spancheck v0.6.2 h1:iYtoxqPMzHUPp7St+5yA8+cONdyXD3ug6KK15n7Pklk= +github.com/jjti/go-spancheck v0.6.2/go.mod h1:+X7lvIrR5ZdUTkxFYqzJ0abr8Sb5LOo80uOhWNqIrYA= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= @@ -697,8 +707,8 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/julz/importas v0.1.0 h1:F78HnrsjY3cR7j0etXy5+TU1Zuy7Xt08X/1aJnH5xXY= github.com/julz/importas v0.1.0/go.mod h1:oSFU2R4XK/P7kNBrnL/FEQlDGN1/6WoxXEjSSXO0DV0= -github.com/karamaru-alpha/copyloopvar v1.0.10 h1:8HYDy6KQYqTmD7JuhZMWS1nwPru9889XI24ROd/+WXI= -github.com/karamaru-alpha/copyloopvar v1.0.10/go.mod h1:u7CIfztblY0jZLOQZgH3oYsJzpC2A7S6u/lfgSXHy0k= +github.com/karamaru-alpha/copyloopvar v1.1.0 h1:x7gNyKcC2vRBO1H2Mks5u1VxQtYvFiym7fCjIP8RPos= +github.com/karamaru-alpha/copyloopvar v1.1.0/go.mod h1:u7CIfztblY0jZLOQZgH3oYsJzpC2A7S6u/lfgSXHy0k= github.com/kennygrant/sanitize v1.2.4 h1:gN25/otpP5vAsO2djbMhF/LQX6R7+O1TB4yv8NzpJ3o= github.com/kennygrant/sanitize v1.2.4/go.mod h1:LGsjYYtgxbetdg5owWB2mpgUL6e2nfw2eObZ0u0qvak= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= @@ -732,13 +742,15 @@ github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+ github.com/kyoh86/exportloopref v0.1.11 h1:1Z0bcmTypkL3Q4k+IDHMWTcnCliEZcaPiIe0/ymEyhQ= github.com/kyoh86/exportloopref v0.1.11/go.mod h1:qkV4UF1zGl6EkF1ox8L5t9SwyeBAZ3qLMd6up458uqA= github.com/kyokomi/emoji/v2 v2.2.9/go.mod h1:JUcn42DTdsXJo1SWanHh4HKDEyPaR5CqkmoirZZP9qE= +github.com/lasiar/canonicalheader v1.1.1 h1:wC+dY9ZfiqiPwAexUApFush/csSPXeIi4QqyxXmng8I= +github.com/lasiar/canonicalheader v1.1.1/go.mod h1:cXkb3Dlk6XXy+8MVQnF23CYKWlyA7kfQhSw2CcZtZb0= github.com/ldez/gomoddirectives v0.2.4 h1:j3YjBIjEBbqZ0NKtBNzr8rtMHTOrLPeiwTkfUJZ3alg= github.com/ldez/gomoddirectives v0.2.4/go.mod h1:oWu9i62VcQDYp9EQ0ONTfqLNh+mDLWWDO+SO0qSQw5g= github.com/ldez/tagliatelle v0.5.0 h1:epgfuYt9v0CG3fms0pEgIMNPuFf/LpPIfjk4kyqSioo= github.com/ldez/tagliatelle v0.5.0/go.mod h1:rj1HmWiL1MiKQuOONhd09iySTEkUuE/8+5jtPYz9xa4= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= -github.com/leonklingele/grouper v1.1.1 h1:suWXRU57D4/Enn6pXR0QVqqWWrnJ9Osrz+5rjt8ivzU= -github.com/leonklingele/grouper v1.1.1/go.mod h1:uk3I3uDfi9B6PeUjsCKi6ndcf63Uy7snXgR4yDYQVDY= +github.com/leonklingele/grouper v1.1.2 h1:o1ARBDLOmmasUaNDesWqWCIFH3u7hoFlM84YrjT3mIY= +github.com/leonklingele/grouper v1.1.2/go.mod h1:6D0M/HVkhs2yRKRFZUoGjeDy7EZTfFBE9gl4kjmIGkA= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= @@ -787,10 +799,8 @@ github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh github.com/mattn/go-shellwords v1.0.10 h1:Y7Xqm8piKOO3v10Thp7Z36h4FYFjt5xB//6XvOrs2Gw= github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/mgechev/revive v1.3.7 h1:502QY0vQGe9KtYJ9FpxMz9rL+Fc/P13CI5POL4uHCcE= -github.com/mgechev/revive v1.3.7/go.mod h1:RJ16jUbF0OWC3co/+XTxmFNgEpUPwnnA0BRllX2aDNA= +github.com/mgechev/revive v1.3.9 h1:18Y3R4a2USSBF+QZKFQwVkBROUda7uoBlkEuBD+YD1A= +github.com/mgechev/revive v1.3.9/go.mod h1:+uxEIr5UH0TjXWHTno3xh4u7eg6jDpXKzQccA9UGhHU= github.com/microcosm-cc/bluemonday v1.0.17 h1:Z1a//hgsQ4yjC+8zEkV8IWySkXnsxmdSY642CTFQb5Y= github.com/microcosm-cc/bluemonday v1.0.17/go.mod h1:Z0r70sCuXHig8YpBzCc5eGHAap2K7e/u082ZUpDRRqM= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= @@ -816,13 +826,15 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/montanaflynn/stats v0.6.3/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= -github.com/moricho/tparallel v0.3.1 h1:fQKD4U1wRMAYNngDonW5XupoB/ZGJHdpzrWqgyg9krA= -github.com/moricho/tparallel v0.3.1/go.mod h1:leENX2cUv7Sv2qDgdi0D0fCftN8fRC67Bcn8pqzeYNI= +github.com/moricho/tparallel v0.3.2 h1:odr8aZVFA3NZrNybggMkYO3rgPRcqjeQUlBBFVxKHTI= +github.com/moricho/tparallel v0.3.2/go.mod h1:OQ+K3b4Ln3l2TZveGCywybl68glfLEwFGqvnjok8b+U= github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s= github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8= github.com/muesli/smartcrop v0.3.0/go.mod h1:i2fCI/UorTfgEpPPLWiFBv4pye+YAG78RwcQLUkocpI= github.com/muesli/termenv v0.9.0 h1:wnbOaGz+LUR3jNT0zOzinPnyDaCZUQRZj9GxK8eRVl8= github.com/muesli/termenv v0.9.0/go.mod h1:R/LzAKf+suGs4IsO95y7+7DpFHO0KABgnZqtlyx2mBw= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/nakabonne/nestif v0.3.1 h1:wm28nZjhQY5HyYPx+weN3Q65k6ilSBxDb8v5S81B81U= @@ -857,11 +869,11 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= +github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= +github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.33.0 h1:snPCflnZrpMsy94p4lXVEkHo12lmPnc3vY5XBbreexE= -github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY= +github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= +github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= @@ -884,8 +896,8 @@ github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtP github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml/v2 v2.0.2/go.mod h1:MovirKjgVRESsAvNZlAjtFwV867yGuwRkXbG66OzopI= -github.com/pelletier/go-toml/v2 v2.2.0 h1:QLgLl2yMN7N+ruc31VynXs1vhMZa7CeHHejIeBAsoHo= -github.com/pelletier/go-toml/v2 v2.2.0/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= +github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M= +github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= @@ -897,10 +909,11 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/polyfloyd/go-errorlint v1.4.8 h1:jiEjKDH33ouFktyez7sckv6pHWif9B7SuS8cutDXFHw= -github.com/polyfloyd/go-errorlint v1.4.8/go.mod h1:NNCxFcFjZcw3xNjVdCchERkEM6Oz7wta2XJVxRftwO4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/polyfloyd/go-errorlint v1.6.0 h1:tftWV9DE7txiFzPpztTAwyoRLKNj9gpVm2cg8/OwcYY= +github.com/polyfloyd/go-errorlint v1.6.0/go.mod h1:HR7u8wuP1kb1NeN1zqTd1ZMlqUKPPHF+Id4vIPvDqVw= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= @@ -910,26 +923,25 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= -github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= -github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -937,10 +949,12 @@ github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+Gx github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= -github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= -github.com/quasilyte/go-ruleguard v0.4.2 h1:htXcXDK6/rO12kiTHKfHuqR4kr3Y4M0J0rOL6CH/BYs= -github.com/quasilyte/go-ruleguard v0.4.2/go.mod h1:GJLgqsLeo4qgavUoL8JeGFNS7qcisx3awV/w9eWTmNI= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/quasilyte/go-ruleguard v0.4.3-0.20240823090925-0fe6f58b47b1 h1:+Wl/0aFp0hpuHM3H//KMft64WQ1yX9LdJY64Qm/gFCo= +github.com/quasilyte/go-ruleguard v0.4.3-0.20240823090925-0fe6f58b47b1/go.mod h1:GJLgqsLeo4qgavUoL8JeGFNS7qcisx3awV/w9eWTmNI= +github.com/quasilyte/go-ruleguard/dsl v0.3.22 h1:wd8zkOhSNr+I+8Qeciml08ivDt1pSXe60+5DqOpCjPE= +github.com/quasilyte/go-ruleguard/dsl v0.3.22/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU= github.com/quasilyte/gogrep v0.5.0 h1:eTKODPXbI8ffJMN+W2aE0+oL0z/nh8/5eNdiO34SOAo= github.com/quasilyte/gogrep v0.5.0/go.mod h1:Cm9lpz9NZjEoL1tgZ2OgeUKPIxL1meE7eo60Z6Sk+Ng= github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 h1:TCg2WBOl980XxGFEZSS6KlBGIV0diGdySzxATTWoqaU= @@ -963,8 +977,8 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/rwcarlsen/goexif v0.0.0-20190401172101-9e8deecbddbd/go.mod h1:hPqNNc0+uJM6H+SuU8sEs5K5IQeKccPqeSjfgcKGgPk= -github.com/ryancurrah/gomodguard v1.3.1 h1:fH+fUg+ngsQO0ruZXXHnA/2aNllWA1whly4a6UvyzGE= -github.com/ryancurrah/gomodguard v1.3.1/go.mod h1:DGFHzEhi6iJ0oIDfMuo3TgrS+L9gZvrEfmjjuelnRU0= +github.com/ryancurrah/gomodguard v1.3.5 h1:cShyguSwUEeC0jS7ylOiG/idnd1TpJ1LfHGpV3oJmPU= +github.com/ryancurrah/gomodguard v1.3.5/go.mod h1:MXlEPQRxgfPQa62O8wzK3Ozbkv9Rkqr+wKjSxTdsNJE= github.com/ryanrolds/sqlclosecheck v0.5.1 h1:dibWW826u0P8jNLsLN+En7+RqWWTYrjCB9fJfSfdyCU= github.com/ryanrolds/sqlclosecheck v0.5.1/go.mod h1:2g3dUjoS6AL4huFdv6wn55WpLIDjY7ZgUR4J8HOO/XQ= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= @@ -978,11 +992,11 @@ github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6Ng github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= github.com/sashamelentyev/interfacebloat v1.1.0 h1:xdRdJp0irL086OyW1H/RTZTr1h/tMEOsumirXcOJqAw= github.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84dxiN1iBi9+G8zZIhPVoNjQ= -github.com/sashamelentyev/usestdlibvars v1.25.0 h1:IK8SI2QyFzy/2OD2PYnhy84dpfNo9qADrRt6LH8vSzU= -github.com/sashamelentyev/usestdlibvars v1.25.0/go.mod h1:9nl0jgOfHKWNFS43Ojw0i7aRoS4j6EBye3YBhmAIRF8= +github.com/sashamelentyev/usestdlibvars v1.27.0 h1:t/3jZpSXtRPRf2xr0m63i32ZrusyurIGT9E5wAvXQnI= +github.com/sashamelentyev/usestdlibvars v1.27.0/go.mod h1:9nl0jgOfHKWNFS43Ojw0i7aRoS4j6EBye3YBhmAIRF8= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/securego/gosec/v2 v2.19.0 h1:gl5xMkOI0/E6Hxx0XCY2XujA3V7SNSefA8sC+3f1gnk= -github.com/securego/gosec/v2 v2.19.0/go.mod h1:hOkDcHz9J/XIgIlPDXalxjeVYsHxoWUc5zJSHxcB8YM= +github.com/securego/gosec/v2 v2.21.2 h1:deZp5zmYf3TWwU7A7cR2+SolbTpZ3HQiwFqnzQyEl3M= +github.com/securego/gosec/v2 v2.21.2/go.mod h1:au33kg78rNseF5PwPnTWhuYBFf534bvJRvOrgZ/bFzU= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= @@ -999,8 +1013,8 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sivchari/containedctx v1.0.3 h1:x+etemjbsh2fB5ewm5FeLNi5bUjK0V8n0RB+Wwfd0XE= github.com/sivchari/containedctx v1.0.3/go.mod h1:c1RDvCbnJLtH4lLcYD/GqwiBSSf4F5Qk0xld2rBqzJ4= -github.com/sivchari/tenv v1.7.1 h1:PSpuD4bu6fSmtWMxSGWcvqUUgIn7k3yOJhOIzVWn8Ak= -github.com/sivchari/tenv v1.7.1/go.mod h1:64yStXKSOxDfX47NlhVwND4dHwfZDdbp2Lyl018Icvg= +github.com/sivchari/tenv v1.10.0 h1:g/hzMA+dBCKqGXgW8AV/1xIWhAvDrx0zFKNR48NFMg0= +github.com/sivchari/tenv v1.10.0/go.mod h1:tdY24masnVoZFxYrHv/nD6Tc8FbkEtAQEEziXpyMgqY= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= @@ -1018,8 +1032,8 @@ github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= -github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= -github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/fsync v0.9.0/go.mod h1:fNtJEfG3HiltN3y4cPOz6MLjos9+2pIEqLIgszqhp/0= github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= @@ -1059,8 +1073,6 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs= github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= -github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c h1:+aPplBwWcHBo6q9xrfWdMrT9o4kltkmmvpemgIjep/8= -github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c/go.mod h1:SbErYREK7xXdsRiigaQiQkI9McGRzYMvlKYaP3Nimdk= github.com/tdakkota/asciicheck v0.2.0 h1:o8jvnUANo0qXtnslk2d3nMKTFNlOnJjRrNcj0j9qkHM= github.com/tdakkota/asciicheck v0.2.0/go.mod h1:Qb7Y9EgjCLJGup51gDHFzbI08/gbGhL/UVhYIPWG2rg= github.com/tdewolff/minify/v2 v2.11.10/go.mod h1:dHOS3dk+nJ0M3q3uM3VlNzTb70cou+ov0ki7C4PAFgM= @@ -1074,8 +1086,8 @@ github.com/tenntenn/modver v1.0.1 h1:2klLppGhDgzJrScMpkj9Ujy3rXPUspSjAcev9tSEBgA github.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg6SAMGH0= github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3 h1:f+jULpRQGxTSkNYKJ51yaw6ChIqO+Je8UqsTKN/cDag= github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3/go.mod h1:ON8b8w4BN/kE1EOhwT0o+d62W65a6aPw1nouo9LMgyY= -github.com/tetafro/godot v1.4.16 h1:4ChfhveiNLk4NveAZ9Pu2AN8QZ2nkUGFuadM9lrr5D0= -github.com/tetafro/godot v1.4.16/go.mod h1:2oVxTBSftRTh4+MVfUaUXR6bn2GDXCaMcOG4Dk3rfio= +github.com/tetafro/godot v1.4.17 h1:pGzu+Ye7ZUEFx7LHU0dAKmCOXWsPjl7qA6iMGndsjPs= +github.com/tetafro/godot v1.4.17/go.mod h1:2oVxTBSftRTh4+MVfUaUXR6bn2GDXCaMcOG4Dk3rfio= github.com/theckman/yacspin v0.8.0 h1:9LA2kUol1/+eH5m/ptlbYCrnCEfLCaX4Xn+5tK/AprI= github.com/theckman/yacspin v0.8.0/go.mod h1:K1H1naXCpDytqETpvmlxWzAq8BbOMy3Wrd0iy0ZNzRI= github.com/timakin/bodyclose v0.0.0-20230421092635-574207250966 h1:quvGphlmUVU+nhpFa4gg4yJyTRJ13reZMDHrKwYw53M= @@ -1083,27 +1095,29 @@ github.com/timakin/bodyclose v0.0.0-20230421092635-574207250966/go.mod h1:27bSVN github.com/timonwong/loggercheck v0.9.4 h1:HKKhqrjcVj8sxL7K77beXh0adEm6DLjV/QOGeMXEVi4= github.com/timonwong/loggercheck v0.9.4/go.mod h1:caz4zlPcgvpEkXgVnAJGowHAMW2NwHaNlpS8xDbVhTg= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tomarrell/wrapcheck/v2 v2.8.3 h1:5ov+Cbhlgi7s/a42BprYoxsr73CbdMUTzE3bRDFASUs= -github.com/tomarrell/wrapcheck/v2 v2.8.3/go.mod h1:g9vNIyhb5/9TQgumxQyOEqDHsmGYcGsVMOx/xGkqdMo= +github.com/tomarrell/wrapcheck/v2 v2.9.0 h1:801U2YCAjLhdN8zhZ/7tdjB3EnAoRlJHt/s+9hijLQ4= +github.com/tomarrell/wrapcheck/v2 v2.9.0/go.mod h1:g9vNIyhb5/9TQgumxQyOEqDHsmGYcGsVMOx/xGkqdMo= github.com/tommy-muehle/go-mnd/v2 v2.5.1 h1:NowYhSdyE/1zwK9QCLeRb6USWdoif80Ie+v+yU8u1Zw= github.com/tommy-muehle/go-mnd/v2 v2.5.1/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/ultraware/funlen v0.1.0 h1:BuqclbkY6pO+cvxoq7OsktIXZpgBSkYTQtmwhAK81vI= github.com/ultraware/funlen v0.1.0/go.mod h1:XJqmOQja6DpxarLj6Jj1U7JuoS8PvL4nEqDaQhy22p4= -github.com/ultraware/whitespace v0.1.0 h1:O1HKYoh0kIeqE8sFqZf1o0qbORXUCOQFrlaQyZsczZw= -github.com/ultraware/whitespace v0.1.0/go.mod h1:/se4r3beMFNmewJ4Xmz0nMQ941GJt+qmSHGP9emHYe0= +github.com/ultraware/whitespace v0.1.1 h1:bTPOGejYFulW3PkcrqkeQwOd6NKOOXvmGD9bo/Gk8VQ= +github.com/ultraware/whitespace v0.1.1/go.mod h1:XcP1RLD81eV4BW8UhQlpaR+SDc2givTvyI8a586WjW8= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/uudashr/gocognit v1.1.2 h1:l6BAEKJqQH2UpKAPKdMfZf5kE4W/2xk8pfU1OVLvniI= -github.com/uudashr/gocognit v1.1.2/go.mod h1:aAVdLURqcanke8h3vg35BC++eseDm66Z7KmchI5et4k= +github.com/uudashr/gocognit v1.1.3 h1:l+a111VcDbKfynh+airAy/DJQKaXh2m9vkoysMPSZyM= +github.com/uudashr/gocognit v1.1.3/go.mod h1:aKH8/e8xbTRBwjbCkwZ8qt4l2EpKXl31KMHgSS+lZ2U= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xen0n/gosmopolitan v1.2.2 h1:/p2KTnMzwRexIW8GlKawsTWOxn7UHA+jCMF/V8HHtvU= github.com/xen0n/gosmopolitan v1.2.2/go.mod h1:7XX7Mj61uLYrj0qmeN0zi7XDon9JRAEhYQqAPLVNTeg= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/yagipy/maintidx v1.0.0 h1:h5NvIsCz+nRDapQ0exNv4aJ0yXSI0420omVANTv3GJM= github.com/yagipy/maintidx v1.0.0/go.mod h1:0qNf/I/CCZXSMhsRsrEPDZ+DkekpKLXAJfsTACwgXLk= -github.com/yeya24/promlinter v0.2.0 h1:xFKDQ82orCU5jQujdaD8stOHiv8UN68BSdn2a8u8Y3o= -github.com/yeya24/promlinter v0.2.0/go.mod h1:u54lkmBOZrpEbQQ6gox2zWKKLKu2SGe+2KOiextY+IA= +github.com/yeya24/promlinter v0.3.0 h1:JVDbMp08lVCP7Y6NP3qHroGAO6z2yGKQtS5JsjqtoFs= +github.com/yeya24/promlinter v0.3.0/go.mod h1:cDfJQQYv9uYciW60QT0eeHlFodotkYZlL+YcPQN+mW4= github.com/ykadowak/zerologlint v0.1.5 h1:Gy/fMz1dFQN9JZTPjv1hxEk+sRWm05row04Yoolgdiw= github.com/ykadowak/zerologlint v0.1.5/go.mod h1:KaUskqF3e/v59oPmdq1U1DnKcuHokl2/K1U4pmIELKg= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -1118,14 +1132,14 @@ github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/goldmark-emoji v1.0.1 h1:ctuWEyzGBwiucEqxzwe0SOYDXPAucOrE9NQC18Wa1os= github.com/yuin/goldmark-emoji v1.0.1/go.mod h1:2w1E6FEWLcDQkoTE+7HU6QF1F6SLlNGjRIBbIZQFqkQ= -gitlab.com/bosi/decorder v0.4.1 h1:VdsdfxhstabyhZovHafFw+9eJ6eU0d2CkFNJcZz/NU4= -gitlab.com/bosi/decorder v0.4.1/go.mod h1:jecSqWUew6Yle1pCr2eLWTensJMmsxHsBwt+PVbkAqA= -go-simpler.org/assert v0.7.0 h1:OzWWZqfNxt8cLS+MlUp6Tgk1HjPkmgdKBq9qvy8lZsA= -go-simpler.org/assert v0.7.0/go.mod h1:74Eqh5eI6vCK6Y5l3PI8ZYFXG4Sa+tkr70OIPJAUr28= -go-simpler.org/musttag v0.9.0 h1:Dzt6/tyP9ONr5g9h9P3cnYWCxeBFRkd0uJL/w+1Mxos= -go-simpler.org/musttag v0.9.0/go.mod h1:gA9nThnalvNSKpEoyp3Ko4/vCX2xTpqKoUtNqXOnVR4= -go-simpler.org/sloglint v0.5.0 h1:2YCcd+YMuYpuqthCgubcF5lBSjb6berc5VMOYUHKrpY= -go-simpler.org/sloglint v0.5.0/go.mod h1:EUknX5s8iXqf18KQxKnaBHUPVriiPnOrPjjJcsaTcSQ= +gitlab.com/bosi/decorder v0.4.2 h1:qbQaV3zgwnBZ4zPMhGLW4KZe7A7NwxEhJx39R3shffo= +gitlab.com/bosi/decorder v0.4.2/go.mod h1:muuhHoaJkA9QLcYHq4Mj8FJUwDZ+EirSHRiaTcTf6T8= +go-simpler.org/assert v0.9.0 h1:PfpmcSvL7yAnWyChSjOz6Sp6m9j5lyK8Ok9pEL31YkQ= +go-simpler.org/assert v0.9.0/go.mod h1:74Eqh5eI6vCK6Y5l3PI8ZYFXG4Sa+tkr70OIPJAUr28= +go-simpler.org/musttag v0.12.2 h1:J7lRc2ysXOq7eM8rwaTYnNrHd5JwjppzB6mScysB2Cs= +go-simpler.org/musttag v0.12.2/go.mod h1:uN1DVIasMTQKk6XSik7yrJoEysGtR2GRqvWnI9S7TYM= +go-simpler.org/sloglint v0.7.2 h1:Wc9Em/Zeuu7JYpl+oKoYOsQSy2X560aVueCW/m6IijY= +go-simpler.org/sloglint v0.7.2/go.mod h1:US+9C80ppl7VsThQclkM7BkCHQAzuz8kHLsW3ppuluo= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= @@ -1190,8 +1204,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc h1:ao2WRsKSzW6KuUY9IWPwWahcHCgR0s52IfwutMfEbdM= -golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= +golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e h1:I88y4caeGeuDQxgdoFPUq097j7kNfw6uvuiNxUBfcBk= +golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/exp/typeparams v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f h1:phY1HzDcf18Aq9A8KkmRtY9WvOFIxN8wgfvy6Zm1DV8= @@ -1230,8 +1244,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= +golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1296,8 +1310,8 @@ golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1332,8 +1346,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1417,7 +1431,6 @@ golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220702020025-31831981b65f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1426,8 +1439,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1446,8 +1459,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1533,8 +1546,8 @@ golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= -golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1722,8 +1735,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1767,16 +1780,16 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.4.7 h1:9MDAWxMoSnB6QoSqiVr7P5mtkT9pOc1kSxchzPCnqJs= -honnef.co/go/tools v0.4.7/go.mod h1:+rnGS1THNh8zMwnd2oVOTL9QF6vmfyG6ZXBULae2uc0= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= -k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/code-generator v0.30.1 h1:ZsG++q5Vt0ScmKCeLhynUuWgcwFGg1Hl1AGfatqPJBI= -k8s.io/code-generator v0.30.1/go.mod h1:hFgxRsvOUg79mbpbVKfjJvRhVz1qLoe40yZDJ/hwRH4= +honnef.co/go/tools v0.5.1 h1:4bH5o3b5ZULQ4UrBmP+63W9r7qIkqJClEA9ko5YKx+I= +honnef.co/go/tools v0.5.1/go.mod h1:e9irvo83WDG9/irijV44wr3tbhcFeRnfpVlRqVwpzMs= +k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= +k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= +k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40= +k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ= +k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= +k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/code-generator v0.31.1 h1:GvkRZEP2g2UnB2QKT2Dgc/kYxIkDxCHENv2Q1itioVs= +k8s.io/code-generator v0.31.1/go.mod h1:oL2ky46L48osNqqZAeOcWWy0S5BXj50vVdwOtTefqIs= k8s.io/gengo v0.0.0-20230306165830-ab3349d207d4/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks= k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= @@ -1786,23 +1799,23 @@ k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= -k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -mvdan.cc/gofumpt v0.6.0 h1:G3QvahNDmpD+Aek/bNOLrFR2XC6ZAdo62dZu65gmwGo= -mvdan.cc/gofumpt v0.6.0/go.mod h1:4L0wf+kgIPZtcCWXynNS2e6bhmj73umwnuXSZarixzA= -mvdan.cc/unparam v0.0.0-20240104100049-c549a3470d14 h1:zCr3iRRgdk5eIikZNDphGcM6KGVTx3Yu+/Uu9Es254w= -mvdan.cc/unparam v0.0.0-20240104100049-c549a3470d14/go.mod h1:ZzZjEpJDOmx8TdVU6umamY3Xy0UAQUI2DHbf05USVbI= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +mvdan.cc/gofumpt v0.7.0 h1:bg91ttqXmi9y2xawvkuMXyvAA/1ZGJqYAEGjXuP0JXU= +mvdan.cc/gofumpt v0.7.0/go.mod h1:txVFJy/Sc/mvaycET54pV8SW8gWxTlUuGHVEcncmNUo= +mvdan.cc/unparam v0.0.0-20240528143540-8a5130ca722f h1:lMpcwN6GxNbWtbpI1+xzFLSW8XzX0u72NttUGVFjO3U= +mvdan.cc/unparam v0.0.0-20240528143540-8a5130ca722f/go.mod h1:RSLa7mKKCNeTTMHBw5Hsy2rfJmd6O2ivt9Dw9ZqCQpQ= nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-tools v0.15.0 h1:4dxdABXGDhIa68Fiwaif0vcu32xfwmgQ+w8p+5CxoAI= -sigs.k8s.io/controller-tools v0.15.0/go.mod h1:8zUSS2T8Hx0APCNRhJWbS3CAQEbIxLa07khzh7pZmXM= +sigs.k8s.io/controller-tools v0.16.4 h1:VXmar78eDXbx1by/H09ikEq1hiq3bqInxuV3lMr3GmQ= +sigs.k8s.io/controller-tools v0.16.4/go.mod h1:kcsZyYMXiOFuBhofSPtkB90zTSxVRxVVyvtKQcx3q1A= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/scripts/run-external.sh b/scripts/run-external.sh index 327993f62f5..493e5b113a5 100755 --- a/scripts/run-external.sh +++ b/scripts/run-external.sh @@ -14,6 +14,8 @@ declare SKIP_OPERATOR_RUN_CHECK=false declare USE_DEFAULT_CONTEXT=false declare API_SERVER="" declare IMPERSONATE_USER="${IMPERSONATE_USER:-}" +declare FEATURE_GATES="${FEATURE_GATES:-}" +declare LOG_LEVEL="${LOG_LEVEL:-info}" # tmp operator files that needs to be cleaned up declare -r CA_FILE="tmp/CA_FILE" @@ -130,6 +132,8 @@ run_operator() { --apiserver="$API_SERVER" \ --ca-file="$CA_FILE" \ --cert-file="$CERT_FILE" \ + --feature-gates="$FEATURE_GATES" \ + --log-level="$LOG_LEVEL" \ --key-file="$KEY_FILE" 2>&1 | tee tmp/operator.log } diff --git a/test/e2e/alertmanager_test.go b/test/e2e/alertmanager_test.go index 56185ebdb0b..7e1ab016237 100644 --- a/test/e2e/alertmanager_test.go +++ b/test/e2e/alertmanager_test.go @@ -21,7 +21,6 @@ import ( "errors" "fmt" "net/http" - "reflect" "strconv" "strings" "testing" @@ -60,13 +59,11 @@ func testAMCreateDeleteCluster(t *testing.T) { name := "test" - if _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), framework.MakeBasicAlertmanager(ns, name, 3)); err != nil { - t.Fatal(err) - } + _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), framework.MakeBasicAlertmanager(ns, name, 3)) + require.NoError(t, err) - if err := framework.DeleteAlertmanagerAndWaitUntilGone(context.Background(), ns, name); err != nil { - t.Fatal(err) - } + err = framework.DeleteAlertmanagerAndWaitUntilGone(context.Background(), ns, name) + require.NoError(t, err) } func testAlertmanagerWithStatefulsetCreationFailure(t *testing.T) { @@ -126,14 +123,12 @@ func testAlertmanagerWithStatefulsetCreationFailure(t *testing.T) { return true, nil }) - if err != nil { - t.Fatalf("%v: %v", err, loopError) - } + require.NoError(t, err, "%v: %v", err, loopError) require.NoError(t, framework.DeleteAlertmanagerAndWaitUntilGone(context.Background(), ns, "test")) } -func testAMScaling(t *testing.T) { +func testAMScalingReplicas(t *testing.T) { // Don't run Alertmanager tests in parallel. See // https://github.com/prometheus/alertmanager/issues/1835 for details. testCtx := framework.NewTestCtx(t) @@ -144,18 +139,34 @@ func testAMScaling(t *testing.T) { name := "test" a, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), framework.MakeBasicAlertmanager(ns, name, 3)) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - a, err = framework.ScaleAlertmanagerAndWaitUntilReady(context.Background(), a.Name, a.Namespace, 5) - if err != nil { - t.Fatal(err) - } + a, err = framework.UpdateAlertmanagerReplicasAndWaitUntilReady(context.Background(), a.Name, a.Namespace, 5) + require.NoError(t, err) + _, err = framework.UpdateAlertmanagerReplicasAndWaitUntilReady(context.Background(), a.Name, a.Namespace, 3) + require.NoError(t, err) +} - if _, err := framework.ScaleAlertmanagerAndWaitUntilReady(context.Background(), a.Name, a.Namespace, 3); err != nil { - t.Fatal(err) - } +func testAlertmanagerStatusScale(t *testing.T) { + // Don't run Alertmanager tests in parallel. See + // https://github.com/prometheus/alertmanager/issues/1835 for details. + testCtx := framework.NewTestCtx(t) + defer testCtx.Cleanup(t) + ns := framework.CreateNamespace(context.Background(), t, testCtx) + framework.SetupPrometheusRBAC(context.Background(), t, testCtx, ns) + + name := "test" + + am := framework.MakeBasicAlertmanager(ns, name, 2) + am, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), am) + require.NoError(t, err) + + require.Equal(t, int32(2), am.Status.Replicas) + + am, err = framework.ScaleAlertmanagerAndWaitUntilReady(context.Background(), am.Name, am.Namespace, 3) + require.NoError(t, err) + + require.Equal(t, int32(3), am.Status.Replicas) } func testAMVersionMigration(t *testing.T) { @@ -171,19 +182,13 @@ func testAMVersionMigration(t *testing.T) { am := framework.MakeBasicAlertmanager(ns, name, 1) am.Spec.Version = "v0.16.2" am, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), am) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) am, err = framework.PatchAlertmanagerAndWaitUntilReady(context.Background(), am.Name, am.Namespace, monitoringv1.AlertmanagerSpec{Version: "v0.17.0"}) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) _, err = framework.PatchAlertmanagerAndWaitUntilReady(context.Background(), am.Name, am.Namespace, monitoringv1.AlertmanagerSpec{Version: "v0.16.2"}) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) } func testAMStorageUpdate(t *testing.T) { @@ -198,9 +203,7 @@ func testAMStorageUpdate(t *testing.T) { am := framework.MakeBasicAlertmanager(ns, name, 1) am, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), am) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) _, err = framework.PatchAlertmanagerAndWaitUntilReady( context.Background(), @@ -221,9 +224,7 @@ func testAMStorageUpdate(t *testing.T) { }, }, ) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) err = wait.PollUntilContextTimeout(context.Background(), 5*time.Second, 2*time.Minute, false, func(ctx context.Context) (bool, error) { pods, err := framework.KubeClient.CoreV1().Pods(ns).List(ctx, alertmanager.ListOptions(name)) @@ -244,9 +245,7 @@ func testAMStorageUpdate(t *testing.T) { return false, nil }) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) // Invalid storageclass e2e test @@ -269,9 +268,7 @@ func testAMStorageUpdate(t *testing.T) { }, }, ) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) var loopError error err = wait.PollUntilContextTimeout(context.Background(), 5*time.Second, framework.DefaultTimeout, true, func(ctx context.Context) (bool, error) { @@ -288,9 +285,7 @@ func testAMStorageUpdate(t *testing.T) { return false, nil }) - if err != nil { - t.Fatalf("%v: %v", err, loopError) - } + require.NoError(t, err, "%v: %v", err, loopError) } func testAMExposingWithKubernetesAPI(t *testing.T) { @@ -304,20 +299,16 @@ func testAMExposingWithKubernetesAPI(t *testing.T) { alertmanager := framework.MakeBasicAlertmanager(ns, "test-alertmanager", 1) alertmanagerService := framework.MakeAlertmanagerService(alertmanager.Name, "alertmanager-service", v1.ServiceTypeClusterIP) - if _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager); err != nil { - t.Fatal(err) - } + _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager) + require.NoError(t, err) - if _, err := framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, alertmanagerService); err != nil { - t.Fatal(err) - } + _, err = framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, alertmanagerService) + require.NoError(t, err) proxyGet := framework.KubeClient.CoreV1().Services(ns).ProxyGet request := proxyGet("", alertmanagerService.Name, "web", "/", make(map[string]string)) - _, err := request.DoRaw(context.Background()) - if err != nil { - t.Fatal(err) - } + _, err = request.DoRaw(context.Background()) + require.NoError(t, err) } func testAMClusterInitialization(t *testing.T) { @@ -339,26 +330,26 @@ func testAMClusterInitialization(t *testing.T) { } for i := 0; i < amClusterSize; i++ { - err := framework.PrintPodLogs(context.Background(), ns, fmt.Sprintf("alertmanager-test-%v", strconv.Itoa(i))) + b := &bytes.Buffer{} + err := framework.WritePodLogs(context.Background(), b, ns, fmt.Sprintf("alertmanager-test-%v", strconv.Itoa(i)), testFramework.LogOptions{}) if err != nil { - t.Fatal(err) + t.Logf("failed to get logs: %v", err) } + + t.Log(b.String()) } }() - if _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager); err != nil { - t.Fatal(err) - } + _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager) + require.NoError(t, err) - if _, err := framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, alertmanagerService); err != nil { - t.Fatal(err) - } + _, err = framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, alertmanagerService) + require.NoError(t, err) for i := 0; i < amClusterSize; i++ { name := "alertmanager-" + alertmanager.Name + "-" + strconv.Itoa(i) - if err := framework.WaitForAlertmanagerPodInitialized(context.Background(), ns, name, amClusterSize, alertmanager.Spec.ForceEnableClusterMode, false); err != nil { - t.Fatal(err) - } + err := framework.WaitForAlertmanagerPodInitialized(context.Background(), ns, name, amClusterSize, alertmanager.Spec.ForceEnableClusterMode, false) + require.NoError(t, err) } } @@ -379,15 +370,13 @@ func testAMClusterAfterRollingUpdate(t *testing.T) { alertmanager := framework.MakeBasicAlertmanager(ns, "test", int32(amClusterSize)) - if alertmanager, err = framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager); err != nil { - t.Fatal(err) - } + alertmanager, err = framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager) + require.NoError(t, err) for i := 0; i < amClusterSize; i++ { name := "alertmanager-" + alertmanager.Name + "-" + strconv.Itoa(i) - if err := framework.WaitForAlertmanagerPodInitialized(context.Background(), ns, name, amClusterSize, alertmanager.Spec.ForceEnableClusterMode, false); err != nil { - t.Fatal(err) - } + err := framework.WaitForAlertmanagerPodInitialized(context.Background(), ns, name, amClusterSize, alertmanager.Spec.ForceEnableClusterMode, false) + require.NoError(t, err) } // We need to force a rolling update, e.g. by changing one of the command @@ -398,9 +387,7 @@ func testAMClusterAfterRollingUpdate(t *testing.T) { alertmanager.Namespace, monitoringv1.AlertmanagerSpec{Retention: "1h"}, ) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) } func testAMClusterGossipSilences(t *testing.T) { @@ -414,21 +401,17 @@ func testAMClusterGossipSilences(t *testing.T) { amClusterSize := 3 alertmanager := framework.MakeBasicAlertmanager(ns, "test", int32(amClusterSize)) - if _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager); err != nil { - t.Fatal(err) - } + _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager) + require.NoError(t, err) for i := 0; i < amClusterSize; i++ { name := "alertmanager-" + alertmanager.Name + "-" + strconv.Itoa(i) - if err := framework.WaitForAlertmanagerPodInitialized(context.Background(), ns, name, amClusterSize, alertmanager.Spec.ForceEnableClusterMode, false); err != nil { - t.Fatal(err) - } + err := framework.WaitForAlertmanagerPodInitialized(context.Background(), ns, name, amClusterSize, alertmanager.Spec.ForceEnableClusterMode, false) + require.NoError(t, err) } silID, err := framework.CreateSilence(context.Background(), ns, "alertmanager-test-0") - if err != nil { - t.Fatalf("failed to create silence: %v", err) - } + require.NoError(t, err) for i := 0; i < amClusterSize; i++ { err = wait.PollUntilContextTimeout(context.Background(), time.Second, framework.DefaultTimeout, false, func(ctx context.Context) (bool, error) { @@ -446,9 +429,7 @@ func testAMClusterGossipSilences(t *testing.T) { } return true, nil }) - if err != nil { - t.Fatalf("could not retrieve created silence on alertmanager %v: %v", i, err) - } + require.NoError(t, err) } } @@ -552,57 +533,46 @@ An Alert test }, } - if _, err := framework.KubeClient.CoreV1().ConfigMaps(ns).Create(context.Background(), templateCfg, metav1.CreateOptions{}); err != nil { - t.Fatal(err) - } + _, err := framework.KubeClient.CoreV1().ConfigMaps(ns).Create(context.Background(), templateCfg, metav1.CreateOptions{}) + require.NoError(t, err) - if _, err := framework.KubeClient.CoreV1().Secrets(ns).Create(context.Background(), templateSecret, metav1.CreateOptions{}); err != nil { - t.Fatal(err) - } + _, err = framework.KubeClient.CoreV1().Secrets(ns).Create(context.Background(), templateSecret, metav1.CreateOptions{}) + require.NoError(t, err) - if _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager); err != nil { - t.Fatal(err) - } + _, err = framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager) + require.NoError(t, err) - if _, err := framework.KubeClient.CoreV1().Secrets(ns).Update(context.Background(), cfg, metav1.UpdateOptions{}); err != nil { - t.Fatal(err) - } + _, err = framework.KubeClient.CoreV1().Secrets(ns).Update(context.Background(), cfg, metav1.UpdateOptions{}) + require.NoError(t, err) firstExpectedString := "firstConfigWebHook" - if err := framework.WaitForAlertmanagerConfigToContainString(context.Background(), ns, alertmanager.Name, firstExpectedString); err != nil { - t.Fatal(fmt.Errorf("failed to wait for first expected config: %w", err)) - } + err = framework.WaitForAlertmanagerConfigToContainString(context.Background(), ns, alertmanager.Name, firstExpectedString) + require.NoError(t, err) cfg.Data["alertmanager.yaml"] = []byte(secondConfig) - if _, err := framework.KubeClient.CoreV1().Secrets(ns).Update(context.Background(), cfg, metav1.UpdateOptions{}); err != nil { - t.Fatal(err) - } + _, err = framework.KubeClient.CoreV1().Secrets(ns).Update(context.Background(), cfg, metav1.UpdateOptions{}) + require.NoError(t, err) secondExpectedString := "secondConfigWebHook" - if err := framework.WaitForAlertmanagerConfigToContainString(context.Background(), ns, alertmanager.Name, secondExpectedString); err != nil { - t.Fatal(fmt.Errorf("failed to wait for second expected config: %w", err)) - } + err = framework.WaitForAlertmanagerConfigToContainString(context.Background(), ns, alertmanager.Name, secondExpectedString) + require.NoError(t, err) priorToReloadTime := time.Now() templateCfg.Data[templateFileKey] = secondTemplate - if _, err := framework.KubeClient.CoreV1().ConfigMaps(ns).Update(context.Background(), templateCfg, metav1.UpdateOptions{}); err != nil { - t.Fatal(err) - } + _, err = framework.KubeClient.CoreV1().ConfigMaps(ns).Update(context.Background(), templateCfg, metav1.UpdateOptions{}) + require.NoError(t, err) - if err := framework.WaitForAlertmanagerConfigToBeReloaded(context.Background(), ns, alertmanager.Name, priorToReloadTime); err != nil { - t.Fatal(fmt.Errorf("failed to wait for additional configMaps reload: %w", err)) - } + err = framework.WaitForAlertmanagerConfigToBeReloaded(context.Background(), ns, alertmanager.Name, priorToReloadTime) + require.NoError(t, err) priorToReloadTime = time.Now() templateSecret.Data[templateSecretFileKey] = []byte(secondTemplate) - if _, err := framework.KubeClient.CoreV1().Secrets(ns).Update(context.Background(), templateSecret, metav1.UpdateOptions{}); err != nil { - t.Fatal(err) - } + _, err = framework.KubeClient.CoreV1().Secrets(ns).Update(context.Background(), templateSecret, metav1.UpdateOptions{}) + require.NoError(t, err) - if err := framework.WaitForAlertmanagerConfigToBeReloaded(context.Background(), ns, alertmanager.Name, priorToReloadTime); err != nil { - t.Fatal(fmt.Errorf("failed to wait for additional secrets reload: %w", err)) - } + err = framework.WaitForAlertmanagerConfigToBeReloaded(context.Background(), ns, alertmanager.Name, priorToReloadTime) + require.NoError(t, err) } func testAMTmplateReloadConfig(t *testing.T) { @@ -669,23 +639,19 @@ An Alert test }, } - if _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager); err != nil { - t.Fatal(err) - } + _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager) + require.NoError(t, err) - if _, err := framework.KubeClient.CoreV1().Secrets(ns).Update(context.Background(), cfg, metav1.UpdateOptions{}); err != nil { - t.Fatal(err) - } + _, err = framework.KubeClient.CoreV1().Secrets(ns).Update(context.Background(), cfg, metav1.UpdateOptions{}) + require.NoError(t, err) priorToReloadTime := time.Now() cfg.Data["Template_1"] = []byte(secondTemplate) - if _, err := framework.KubeClient.CoreV1().Secrets(ns).Update(context.Background(), cfg, metav1.UpdateOptions{}); err != nil { - t.Fatal(err) - } + _, err = framework.KubeClient.CoreV1().Secrets(ns).Update(context.Background(), cfg, metav1.UpdateOptions{}) + require.NoError(t, err) - if err := framework.WaitForAlertmanagerConfigToBeReloaded(context.Background(), ns, alertmanager.Name, priorToReloadTime); err != nil { - t.Fatal(fmt.Errorf("failed to wait for additional secrets reload: %w", err)) - } + err = framework.WaitForAlertmanagerConfigToBeReloaded(context.Background(), ns, alertmanager.Name, priorToReloadTime) + require.NoError(t, err) } func testAMZeroDowntimeRollingDeployment(t *testing.T) { @@ -749,22 +715,18 @@ func testAMZeroDowntimeRollingDeployment(t *testing.T) { }, }, } - if err := framework.CreateDeployment(context.Background(), ns, whdpl); err != nil { - t.Fatal(err) - } - if _, err := framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, whsvc); err != nil { - t.Fatal(err) - } - err := framework.WaitForPodsReady(context.Background(), ns, time.Minute*5, 1, + err := framework.CreateDeployment(context.Background(), ns, whdpl) + require.NoError(t, err) + _, err = framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, whsvc) + require.NoError(t, err) + err = framework.WaitForPodsReady(context.Background(), ns, time.Minute*5, 1, metav1.ListOptions{ LabelSelector: fields.SelectorFromSet(fields.Set(map[string]string{ "app.kubernetes.io/name": "alertmanager-webhook", })).String(), }, ) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) alertmanager := framework.MakeBasicAlertmanager(ns, "rolling-deploy", 3) amsvc := framework.MakeAlertmanagerService(alertmanager.Name, "test", v1.ServiceTypeClusterIP) @@ -797,22 +759,17 @@ inhibit_rules: }, } - if _, err := framework.KubeClient.CoreV1().Secrets(ns).Create(context.Background(), amcfg, metav1.CreateOptions{}); err != nil { - t.Fatal(err) - } + _, err = framework.KubeClient.CoreV1().Secrets(ns).Create(context.Background(), amcfg, metav1.CreateOptions{}) + require.NoError(t, err) alertmanager, err = framework.MonClientV1.Alertmanagers(ns).Create(context.Background(), alertmanager, metav1.CreateOptions{}) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - if err := framework.WaitForAlertmanagerReady(context.Background(), alertmanager); err != nil { - t.Fatal(err) - } + _, err = framework.WaitForAlertmanagerReady(context.Background(), alertmanager) + require.NoError(t, err) - if _, err := framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, amsvc); err != nil { - t.Fatal(err) - } + _, err = framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, amsvc) + require.NoError(t, err) // Send alert to each Alertmanager for i := 0; i < int(*alertmanager.Spec.Replicas); i++ { @@ -865,24 +822,17 @@ inhibit_rules: })).String(), } pl, err := framework.KubeClient.CoreV1().Pods(ns).List(context.Background(), opts) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - if len(pl.Items) != 1 { - t.Fatalf("Expected one webhook pod, but got %d", len(pl.Items)) - } + require.Len(t, pl.Items, 1) podName := pl.Items[0].Name - logs, err := framework.GetLogs(context.Background(), ns, podName, "webhook-server") - if err != nil { - t.Fatal(err) - } + b := &bytes.Buffer{} + err = framework.WritePodLogs(context.Background(), b, ns, podName, testFramework.LogOptions{Container: "webhook-server"}) + require.NoError(t, err) - c := strings.Count(logs, "Alertmanager Notification Payload Received") - if c != 1 { - t.Fatalf("One notification expected, but %d received.\n\n%s", c, logs) - } + c := strings.Count(b.String(), "Alertmanager Notification Payload Received") + require.Equal(t, 1, c) // We need to force a rolling update, e.g. by changing one of the command // line flags via the Retention. @@ -892,27 +842,21 @@ inhibit_rules: alertmanager.Namespace, monitoringv1.AlertmanagerSpec{Retention: "1h"}, ) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) // Wait for the change above to take effect. time.Sleep(time.Minute) - if err := framework.WaitForAlertmanagerReady(context.Background(), alertmanager); err != nil { - t.Fatal(err) - } + _, err = framework.WaitForAlertmanagerReady(context.Background(), alertmanager) + require.NoError(t, err) time.Sleep(time.Minute) - logs, err = framework.GetLogs(context.Background(), ns, podName, "webhook-server") - if err != nil { - t.Fatal(err) - } + b.Reset() + err = framework.WritePodLogs(context.Background(), b, ns, podName, testFramework.LogOptions{Container: "webhook-server"}) + require.NoError(t, err) - c = strings.Count(logs, "Alertmanager Notification Payload Received") - if c != 1 { - t.Fatalf("Only one notification expected, but %d received after rolling update of Alertmanager cluster.\n\n%s", c, logs) - } + c = strings.Count(b.String(), "Alertmanager Notification Payload Received") + require.Equal(t, 1, c) } func testAlertmanagerConfigVersions(t *testing.T) { @@ -926,9 +870,7 @@ func testAlertmanagerConfigVersions(t *testing.T) { alertmanager := framework.MakeBasicAlertmanager(ns, "amconfig-versions", 1) alertmanager.Spec.AlertmanagerConfigSelector = &metav1.LabelSelector{} alertmanager, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) amcfgV1alpha1 := &monitoringv1alpha1.AlertmanagerConfig{ ObjectMeta: metav1.ObjectMeta{ @@ -950,19 +892,14 @@ func testAlertmanagerConfigVersions(t *testing.T) { }, } - if _, err := framework.MonClientV1alpha1.AlertmanagerConfigs(alertmanager.Namespace).Create(context.Background(), amcfgV1alpha1, metav1.CreateOptions{}); err != nil { - t.Fatalf("failed to create v1alpha1 AlertmanagerConfig object: %v", err) - } + _, err = framework.MonClientV1alpha1.AlertmanagerConfigs(alertmanager.Namespace).Create(context.Background(), amcfgV1alpha1, metav1.CreateOptions{}) + require.NoError(t, err) amcfgV1beta1Converted, err := framework.MonClientV1beta1.AlertmanagerConfigs(alertmanager.Namespace).Get(context.Background(), amcfgV1alpha1.Name, metav1.GetOptions{}) - if err != nil { - t.Fatalf("failed to get v1beta1 AlertmanagerConfig object: %v", err) - } + require.NoError(t, err) expected := []monitoringv1beta1.Matcher{{Name: "job", Value: "webapp.+", MatchType: monitoringv1beta1.MatchRegexp}} - if !reflect.DeepEqual(amcfgV1beta1Converted.Spec.Route.Matchers, expected) { - t.Fatalf("expected %#v matcher, got %#v", expected, amcfgV1beta1Converted.Spec.Route.Matchers) - } + require.Equal(t, expected, amcfgV1beta1Converted.Spec.Route.Matchers, "expected %#v matcher, got %#v", expected, amcfgV1beta1Converted.Spec.Route.Matchers) require.True(t, amcfgV1beta1Converted.Spec.Route.Continue) @@ -987,16 +924,12 @@ func testAlertmanagerConfigVersions(t *testing.T) { } amcfgV1beta1, err = framework.MonClientV1beta1.AlertmanagerConfigs(alertmanager.Namespace).Create(context.Background(), amcfgV1beta1, metav1.CreateOptions{}) - if err != nil { - t.Fatalf("failed to create v1beta1 AlertmanagerConfig object: %v", err) - } + require.NoError(t, err) require.True(t, amcfgV1beta1.Spec.Route.Continue) amcfgV1alpha1, err = framework.MonClientV1alpha1.AlertmanagerConfigs(alertmanager.Namespace).Get(context.Background(), amcfgV1beta1.Name, metav1.GetOptions{}) - if err != nil { - t.Fatalf("failed to get v1alpha1 AlertmanagerConfig object: %v", err) - } + require.NoError(t, err) require.True(t, amcfgV1alpha1.Spec.Route.Continue) } @@ -1029,13 +962,10 @@ func testAlertmanagerConfigCRD(t *testing.T) { MatchLabels: map[string]string{"monitored": "true"}, } alertmanager, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - if err := framework.AddLabelsToNamespace(context.Background(), configNs, map[string]string{"monitored": "true"}); err != nil { - t.Fatal(err) - } + err = framework.AddLabelsToNamespace(context.Background(), configNs, map[string]string{"monitored": "true"}) + require.NoError(t, err) // reuse the secret for pagerduty, wechat and sns testingSecret := "testing-secret" @@ -1048,9 +978,22 @@ func testAlertmanagerConfigCRD(t *testing.T) { testingSecretKey: []byte("1234abc"), }, } - if _, err := framework.KubeClient.CoreV1().Secrets(configNs).Create(context.Background(), testingKeySecret, metav1.CreateOptions{}); err != nil { - t.Fatal(err) + _, err = framework.KubeClient.CoreV1().Secrets(configNs).Create(context.Background(), testingKeySecret, metav1.CreateOptions{}) + require.NoError(t, err) + + // telegram secret + telegramTestingSecret := "telegram-testing-secret" + telegramTestingbotTokenKey := "telegram-testing-bottoken-key" + telegramTestingKeySecret := &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: telegramTestingSecret, + }, + Data: map[string][]byte{ + telegramTestingbotTokenKey: []byte("bipbop"), + }, } + _, err = framework.KubeClient.CoreV1().Secrets(configNs).Create(context.Background(), telegramTestingKeySecret, metav1.CreateOptions{}) + require.NoError(t, err) // telegram secret telegramTestingSecret := "telegram-testing-secret" @@ -1075,9 +1018,8 @@ func testAlertmanagerConfigCRD(t *testing.T) { "api-key": []byte("1234abc"), }, } - if _, err := framework.KubeClient.CoreV1().Secrets(configNs).Create(context.Background(), apiKeySecret, metav1.CreateOptions{}); err != nil { - t.Fatal(err) - } + _, err = framework.KubeClient.CoreV1().Secrets(configNs).Create(context.Background(), apiKeySecret, metav1.CreateOptions{}) + require.NoError(t, err) slackAPIURLSecret := &v1.Secret{ ObjectMeta: metav1.ObjectMeta{ @@ -1087,9 +1029,20 @@ func testAlertmanagerConfigCRD(t *testing.T) { "api-url": []byte("http://slack.example.com"), }, } - if _, err := framework.KubeClient.CoreV1().Secrets(configNs).Create(context.Background(), slackAPIURLSecret, metav1.CreateOptions{}); err != nil { - t.Fatal(err) + _, err = framework.KubeClient.CoreV1().Secrets(configNs).Create(context.Background(), slackAPIURLSecret, metav1.CreateOptions{}) + require.NoError(t, err) + + webexAPIToken := "super-secret-token" + webexAPITokenSecret := &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "webex-api-token", + }, + Data: map[string][]byte{ + "api-token": []byte(webexAPIToken), + }, } + _, err = framework.KubeClient.CoreV1().Secrets(configNs).Create(context.Background(), webexAPITokenSecret, metav1.CreateOptions{}) + require.NoError(t, err) webexAPIToken := "super-secret-token" webexAPITokenSecret := &v1.Secret{ @@ -1276,9 +1229,8 @@ func testAlertmanagerConfigCRD(t *testing.T) { }, } - if _, err := framework.MonClientV1alpha1.AlertmanagerConfigs(configNs).Create(context.Background(), configCR, metav1.CreateOptions{}); err != nil { - t.Fatal(err) - } + _, err = framework.MonClientV1alpha1.AlertmanagerConfigs(configNs).Create(context.Background(), configCR, metav1.CreateOptions{}) + require.NoError(t, err) // Another AlertmanagerConfig object with nested routes and mute time intervals. configCR = &monitoringv1alpha1.AlertmanagerConfig{ @@ -1370,9 +1322,8 @@ func testAlertmanagerConfigCRD(t *testing.T) { }, } - if _, err := framework.MonClientV1alpha1.AlertmanagerConfigs(configNs).Create(context.Background(), configCR, metav1.CreateOptions{}); err != nil { - t.Fatal(err) - } + _, err = framework.MonClientV1alpha1.AlertmanagerConfigs(configNs).Create(context.Background(), configCR, metav1.CreateOptions{}) + require.NoError(t, err) // A valid AlertmanagerConfig resource with active time intervals. configCR = &monitoringv1alpha1.AlertmanagerConfig{ @@ -1410,9 +1361,8 @@ func testAlertmanagerConfigCRD(t *testing.T) { }, } - if _, err := framework.MonClientV1alpha1.AlertmanagerConfigs(configNs).Create(context.Background(), configCR, metav1.CreateOptions{}); err != nil { - t.Fatal(err) - } + _, err = framework.MonClientV1alpha1.AlertmanagerConfigs(configNs).Create(context.Background(), configCR, metav1.CreateOptions{}) + require.NoError(t, err) // An AlertmanagerConfig resource that references a missing secret key, it // should be rejected by the operator. @@ -1439,9 +1389,8 @@ func testAlertmanagerConfigCRD(t *testing.T) { }, } - if _, err := framework.MonClientV1alpha1.AlertmanagerConfigs(configNs).Create(context.Background(), configCR, metav1.CreateOptions{}); err != nil { - t.Fatal(err) - } + _, err = framework.MonClientV1alpha1.AlertmanagerConfigs(configNs).Create(context.Background(), configCR, metav1.CreateOptions{}) + require.NoError(t, err) // An AlertmanagerConfig resource that references a missing mute time interval, // it should be rejected by the webhook. @@ -1469,9 +1418,8 @@ func testAlertmanagerConfigCRD(t *testing.T) { }, } - if _, err := framework.MonClientV1alpha1.AlertmanagerConfigs(configNs).Create(context.Background(), configCR, metav1.CreateOptions{}); err == nil { - t.Fatal(err) - } + _, err = framework.MonClientV1alpha1.AlertmanagerConfigs(configNs).Create(context.Background(), configCR, metav1.CreateOptions{}) + require.Error(t, err) // An AlertmanagerConfig resource that contains an invalid sub-route. // It should be rejected by the validating webhook. @@ -1502,9 +1450,7 @@ func testAlertmanagerConfigCRD(t *testing.T) { } _, err = framework.MonClientV1alpha1.AlertmanagerConfigs(configNs).Create(context.Background(), configCR, metav1.CreateOptions{}) - if err == nil { - t.Fatal(err, "expected validating webhook to reject invalid config") - } + require.Error(t, err) // Wait for the change above to take effect. var lastErr error @@ -1646,9 +1592,7 @@ templates: [] `, configNs, configNs, configNs, configNs, configNs, configNs, configNs, configNs, configNs, configNs, configNs, configNs, configNs, configNs, configNs, configNs) uncompressed, err := operator.GunzipConfig(cfgSecret.Data["alertmanager.yaml.gz"]) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) if diff := cmp.Diff(uncompressed, expected); diff != "" { lastErr = fmt.Errorf("got(-), want(+):\n%s", diff) return false, nil @@ -1656,17 +1600,14 @@ templates: [] return true, nil }) - if err != nil { - t.Fatalf("waiting for generated alertmanager configuration: %v: %v", err, lastErr) - } + require.NoError(t, err, "waiting for generated alertmanager configuration: %v: %v", err, lastErr) // Remove the selecting label from the namespace holding the // AlertmanagerConfig resources and wait until the Alertmanager // configuration gets regenerated. // See https://github.com/prometheus-operator/prometheus-operator/issues/3847 - if err := framework.RemoveLabelsFromNamespace(context.Background(), configNs, "monitored"); err != nil { - t.Fatal(err) - } + err = framework.RemoveLabelsFromNamespace(context.Background(), configNs, "monitored") + require.NoError(t, err) err = wait.PollUntilContextTimeout(context.Background(), 5*time.Second, 2*time.Minute, false, func(ctx context.Context) (bool, error) { cfgSecret, err := framework.KubeClient.CoreV1().Secrets(ns).Get(ctx, amConfigSecretName, metav1.GetOptions{}) @@ -1698,9 +1639,7 @@ templates: [] ` uncompressed, err := operator.GunzipConfig(cfgSecret.Data["alertmanager.yaml.gz"]) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) if diff := cmp.Diff(uncompressed, expected); diff != "" { lastErr = fmt.Errorf("got(-), want(+):\n%s", diff) return false, nil @@ -1708,9 +1647,7 @@ templates: [] return true, nil }) - if err != nil { - t.Fatalf("waiting for alertmanager configuration: %v: %v", err, lastErr) - } + require.NoError(t, err) } func testUserDefinedAlertmanagerConfigFromSecret(t *testing.T) { @@ -1742,19 +1679,17 @@ inhibit_rules: "template1.tmpl": []byte(`template1`), }, } - if _, err := framework.KubeClient.CoreV1().Secrets(ns).Create(context.Background(), amConfig, metav1.CreateOptions{}); err != nil { - t.Fatal(err) - } + _, err := framework.KubeClient.CoreV1().Secrets(ns).Create(context.Background(), amConfig, metav1.CreateOptions{}) + require.NoError(t, err) alertmanager := framework.MakeBasicAlertmanager(ns, "user-amconfig", 1) alertmanager.Spec.ConfigSecret = "amconfig" - if _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager); err != nil { - t.Fatal(err) - } + _, err = framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager) + require.NoError(t, err) // Wait for the change above to take effect. var lastErr error - err := wait.PollUntilContextTimeout(context.Background(), 5*time.Second, 2*time.Minute, false, func(ctx context.Context) (bool, error) { + err = wait.PollUntilContextTimeout(context.Background(), 5*time.Second, 2*time.Minute, false, func(ctx context.Context) (bool, error) { cfgSecret, err := framework.KubeClient.CoreV1().Secrets(ns).Get(ctx, "alertmanager-user-amconfig-generated", metav1.GetOptions{}) if apierrors.IsNotFound(err) { lastErr = err @@ -1775,9 +1710,222 @@ inhibit_rules: } uncompressed, err := operator.GunzipConfig(cfgSecret.Data["alertmanager.yaml.gz"]) + require.NoError(t, err) + if diff := cmp.Diff(uncompressed, yamlConfig); diff != "" { + lastErr = fmt.Errorf("got(-), want(+):\n%s", diff) + return false, nil + } + + return true, nil + }) + require.NoError(t, err, "%v: %v", err, lastErr) +} + +func testUserDefinedAlertmanagerConfigFromCustomResource(t *testing.T) { + // Don't run Alertmanager tests in parallel. See + // https://github.com/prometheus/alertmanager/issues/1835 for details. + testCtx := framework.NewTestCtx(t) + defer testCtx.Cleanup(t) + + ns := framework.CreateNamespace(context.Background(), t, testCtx) + framework.SetupPrometheusRBAC(context.Background(), t, testCtx, ns) + + alertmanager := framework.MakeBasicAlertmanager(ns, "user-amconfig", 1) + alertmanagerConfig, err := framework.CreateAlertmanagerConfig(context.Background(), ns, "user-amconfig") + require.NoError(t, err) + + alertmanager.Spec.AlertmanagerConfiguration = &monitoringv1.AlertmanagerConfiguration{ + Name: alertmanagerConfig.Name, + Global: &monitoringv1.AlertmanagerGlobalConfig{ + SMTPConfig: &monitoringv1.GlobalSMTPConfig{ + From: ptr.To("from"), + SmartHost: &monitoringv1.HostPort{ + Host: "smtp.example.org", + Port: "587", + }, + Hello: ptr.To("smtp.example.org"), + AuthUsername: ptr.To("dev@smtp.example.org"), + AuthPassword: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "smtp-auth", + }, + Key: "password", + }, + AuthIdentity: ptr.To("dev@smtp.example.org"), + AuthSecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "smtp-auth", + }, + Key: "secret", + }, + RequireTLS: ptr.To(true), + }, + ResolveTimeout: "30s", + HTTPConfig: &monitoringv1.HTTPConfig{ + OAuth2: &monitoringv1.OAuth2{ + ClientID: monitoringv1.SecretOrConfigMap{ + ConfigMap: &v1.ConfigMapKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "webhook-client-id", + }, + Key: "test", + }, + }, + ClientSecret: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "webhook-client-secret", + }, + Key: "test", + }, + TokenURL: "https://test.com", + Scopes: []string{"any"}, + EndpointParams: map[string]string{ + "some": "value", + }, + }, + FollowRedirects: ptr.To(true), + }, + }, + Templates: []monitoringv1.SecretOrConfigMap{ + { + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "template1", + }, + Key: "template1.tmpl", + }, + }, + { + ConfigMap: &v1.ConfigMapKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "template2", + }, + Key: "template2.tmpl", + }, + }, + }, + } + + cm := v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "webhook-client-id", + Namespace: ns, + }, + Data: map[string]string{ + "test": "clientID", + }, + } + smtp := v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "smtp-auth", + Namespace: ns, + }, + Data: map[string][]byte{ + "password": []byte("password"), + "secret": []byte("secret"), + }, + } + sec := v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "webhook-client-secret", + Namespace: ns, + }, + Data: map[string][]byte{ + "test": []byte("clientSecret"), + }, + } + tpl1 := v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "template1", + }, + Data: map[string][]byte{ + "template1.tmpl": []byte(`template1`), + }, + } + tpl2 := v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "template2", + }, + Data: map[string]string{ + "template2.tmpl": "template2", + }, + } + + ctx := context.Background() + _, err = framework.KubeClient.CoreV1().ConfigMaps(ns).Create(ctx, &cm, metav1.CreateOptions{}) + require.NoError(t, err) + _, err = framework.KubeClient.CoreV1().Secrets(ns).Create(ctx, &smtp, metav1.CreateOptions{}) + require.NoError(t, err) + _, err = framework.KubeClient.CoreV1().Secrets(ns).Create(ctx, &sec, metav1.CreateOptions{}) + require.NoError(t, err) + _, err = framework.KubeClient.CoreV1().Secrets(ns).Create(ctx, &tpl1, metav1.CreateOptions{}) + require.NoError(t, err) + _, err = framework.KubeClient.CoreV1().ConfigMaps(ns).Create(ctx, &tpl2, metav1.CreateOptions{}) + require.NoError(t, err) + + _, err = framework.CreateAlertmanagerAndWaitUntilReady(ctx, alertmanager) + require.NoError(t, err) + + yamlConfig := fmt.Sprintf(`global: + resolve_timeout: 30s + http_config: + oauth2: + client_id: clientID + client_secret: clientSecret + scopes: + - any + token_url: https://test.com + endpoint_params: + some: value + follow_redirects: true + smtp_from: from + smtp_hello: smtp.example.org + smtp_smarthost: smtp.example.org:587 + smtp_auth_username: dev@smtp.example.org + smtp_auth_password: password + smtp_auth_secret: secret + smtp_auth_identity: dev@smtp.example.org + smtp_require_tls: true +route: + receiver: %[1]s + routes: + - receiver: %[1]s + match: + mykey: myvalue-1 +inhibit_rules: +- target_matchers: + - mykey="myvalue-2" + source_matchers: + - mykey="myvalue-1" + equal: + - equalkey +receivers: +- name: %[1]s +templates: +- /etc/alertmanager/templates/template1.tmpl +- /etc/alertmanager/templates/template2.tmpl +`, fmt.Sprintf("%s/%s/null", ns, "user-amconfig")) + + // Wait for the change above to take effect. + var lastErr error + err = wait.PollUntilContextTimeout(context.Background(), 5*time.Second, 2*time.Minute, false, func(ctx context.Context) (bool, error) { + cfgSecret, err := framework.KubeClient.CoreV1().Secrets(ns).Get(ctx, "alertmanager-user-amconfig-generated", metav1.GetOptions{}) + if apierrors.IsNotFound(err) { + lastErr = err + return false, nil + } if err != nil { - t.Fatal(err) + return false, err + } + + if cfgSecret.Data["alertmanager.yaml.gz"] == nil { + lastErr = errors.New("'alertmanager.yaml.gz' key is missing") + return false, nil } + + uncompressed, err := operator.GunzipConfig(cfgSecret.Data["alertmanager.yaml.gz"]) + require.NoError(t, err) + if diff := cmp.Diff(uncompressed, yamlConfig); diff != "" { lastErr = fmt.Errorf("got(-), want(+):\n%s", diff) return false, nil @@ -1785,9 +1933,8 @@ inhibit_rules: return true, nil }) - if err != nil { - t.Fatalf("%v: %v", err, lastErr) - } + + require.NoError(t, err, "%v: %v", err, lastErr) } func testUserDefinedAlertmanagerConfigFromCustomResource(t *testing.T) { @@ -2030,9 +2177,7 @@ func testAMPreserveUserAddedMetadata(t *testing.T) { am := framework.MakeBasicAlertmanager(ns, name, 3) am, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), am) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) updatedLabels := map[string]string{ "user-defined-label": "custom-label-value", @@ -2081,31 +2226,23 @@ func testAMPreserveUserAddedMetadata(t *testing.T) { for _, rConf := range resourceConfigs { res, err := rConf.get() - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) updateObjectLabels(res, updatedLabels) updateObjectAnnotations(res, updatedAnnotations) _, err = rConf.update(res) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) } // Ensure resource reconciles - _, err = framework.ScaleAlertmanagerAndWaitUntilReady(context.Background(), am.Name, am.Namespace, 2) - if err != nil { - t.Fatal(err) - } + _, err = framework.UpdateAlertmanagerReplicasAndWaitUntilReady(context.Background(), am.Name, am.Namespace, 2) + require.NoError(t, err) // Assert labels preserved for _, rConf := range resourceConfigs { res, err := rConf.get() - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) labels := res.GetLabels() if !containsValues(labels, updatedLabels) { @@ -2113,14 +2250,11 @@ func testAMPreserveUserAddedMetadata(t *testing.T) { } annotations := res.GetAnnotations() - if !containsValues(annotations, updatedAnnotations) { - t.Fatalf("%s: annotations do not contain updated annotations, found: %q, should contain: %q", rConf.name, annotations, updatedAnnotations) - } + require.True(t, containsValues(annotations, updatedAnnotations)) } - if err := framework.DeleteAlertmanagerAndWaitUntilGone(context.Background(), ns, name); err != nil { - t.Fatal(err) - } + err = framework.DeleteAlertmanagerAndWaitUntilGone(context.Background(), ns, name) + require.NoError(t, err) } func testAMRollbackManualChanges(t *testing.T) { @@ -2134,21 +2268,15 @@ func testAMRollbackManualChanges(t *testing.T) { name := "test" alertManager := framework.MakeBasicAlertmanager(ns, name, 3) _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertManager) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) ssetClient := framework.KubeClient.AppsV1().StatefulSets(ns) sset, err := ssetClient.Get(context.Background(), "alertmanager-"+name, metav1.GetOptions{}) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) sset.Spec.Replicas = ptr.To(int32(0)) sset, err = ssetClient.Update(context.Background(), sset, metav1.UpdateOptions{}) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) // Wait for the operator to update the statefulset definition. var pollErr error @@ -2166,13 +2294,10 @@ func testAMRollbackManualChanges(t *testing.T) { return true, nil }) - if err != nil { - t.Fatalf("poll function execution error: %v: %v", err, pollErr) - } + require.NoError(t, err, "poll function execution error: %v: %v", err, pollErr) - if err := framework.WaitForAlertmanagerReady(context.Background(), alertManager); err != nil { - t.Fatal(err) - } + _, err = framework.WaitForAlertmanagerReady(context.Background(), alertManager) + require.NoError(t, err) } func testAMWeb(t *testing.T) { @@ -2189,14 +2314,11 @@ func testAMWeb(t *testing.T) { host := fmt.Sprintf("%s.%s.svc", name, ns) certBytes, keyBytes, err := certutil.GenerateSelfSignedCertKey(host, nil, nil) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) kubeClient := framework.KubeClient - if err := framework.CreateOrUpdateSecretWithCert(context.Background(), certBytes, keyBytes, ns, "web-tls"); err != nil { - t.Fatal(err) - } + err = framework.CreateOrUpdateSecretWithCert(context.Background(), certBytes, keyBytes, ns, "web-tls") + require.NoError(t, err) am := framework.MakeBasicAlertmanager(ns, name, 1) am.Spec.Web = &monitoringv1.AlertmanagerWebSpec{ @@ -2229,9 +2351,8 @@ func testAMWeb(t *testing.T) { }, }, } - if _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), am); err != nil { - t.Fatalf("Creating alertmanager failed: %v", err) - } + _, err = framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), am) + require.NoError(t, err) var pollErr error err = wait.PollUntilContextTimeout(context.Background(), time.Second, time.Minute, false, func(ctx context.Context) (bool, error) { @@ -2338,19 +2459,14 @@ func testAMWeb(t *testing.T) { return true, nil }) - if err != nil { - t.Fatalf("poll function execution error: %v: %v", err, pollErr) - } + require.NoError(t, err, "poll function execution error: %v: %v", err, pollErr) // Simulate a certificate renewal and check that the new certificate is in place certBytesNew, keyBytesNew, err := certutil.GenerateSelfSignedCertKey(host, nil, nil) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - if err = framework.CreateOrUpdateSecretWithCert(context.Background(), certBytesNew, keyBytesNew, ns, "web-tls"); err != nil { - t.Fatal(err) - } + err = framework.CreateOrUpdateSecretWithCert(context.Background(), certBytesNew, keyBytesNew, ns, "web-tls") + require.NoError(t, err) err = wait.PollUntilContextTimeout(context.Background(), time.Second, 2*time.Minute, false, func(ctx context.Context) (bool, error) { amPods, err := kubeClient.CoreV1().Pods(ns).List(ctx, metav1.ListOptions{}) @@ -2424,9 +2540,7 @@ func testAMWeb(t *testing.T) { return true, nil }) - if err != nil { - t.Fatalf("poll function execution error: %v: %v", err, pollErr) - } + require.NoError(t, err) } func testAlertManagerMinReadySeconds(t *testing.T) { @@ -2442,32 +2556,20 @@ func testAlertManagerMinReadySeconds(t *testing.T) { am := framework.MakeBasicAlertmanager(ns, "basic-am", 3) am.Spec.MinReadySeconds = &setMinReadySecondsInitial am, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), am) - if err != nil { - t.Fatal("Creating AlertManager failed: ", err) - } + require.NoError(t, err) amSS, err := framework.KubeClient.AppsV1().StatefulSets(ns).Get(context.Background(), "alertmanager-basic-am", metav1.GetOptions{}) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - if amSS.Spec.MinReadySeconds != int32(setMinReadySecondsInitial) { - t.Fatalf("expected MinReadySeconds to be %d but got %d", setMinReadySecondsInitial, amSS.Spec.MinReadySeconds) - } + require.Equal(t, int32(setMinReadySecondsInitial), amSS.Spec.MinReadySeconds) var updated uint32 = 10 - if _, err = framework.PatchAlertmanagerAndWaitUntilReady(context.Background(), am.Name, am.Namespace, monitoringv1.AlertmanagerSpec{MinReadySeconds: &updated}); err != nil { - t.Fatal("Patching AlertManager failed: ", err) - } + _, err = framework.PatchAlertmanagerAndWaitUntilReady(context.Background(), am.Name, am.Namespace, monitoringv1.AlertmanagerSpec{MinReadySeconds: &updated}) + require.NoError(t, err) amSS, err = framework.KubeClient.AppsV1().StatefulSets(ns).Get(context.Background(), "alertmanager-basic-am", metav1.GetOptions{}) - if err != nil { - t.Fatal(err) - } - - if amSS.Spec.MinReadySeconds != int32(updated) { - t.Fatalf("expected MinReadySeconds to be %d but got %d", updated, amSS.Spec.MinReadySeconds) - } + require.NoError(t, err) + require.Equal(t, int32(updated), amSS.Spec.MinReadySeconds) } func testAlertmanagerCRDValidation(t *testing.T) { @@ -2549,6 +2651,80 @@ func testAlertmanagerCRDValidation(t *testing.T) { }, expectedError: true, }, + { + name: "valid-dns-policy-and-config", + alertmanagerSpec: monitoringv1.AlertmanagerSpec{ + Replicas: &replicas, + DNSPolicy: ptr.To(monitoringv1.DNSPolicy("ClusterFirst")), + DNSConfig: &monitoringv1.PodDNSConfig{ + Nameservers: []string{"8.8.8.8"}, + Options: []monitoringv1.PodDNSConfigOption{ + { + Name: "ndots", + Value: ptr.To("5"), + }, + }, + }, + }, + expectedError: false, + }, + { + name: "invalid-dns-policy", + alertmanagerSpec: monitoringv1.AlertmanagerSpec{ + Replicas: &replicas, + DNSPolicy: ptr.To(monitoringv1.DNSPolicy("InvalidPolicy")), + }, + expectedError: true, + }, + { + name: "valid-dns-config", + alertmanagerSpec: monitoringv1.AlertmanagerSpec{ + Replicas: &replicas, + DNSPolicy: ptr.To(monitoringv1.DNSPolicy("ClusterFirst")), + DNSConfig: &monitoringv1.PodDNSConfig{ + Nameservers: []string{"8.8.4.4"}, + Searches: []string{"svc.cluster.local"}, + Options: []monitoringv1.PodDNSConfigOption{ + { + Name: "ndots", + Value: ptr.To("5"), + }, + { + Name: "timeout", + Value: ptr.To("2"), + }, + }, + }, + }, + expectedError: false, + }, + { + name: "invalid-dns-config-nameservers", + alertmanagerSpec: monitoringv1.AlertmanagerSpec{ + Replicas: &replicas, + DNSPolicy: ptr.To(monitoringv1.DNSPolicy("ClusterFirst")), + DNSConfig: &monitoringv1.PodDNSConfig{ + Nameservers: []string{""}, // Empty string violates MinLength constraint + }, + }, + expectedError: true, + }, + { + name: "invalid-dns-config-options", + alertmanagerSpec: monitoringv1.AlertmanagerSpec{ + Replicas: &replicas, + DNSPolicy: ptr.To(monitoringv1.DNSPolicy("ClusterFirst")), + DNSConfig: &monitoringv1.PodDNSConfig{ + Options: []monitoringv1.PodDNSConfigOption{ + { + Name: "", // Empty string violates MinLength constraint + Value: ptr.To("some-value"), + }, + }, + }, + }, + expectedError: true, + }, } for _, test := range tests { @@ -2571,16 +2747,12 @@ func testAlertmanagerCRDValidation(t *testing.T) { if test.expectedError { _, err := framework.MonClientV1.Alertmanagers(ns).Create(context.Background(), am, metav1.CreateOptions{}) - if !apierrors.IsInvalid(err) { - t.Fatalf("expected Invalid error but got %v", err) - } + require.True(t, apierrors.IsInvalid(err), "expected Invalid error but got %v", err) return } _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), am) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) }) } } @@ -2595,9 +2767,7 @@ func testAlertmanagerConfigMatcherStrategy(t *testing.T) { alertmanager := framework.MakeBasicAlertmanager(ns, amName, 1) alertmanager.Spec.AlertmanagerConfigSelector = &metav1.LabelSelector{} alertmanager, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) amcfgV1alpha1 := &monitoringv1alpha1.AlertmanagerConfig{ ObjectMeta: metav1.ObjectMeta{ @@ -2616,9 +2786,8 @@ func testAlertmanagerConfigMatcherStrategy(t *testing.T) { }}, }, } - if _, err := framework.MonClientV1alpha1.AlertmanagerConfigs(alertmanager.Namespace).Create(context.Background(), amcfgV1alpha1, metav1.CreateOptions{}); err != nil { - t.Fatalf("failed to create v1alpha1 AlertmanagerConfig object: %v", err) - } + _, err = framework.MonClientV1alpha1.AlertmanagerConfigs(alertmanager.Namespace).Create(context.Background(), amcfgV1alpha1, metav1.CreateOptions{}) + require.NoError(t, err) // Wait for the change above to take effect. var lastErr error @@ -2636,9 +2805,7 @@ func testAlertmanagerConfigMatcherStrategy(t *testing.T) { } uncompressed, err := operator.GunzipConfig(cfgSecret.Data["alertmanager.yaml.gz"]) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) expected := fmt.Sprintf(`global: resolve_timeout: 5m route: @@ -2670,14 +2837,10 @@ templates: [] return true, nil }) - if err != nil { - t.Fatalf("waiting for generated alertmanager configuration: %v: %v", err, lastErr) - } + require.NoError(t, err, "waiting for generated alertmanager configuration: %v: %v", err, lastErr) _, err = framework.PatchAlertmanagerAndWaitUntilReady(context.Background(), alertmanager.Name, alertmanager.Namespace, monitoringv1.AlertmanagerSpec{AlertmanagerConfigMatcherStrategy: monitoringv1.AlertmanagerConfigMatcherStrategy{Type: "None"}}) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) // Wait for the change above to take effect. err = wait.PollUntilContextTimeout(context.Background(), 5*time.Second, 2*time.Minute, false, func(ctx context.Context) (bool, error) { @@ -2693,9 +2856,7 @@ templates: [] } uncompressed, err := operator.GunzipConfig(cfgSecret.Data["alertmanager.yaml.gz"]) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) expected := fmt.Sprintf(`global: resolve_timeout: 5m route: @@ -2725,11 +2886,8 @@ templates: [] return true, nil }) - if err != nil { - t.Fatalf("waiting for generated alertmanager configuration: %v: %v", err, lastErr) - } + require.NoError(t, err, "waiting for generated alertmanager configuration: %v: %v", err, lastErr) - if err := framework.DeleteAlertmanagerAndWaitUntilGone(context.Background(), ns, amName); err != nil { - t.Fatal(err) - } + err = framework.DeleteAlertmanagerAndWaitUntilGone(context.Background(), ns, amName) + require.NoError(t, err) } diff --git a/test/e2e/controllerid_test.go b/test/e2e/controllerid_test.go index 57f507bc214..9c0a5412699 100644 --- a/test/e2e/controllerid_test.go +++ b/test/e2e/controllerid_test.go @@ -17,6 +17,8 @@ package e2e import ( "context" "testing" + + "github.com/stretchr/testify/require" ) const testAnnotationControllerID = "42" @@ -30,17 +32,13 @@ func testMultipleOperatorsPrometheusServer(t *testing.T) { name := "test-op-1" p := framework.MakeBasicPrometheus(ns, name, name, 1) _, err := framework.CreatePrometheusAndWaitUntilReady(context.Background(), ns, p) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) name = "test-op-2" p = framework.MakeBasicPrometheus(ns, name, name, 1) p.Annotations["operator.prometheus.io/controller-id"] = testAnnotationControllerID _, err = framework.CreatePrometheusAndWaitUntilReady(context.Background(), ns, p) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) } func testMultipleOperatorsPrometheusAgent(t *testing.T) { @@ -52,17 +50,13 @@ func testMultipleOperatorsPrometheusAgent(t *testing.T) { name := "test-op-1" p := framework.MakeBasicPrometheusAgent(ns, name, name, 1) _, err := framework.CreatePrometheusAgentAndWaitUntilReady(context.Background(), ns, p) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) name = "test-op-2" p = framework.MakeBasicPrometheusAgent(ns, name, name, 1) p.Annotations["operator.prometheus.io/controller-id"] = testAnnotationControllerID _, err = framework.CreatePrometheusAgentAndWaitUntilReady(context.Background(), ns, p) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) } func testMultipleOperatorsAlertManager(t *testing.T) { @@ -74,17 +68,13 @@ func testMultipleOperatorsAlertManager(t *testing.T) { name := "test-op-1" a := framework.MakeBasicAlertmanager(ns, name, 1) _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), a) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) name = "test-op-2" a = framework.MakeBasicAlertmanager(ns, name, 1) a.Annotations["operator.prometheus.io/controller-id"] = testAnnotationControllerID _, err = framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), a) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) } func testMultipleOperatorsThanosRuler(t *testing.T) { @@ -96,15 +86,11 @@ func testMultipleOperatorsThanosRuler(t *testing.T) { name := "test-op-1" thanos := framework.MakeBasicThanosRuler(name, 1, "http://test.example.com") _, err := framework.CreateThanosRulerAndWaitUntilReady(context.Background(), ns, thanos) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) name = "test-op-2" thanos = framework.MakeBasicThanosRuler(name, 1, "http://test.example.com") thanos.Annotations["operator.prometheus.io/controller-id"] = testAnnotationControllerID _, err = framework.CreateThanosRulerAndWaitUntilReady(context.Background(), ns, thanos) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) } diff --git a/test/e2e/main_test.go b/test/e2e/main_test.go index 1ed335a96bb..5d79cc2ec31 100644 --- a/test/e2e/main_test.go +++ b/test/e2e/main_test.go @@ -25,6 +25,7 @@ import ( "testing" "github.com/blang/semver/v4" + "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" @@ -178,9 +179,7 @@ func TestAllNS(t *testing.T) { ns := framework.CreateNamespace(context.Background(), t, testCtx) finalizers, err := framework.CreateOrUpdatePrometheusOperator(context.Background(), ns, nil, nil, nil, nil, true, true, true) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) for _, f := range finalizers { testCtx.AddFinalizerFn(f) @@ -205,26 +204,13 @@ func TestAllNS(t *testing.T) { })).String()} pl, err := framework.KubeClient.CoreV1().Pods(ns).List(context.Background(), opts) - if err != nil { - t.Fatal(err) - } - if expected := 1; len(pl.Items) != expected { - t.Fatalf("expected %v Prometheus Operator pods, but got %v", expected, len(pl.Items)) - } + require.NoError(t, err) + require.Len(t, pl.Items, 1, "expected %v Prometheus Operator pods, but got %v", 1, len(pl.Items)) restarts, err := framework.GetPodRestartCount(context.Background(), ns, pl.Items[0].GetName()) - if err != nil { - t.Fatalf("failed to retrieve restart count of Prometheus Operator pod: %v", err) - } - if len(restarts) != 1 { - t.Fatalf("expected to have 1 container but got %d", len(restarts)) - } + require.NoError(t, err) + require.Len(t, restarts, 1) for _, restart := range restarts { - if restart != 0 { - t.Fatalf( - "expected Prometheus Operator to never restart during entire test execution but got %d restarts", - restart, - ) - } + require.Equal(t, int32(0), restart, "expected Prometheus Operator to never restart during entire test execution but got %d restarts", restart) } } @@ -235,7 +221,7 @@ func testAllNSAlertmanager(t *testing.T) { "AlertmanagerCRD": testAlertmanagerCRDValidation, "AMCreateDeleteCluster": testAMCreateDeleteCluster, "AMWithStatefulsetCreationFailure": testAlertmanagerWithStatefulsetCreationFailure, - "AMScaling": testAMScaling, + "AMScalingReplicas": testAMScalingReplicas, "AMVersionMigration": testAMVersionMigration, "AMStorageUpdate": testAMStorageUpdate, "AMExposingWithKubernetesAPI": testAMExposingWithKubernetesAPI, @@ -253,6 +239,7 @@ func testAllNSAlertmanager(t *testing.T) { "AMMinReadySeconds": testAlertManagerMinReadySeconds, "AMWeb": testAMWeb, "AMTemplateReloadConfig": testAMTmplateReloadConfig, + "AMStatusScale": testAlertmanagerStatusScale, } for name, f := range testFuncs { @@ -316,6 +303,7 @@ func testAllNSPrometheus(t *testing.T) { "PrometheusAgentCheckStorageClass": testAgentCheckStorageClass, "PrometheusAgentStatusScale": testPrometheusAgentStatusScale, "PrometheusStatusScale": testPrometheusStatusScale, + "ScrapeConfigCRDValidations": testScrapeConfigCRDValidations, } for name, f := range testFuncs { @@ -420,7 +408,11 @@ const ( func TestGatedFeatures(t *testing.T) { skipFeatureGatedTests(t) testFuncs := map[string]func(t *testing.T){ - // To be added. + "CreatePrometheusAgentDaemonSet": testCreatePrometheusAgentDaemonSet, + "PromAgentDaemonSetResourceUpdate": testPromAgentDaemonSetResourceUpdate, + "PromAgentReconcileDaemonSetResourceUpdate": testPromAgentReconcileDaemonSetResourceUpdate, + "PromAgentReconcileDaemonSetResourceDelete": testPromAgentReconcileDaemonSetResourceDelete, + "PrometheusAgentDaemonSetSelectPodMonitor": testPrometheusAgentDaemonSetSelectPodMonitor, } for name, f := range testFuncs { @@ -438,9 +430,7 @@ func TestPrometheusVersionUpgrade(t *testing.T) { ns := framework.CreateNamespace(context.Background(), t, testCtx) finalizers, err := framework.CreateOrUpdatePrometheusOperator(context.Background(), ns, nil, nil, nil, nil, true, true, true) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) for _, f := range finalizers { testCtx.AddFinalizerFn(f) @@ -452,15 +442,44 @@ func TestPrometheusVersionUpgrade(t *testing.T) { func testServerTLS(ctx context.Context, namespace string) func(t *testing.T) { return func(t *testing.T) { skipPrometheusTests(t) - if err := framework.WaitForServiceReady(context.Background(), namespace, prometheusOperatorServiceName); err != nil { - t.Fatal("waiting for prometheus operator service: ", err) - } + err := framework.WaitForServiceReady(context.Background(), namespace, prometheusOperatorServiceName) + require.NoError(t, err) operatorService := framework.KubeClient.CoreV1().Services(namespace) request := operatorService.ProxyGet("https", prometheusOperatorServiceName, "https", "/healthz", make(map[string]string)) - _, err := request.DoRaw(ctx) - if err != nil { - t.Fatal(err) + _, err = request.DoRaw(ctx) + require.NoError(t, err) + } +} + +// TestIsManagedByController test prometheus operator managing object with correct ControlerID. +func testMultipleOperators(testCtx *operatorFramework.TestCtx) func(t *testing.T) { + return func(t *testing.T) { + skipPrometheusTests(t) + + ns := framework.CreateNamespace(context.Background(), t, testCtx) + // Create operator-2 in a new ns and set controller-id. + finalizers, err := framework.CreateOrUpdatePrometheusOperatorWithOpts(context.Background(), + operatorFramework.PrometheusOperatorOpts{ + Namespace: ns, + ClusterRoleBindings: true, + EnableScrapeConfigs: true, + AdditionalArgs: []string{testControllerID}, + }) + require.NoError(t, err) + + for _, f := range finalizers { + testCtx.AddFinalizerFn(f) + } + + testFuncs := map[string]func(t *testing.T){ + "PrometheusServer": testMultipleOperatorsPrometheusServer, + "PrometheusAgent": testMultipleOperatorsPrometheusAgent, + "AlertManager": testMultipleOperatorsAlertManager, + "ThanosRuler": testMultipleOperatorsThanosRuler, + } + for name, f := range testFuncs { + t.Run(name, f) } } } diff --git a/test/e2e/prometheus_test.go b/test/e2e/prometheus_test.go index eea8a5b4f1a..c2746d30b27 100644 --- a/test/e2e/prometheus_test.go +++ b/test/e2e/prometheus_test.go @@ -686,6 +686,29 @@ func testPromRemoteWriteWithTLS(t *testing.T) { }, success: true, }, + // Had to change the success flag to True, because prometheus receiver is running in VerifyClientCertIfGiven mode. Details here - https://github.com/prometheus-operator/prometheus-operator/pull/4337#discussion_r735064646 + { + // Prometheus Remote Write v2.0. + name: "remote-write-v2.0", + rwConfig: testFramework.PromRemoteWriteTestConfig{ + ClientKey: testFramework.Key{ + Filename: "client.key", + SecretName: "client-tls-key-cert-ca", + }, + ClientCert: testFramework.Cert{ + Filename: "client.crt", + ResourceName: "client-tls-key-cert-ca", + ResourceType: testFramework.SECRET, + }, + CA: testFramework.Cert{ + Filename: "ca.crt", + ResourceName: "client-tls-key-cert-ca", + ResourceType: testFramework.SECRET, + }, + RemoteWriteMessageVersion: ptr.To(monitoringv1.RemoteWriteMessageVersion2_0), + }, + success: true, + }, } { tc := tc @@ -1553,11 +1576,15 @@ func testPromRulesExceedingConfigMapLimit(t *testing.T) { } defer func() { - if t.Failed() { - if err := framework.PrintPodLogs(context.Background(), ns, "prometheus-"+p.Name+"-0"); err != nil { - t.Fatal(err) - } + if !t.Failed() { + return + } + + b := &bytes.Buffer{} + if err := framework.WritePodLogs(context.Background(), b, ns, "prometheus-"+p.Name+"-0", testFramework.LogOptions{}); err != nil { + t.Logf("failed to get logs: %v", err) } + t.Log(b.String()) }() pSVC := framework.MakePrometheusService(p.Name, "not-relevant", v1.ServiceTypeClusterIP) @@ -2110,41 +2137,58 @@ func testPromWhenDeleteCRDCleanUpViaOwnerRef(t *testing.T) { } func testPromDiscovery(t *testing.T) { - t.Parallel() - testCtx := framework.NewTestCtx(t) - defer testCtx.Cleanup(t) - ns := framework.CreateNamespace(context.Background(), t, testCtx) - framework.SetupPrometheusRBAC(context.Background(), t, testCtx, ns) + for _, tc := range []struct { + role *monitoringv1.ServiceDiscoveryRole + }{ + { + role: nil, + }, + { + role: ptr.To(monitoringv1.EndpointsRole), + }, + { + role: ptr.To(monitoringv1.EndpointSliceRole), + }, + } { + t.Run(fmt.Sprintf("role=%s", ptr.Deref(tc.role, "")), func(t *testing.T) { + t.Parallel() + testCtx := framework.NewTestCtx(t) + defer testCtx.Cleanup(t) + ns := framework.CreateNamespace(context.Background(), t, testCtx) + framework.SetupPrometheusRBAC(context.Background(), t, testCtx, ns) - prometheusName := "test" - group := "servicediscovery-test" - svc := framework.MakePrometheusService(prometheusName, group, v1.ServiceTypeClusterIP) + prometheusName := "test" + group := "servicediscovery-test" + svc := framework.MakePrometheusService(prometheusName, group, v1.ServiceTypeClusterIP) - s := framework.MakeBasicServiceMonitor(group) - if _, err := framework.MonClientV1.ServiceMonitors(ns).Create(context.Background(), s, metav1.CreateOptions{}); err != nil { - t.Fatal("Creating ServiceMonitor failed: ", err) - } + s := framework.MakeBasicServiceMonitor(group) + if _, err := framework.MonClientV1.ServiceMonitors(ns).Create(context.Background(), s, metav1.CreateOptions{}); err != nil { + t.Fatal("Creating ServiceMonitor failed: ", err) + } - p := framework.MakeBasicPrometheus(ns, prometheusName, group, 1) - _, err := framework.CreatePrometheusAndWaitUntilReady(context.Background(), ns, p) - if err != nil { - t.Fatal(err) - } + p := framework.MakeBasicPrometheus(ns, prometheusName, group, 1) + p.Spec.ServiceDiscoveryRole = tc.role + _, err := framework.CreatePrometheusAndWaitUntilReady(context.Background(), ns, p) + if err != nil { + t.Fatal(err) + } - if finalizerFn, err := framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, svc); err != nil { - t.Fatal(fmt.Errorf("creating prometheus service failed: %w", err)) - } else { - testCtx.AddFinalizerFn(finalizerFn) - } + if finalizerFn, err := framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, svc); err != nil { + t.Fatal(fmt.Errorf("creating prometheus service failed: %w", err)) + } else { + testCtx.AddFinalizerFn(finalizerFn) + } - _, err = framework.KubeClient.CoreV1().Secrets(ns).Get(context.Background(), fmt.Sprintf("prometheus-%s", prometheusName), metav1.GetOptions{}) - if err != nil { - t.Fatal("Generated Secret could not be retrieved: ", err) - } + _, err = framework.KubeClient.CoreV1().Secrets(ns).Get(context.Background(), fmt.Sprintf("prometheus-%s", prometheusName), metav1.GetOptions{}) + if err != nil { + t.Fatal("Generated Secret could not be retrieved: ", err) + } - err = framework.WaitForDiscoveryWorking(context.Background(), ns, svc.Name, prometheusName) - if err != nil { - t.Fatal(fmt.Errorf("validating Prometheus target discovery failed: %w", err)) + err = framework.WaitForDiscoveryWorking(context.Background(), ns, svc.Name, prometheusName) + if err != nil { + t.Fatal(fmt.Errorf("validating Prometheus target discovery failed: %w", err)) + } + }) } } @@ -2361,52 +2405,66 @@ func testResharding(t *testing.T) { } func testPromAlertmanagerDiscovery(t *testing.T) { - t.Parallel() - testCtx := framework.NewTestCtx(t) - defer testCtx.Cleanup(t) - ns := framework.CreateNamespace(context.Background(), t, testCtx) - framework.SetupPrometheusRBAC(context.Background(), t, testCtx, ns) + for _, tc := range []struct { + sdRole monitoringv1.ServiceDiscoveryRole + }{ + { + sdRole: monitoringv1.EndpointsRole, + }, + { + sdRole: monitoringv1.EndpointSliceRole, + }, + } { + t.Run(string(tc.sdRole), func(t *testing.T) { + t.Parallel() + testCtx := framework.NewTestCtx(t) + defer testCtx.Cleanup(t) + ns := framework.CreateNamespace(context.Background(), t, testCtx) + framework.SetupPrometheusRBAC(context.Background(), t, testCtx, ns) - prometheusName := "test" - alertmanagerName := "test" - group := "servicediscovery-test" - svc := framework.MakePrometheusService(prometheusName, group, v1.ServiceTypeClusterIP) - amsvc := framework.MakeAlertmanagerService(alertmanagerName, group, v1.ServiceTypeClusterIP) + prometheusName := "test" + alertmanagerName := "test" + group := "servicediscovery-test" + svc := framework.MakePrometheusService(prometheusName, group, v1.ServiceTypeClusterIP) + amsvc := framework.MakeAlertmanagerService(alertmanagerName, group, v1.ServiceTypeClusterIP) - p := framework.MakeBasicPrometheus(ns, prometheusName, group, 1) - framework.AddAlertingToPrometheus(p, ns, alertmanagerName) - _, err := framework.CreatePrometheusAndWaitUntilReady(context.Background(), ns, p) - if err != nil { - t.Fatal(err) - } + p := framework.MakeBasicPrometheus(ns, prometheusName, group, 1) + framework.AddAlertingToPrometheus(p, ns, alertmanagerName) + p.Spec.ServiceDiscoveryRole = ptr.To(tc.sdRole) + _, err := framework.CreatePrometheusAndWaitUntilReady(context.Background(), ns, p) + if err != nil { + t.Fatal(err) + } - if finalizerFn, err := framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, svc); err != nil { - t.Fatal(fmt.Errorf("creating Prometheus service failed: %w", err)) - } else { - testCtx.AddFinalizerFn(finalizerFn) - } + if finalizerFn, err := framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, svc); err != nil { + t.Fatal(fmt.Errorf("creating Prometheus service failed: %w", err)) + } else { + testCtx.AddFinalizerFn(finalizerFn) + } - s := framework.MakeBasicServiceMonitor(group) - if _, err := framework.MonClientV1.ServiceMonitors(ns).Create(context.Background(), s, metav1.CreateOptions{}); err != nil { - t.Fatalf("Creating ServiceMonitor failed: %v", err) - } + s := framework.MakeBasicServiceMonitor(group) + if _, err := framework.MonClientV1.ServiceMonitors(ns).Create(context.Background(), s, metav1.CreateOptions{}); err != nil { + t.Fatalf("Creating ServiceMonitor failed: %v", err) + } - _, err = framework.KubeClient.CoreV1().Secrets(ns).Get(context.Background(), fmt.Sprintf("prometheus-%s", prometheusName), metav1.GetOptions{}) - if err != nil { - t.Fatalf("Generated Secret could not be retrieved: %v", err) - } + _, err = framework.KubeClient.CoreV1().Secrets(ns).Get(context.Background(), fmt.Sprintf("prometheus-%s", prometheusName), metav1.GetOptions{}) + if err != nil { + t.Fatalf("Generated Secret could not be retrieved: %v", err) + } - if _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), framework.MakeBasicAlertmanager(ns, alertmanagerName, 3)); err != nil { - t.Fatal(err) - } + if _, err := framework.CreateAlertmanagerAndWaitUntilReady(context.Background(), framework.MakeBasicAlertmanager(ns, alertmanagerName, 3)); err != nil { + t.Fatal(err) + } - if _, err := framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, amsvc); err != nil { - t.Fatal(fmt.Errorf("creating Alertmanager service failed: %w", err)) - } + if _, err := framework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, amsvc); err != nil { + t.Fatal(fmt.Errorf("creating Alertmanager service failed: %w", err)) + } - err = wait.PollUntilContextTimeout(context.Background(), time.Second, 18*time.Minute, false, isAlertmanagerDiscoveryWorking(ns, svc.Name, alertmanagerName)) - if err != nil { - t.Fatal(fmt.Errorf("validating Prometheus Alertmanager discovery failed: %w", err)) + err = wait.PollUntilContextTimeout(context.Background(), time.Second, 5*time.Minute, false, isAlertmanagerDiscoveryWorking(ns, svc.Name, alertmanagerName)) + if err != nil { + t.Fatal(fmt.Errorf("validating Prometheus Alertmanager discovery failed: %w", err)) + } + }) } } @@ -4608,6 +4666,215 @@ func testPrometheusCRDValidation(t *testing.T) { }, expectedError: true, }, + { + name: "valid-dns-policy-and-config", + prometheusSpec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Replicas: &replicas, + Version: operator.DefaultPrometheusVersion, + ServiceAccountName: "prometheus", + Resources: v1.ResourceRequirements{ + Requests: v1.ResourceList{ + v1.ResourceMemory: resource.MustParse("400Mi"), + }, + }, + DNSPolicy: ptr.To(monitoringv1.DNSPolicy("ClusterFirst")), + DNSConfig: &monitoringv1.PodDNSConfig{ + Nameservers: []string{"8.8.8.8"}, + Options: []monitoringv1.PodDNSConfigOption{ + { + Name: "ndots", + Value: ptr.To("5"), + }, + }, + }, + }, + }, + expectedError: false, + }, + { + name: "invalid-dns-policy", + prometheusSpec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Replicas: &replicas, + Version: operator.DefaultPrometheusVersion, + ServiceAccountName: "prometheus", + Resources: v1.ResourceRequirements{ + Requests: v1.ResourceList{ + v1.ResourceMemory: resource.MustParse("400Mi"), + }, + }, + DNSPolicy: ptr.To(monitoringv1.DNSPolicy("InvalidPolicy")), + }, + }, + expectedError: true, + }, + // + // Alertmanagers-Endpoints tests + { + name: "no-endpoint-namespace", + prometheusSpec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Replicas: &replicas, + Version: operator.DefaultPrometheusVersion, + ServiceAccountName: "prometheus", + Resources: v1.ResourceRequirements{ + Requests: v1.ResourceList{ + v1.ResourceMemory: resource.MustParse("400Mi"), + }, + }, + }, + Alerting: &monitoringv1.AlertingSpec{ + Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ + { + Name: "test", + Port: intstr.FromInt(9797), + Scheme: "https", + PathPrefix: "/alerts", + BearerTokenFile: "/file", + APIVersion: "v1", + }, + }, + }, + }, + expectedError: false, + }, + { + name: "endpoint-namespace", + prometheusSpec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Replicas: &replicas, + Version: operator.DefaultPrometheusVersion, + ServiceAccountName: "prometheus", + Resources: v1.ResourceRequirements{ + Requests: v1.ResourceList{ + v1.ResourceMemory: resource.MustParse("400Mi"), + }, + }, + }, + Alerting: &monitoringv1.AlertingSpec{ + Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ + { + Name: "test", + Namespace: ptr.To("default"), + Port: intstr.FromInt(9797), + Scheme: "https", + PathPrefix: "/alerts", + BearerTokenFile: "/file", + APIVersion: "v1", + }, + }, + }, + }, + expectedError: false, + }, + { + name: "no-endpoint-name", + prometheusSpec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Replicas: &replicas, + Version: operator.DefaultPrometheusVersion, + ServiceAccountName: "prometheus", + Resources: v1.ResourceRequirements{ + Requests: v1.ResourceList{ + v1.ResourceMemory: resource.MustParse("400Mi"), + }, + }, + }, + Alerting: &monitoringv1.AlertingSpec{ + Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ + { + Namespace: ptr.To("default"), + Port: intstr.FromInt(9797), + Scheme: "https", + PathPrefix: "/alerts", + BearerTokenFile: "/file", + APIVersion: "v1", + }, + }, + }, + }, + expectedError: true, + }, + { + name: "valid-remote-write-message-version", + prometheusSpec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Replicas: &replicas, + Version: operator.DefaultPrometheusVersion, + ServiceAccountName: "prometheus", + RemoteWrite: []monitoringv1.RemoteWriteSpec{ + { + URL: "http://example.com", + MessageVersion: ptr.To(monitoringv1.RemoteWriteMessageVersion2_0), + }, + }, + }, + }, + expectedError: false, + }, + { + name: "invalid-remote-write-message-version", + prometheusSpec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Replicas: &replicas, + Version: operator.DefaultPrometheusVersion, + ServiceAccountName: "prometheus", + RemoteWrite: []monitoringv1.RemoteWriteSpec{ + { + URL: "http://example.com", + MessageVersion: ptr.To(monitoringv1.RemoteWriteMessageVersion("xx")), + }, + }, + }, + }, + expectedError: true, + }, + { + name: "invalid-empty-remote-write-url", + prometheusSpec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Replicas: &replicas, + Version: operator.DefaultPrometheusVersion, + ServiceAccountName: "prometheus", + RemoteWrite: []monitoringv1.RemoteWriteSpec{ + { + URL: "", + }, + }, + }, + }, + expectedError: true, + }, + { + name: "valid-remote-write-receiver-message-versions", + prometheusSpec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Replicas: &replicas, + Version: operator.DefaultPrometheusVersion, + ServiceAccountName: "prometheus", + RemoteWriteReceiverMessageVersions: []monitoringv1.RemoteWriteMessageVersion{ + monitoringv1.RemoteWriteMessageVersion2_0, + }, + }, + }, + expectedError: false, + }, + { + name: "invalid-remote-write-receiver-message-versions", + prometheusSpec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Replicas: &replicas, + Version: operator.DefaultPrometheusVersion, + ServiceAccountName: "prometheus", + RemoteWriteReceiverMessageVersions: []monitoringv1.RemoteWriteMessageVersion{ + monitoringv1.RemoteWriteMessageVersion2_0, + monitoringv1.RemoteWriteMessageVersion("xx"), + }, + }, + }, + expectedError: true, + }, } for _, test := range tests { diff --git a/test/e2e/prometheusagent_test.go b/test/e2e/prometheusagent_test.go index dd2dabc48df..cc5571d5022 100644 --- a/test/e2e/prometheusagent_test.go +++ b/test/e2e/prometheusagent_test.go @@ -16,11 +16,19 @@ package e2e import ( "context" + "encoding/json" "fmt" + "io" + "net" + "net/http" + "reflect" + "strings" "testing" "time" "github.com/gogo/protobuf/proto" + "github.com/stretchr/testify/require" + "golang.org/x/exp/slices" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -29,6 +37,8 @@ import ( monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" + pa "github.com/prometheus-operator/prometheus-operator/pkg/prometheus/agent" + testFramework "github.com/prometheus-operator/prometheus-operator/test/framework" ) func testCreatePrometheusAgent(t *testing.T) { @@ -43,14 +53,40 @@ func testCreatePrometheusAgent(t *testing.T) { prometheusAgentCRD := framework.MakeBasicPrometheusAgent(ns, name, name, 1) - if _, err := framework.CreatePrometheusAgentAndWaitUntilReady(context.Background(), ns, prometheusAgentCRD); err != nil { - t.Fatal(err) - } + _, err := framework.CreatePrometheusAgentAndWaitUntilReady(context.Background(), ns, prometheusAgentCRD) + require.NoError(t, err) - if err := framework.DeletePrometheusAgentAndWaitUntilGone(context.Background(), ns, name); err != nil { - t.Fatal(err) - } + err = framework.DeletePrometheusAgentAndWaitUntilGone(context.Background(), ns, name) + require.NoError(t, err) + +} + +func testCreatePrometheusAgentDaemonSet(t *testing.T) { + t.Parallel() + + testCtx := framework.NewTestCtx(t) + defer testCtx.Cleanup(t) + ctx := context.Background() + + ns := framework.CreateNamespace(context.Background(), t, testCtx) + framework.SetupPrometheusRBAC(context.Background(), t, testCtx, ns) + _, err := framework.CreateOrUpdatePrometheusOperatorWithOpts( + ctx, testFramework.PrometheusOperatorOpts{ + Namespace: ns, + AllowedNamespaces: []string{ns}, + EnabledFeatureGates: []string{"PrometheusAgentDaemonSet"}, + }, + ) + require.NoError(t, err) + + name := "test" + prometheusAgentDSCRD := framework.MakeBasicPrometheusAgentDaemonSet(ns, name) + + p, err := framework.CreatePrometheusAgentAndWaitUntilReady(ctx, ns, prometheusAgentDSCRD) + require.NoError(t, err) + err = framework.DeletePrometheusAgentDSAndWaitUntilGone(ctx, p, ns, name) + require.NoError(t, err) } func testAgentAndServerNameColision(t *testing.T) { @@ -66,19 +102,15 @@ func testAgentAndServerNameColision(t *testing.T) { prometheusAgentCRD := framework.MakeBasicPrometheusAgent(ns, name, name, 1) prometheusCRD := framework.MakeBasicPrometheus(ns, name, name, 1) - if _, err := framework.CreatePrometheusAgentAndWaitUntilReady(context.Background(), ns, prometheusAgentCRD); err != nil { - t.Fatal(err) - } - if _, err := framework.CreatePrometheusAndWaitUntilReady(context.Background(), ns, prometheusCRD); err != nil { - t.Fatal(err) - } + _, err := framework.CreatePrometheusAgentAndWaitUntilReady(context.Background(), ns, prometheusAgentCRD) + require.NoError(t, err) + _, err = framework.CreatePrometheusAndWaitUntilReady(context.Background(), ns, prometheusCRD) + require.NoError(t, err) - if err := framework.DeletePrometheusAgentAndWaitUntilGone(context.Background(), ns, name); err != nil { - t.Fatal(err) - } - if err := framework.DeletePrometheusAndWaitUntilGone(context.Background(), ns, name); err != nil { - t.Fatal(err) - } + err = framework.DeletePrometheusAgentAndWaitUntilGone(context.Background(), ns, name) + require.NoError(t, err) + err = framework.DeletePrometheusAndWaitUntilGone(context.Background(), ns, name) + require.NoError(t, err) } @@ -95,9 +127,7 @@ func testAgentCheckStorageClass(t *testing.T) { prometheusAgentCRD := framework.MakeBasicPrometheusAgent(ns, name, name, 1) prometheusAgentCRD, err := framework.CreatePrometheusAgentAndWaitUntilReady(ctx, ns, prometheusAgentCRD) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) // Invalid storageclass e2e test @@ -122,10 +152,7 @@ func testAgentCheckStorageClass(t *testing.T) { }, }, ) - if err != nil { - t.Fatal(err) - } - + require.NoError(t, err) var loopError error err = wait.PollUntilContextTimeout(ctx, 5*time.Second, framework.DefaultTimeout, true, func(ctx context.Context) (bool, error) { current, err := framework.MonClientV1alpha1.PrometheusAgents(ns).Get(ctx, name, metav1.GetOptions{}) @@ -141,9 +168,7 @@ func testAgentCheckStorageClass(t *testing.T) { return false, nil }) - if err != nil { - t.Fatalf("%v: %v", err, loopError) - } + require.NoError(t, err, "%v: %v", err, loopError) } func testPrometheusAgentStatusScale(t *testing.T) { @@ -160,20 +185,409 @@ func testPrometheusAgentStatusScale(t *testing.T) { pAgent.Spec.CommonPrometheusFields.Shards = proto.Int32(1) pAgent, err := framework.CreatePrometheusAgentAndWaitUntilReady(ctx, ns, pAgent) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - if pAgent.Status.Shards != 1 { - t.Fatalf("expected scale of 1 shard, got %d", pAgent.Status.Shards) - } + require.Equal(t, int32(1), pAgent.Status.Shards) pAgent, err = framework.ScalePrometheusAgentAndWaitUntilReady(ctx, name, ns, 2) - if err != nil { - t.Fatal(err) + require.NoError(t, err) + + require.Equal(t, int32(2), pAgent.Status.Shards) +} + +func testPromAgentDaemonSetResourceUpdate(t *testing.T) { + ctx := context.Background() + testCtx := framework.NewTestCtx(t) + defer testCtx.Cleanup(t) + + ns := framework.CreateNamespace(ctx, t, testCtx) + framework.SetupPrometheusRBAC(ctx, t, testCtx, ns) + _, err := framework.CreateOrUpdatePrometheusOperatorWithOpts( + ctx, testFramework.PrometheusOperatorOpts{ + Namespace: ns, + AllowedNamespaces: []string{ns}, + EnabledFeatureGates: []string{"PrometheusAgentDaemonSet"}, + }, + ) + require.NoError(t, err) + + name := "test" + p := framework.MakeBasicPrometheusAgentDaemonSet(ns, name) + + p.Spec.Resources = v1.ResourceRequirements{ + Requests: v1.ResourceList{ + v1.ResourceMemory: resource.MustParse("100Mi"), + }, + } + + p, err = framework.CreatePrometheusAgentAndWaitUntilReady(context.Background(), ns, p) + require.NoError(t, err) + + dmsName := fmt.Sprintf("prom-agent-%s", p.Name) + dms, err := framework.KubeClient.AppsV1().DaemonSets(ns).Get(ctx, dmsName, metav1.GetOptions{}) + require.NoError(t, err) + + res := dms.Spec.Template.Spec.Containers[0].Resources + require.Equal(t, res, p.Spec.Resources) + + p, err = framework.PatchPrometheusAgentAndWaitUntilReady( + context.Background(), + p.Name, + ns, + monitoringv1alpha1.PrometheusAgentSpec{ + Mode: ptr.To("DaemonSet"), + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Resources: v1.ResourceRequirements{ + Requests: v1.ResourceList{ + v1.ResourceMemory: resource.MustParse("200Mi"), + }, + }, + }, + }, + ) + require.NoError(t, err) + + var pollErr error + err = wait.PollUntilContextTimeout(context.Background(), 5*time.Second, 5*time.Minute, false, func(ctx context.Context) (bool, error) { + dms, err = framework.KubeClient.AppsV1().DaemonSets(ns).Get(ctx, dmsName, metav1.GetOptions{}) + if err != nil { + pollErr = fmt.Errorf("failed to get Prometheus Agent DaemonSet: %w", err) + return false, nil + } + + res = dms.Spec.Template.Spec.Containers[0].Resources + if !reflect.DeepEqual(res, p.Spec.Resources) { + pollErr = fmt.Errorf("resources don't match. Has %#+v, want %#+v", res, p.Spec.Resources) + return false, nil + } + + return true, nil + }) + + require.NoError(t, pollErr) + require.NoError(t, err) +} + +func testPromAgentReconcileDaemonSetResourceUpdate(t *testing.T) { + ctx := context.Background() + testCtx := framework.NewTestCtx(t) + defer testCtx.Cleanup(t) + + ns := framework.CreateNamespace(ctx, t, testCtx) + framework.SetupPrometheusRBAC(ctx, t, testCtx, ns) + _, err := framework.CreateOrUpdatePrometheusOperatorWithOpts( + ctx, testFramework.PrometheusOperatorOpts{ + Namespace: ns, + AllowedNamespaces: []string{ns}, + EnabledFeatureGates: []string{"PrometheusAgentDaemonSet"}, + }, + ) + require.NoError(t, err) + + name := "test" + p := framework.MakeBasicPrometheusAgentDaemonSet(ns, name) + + p.Spec.Resources = v1.ResourceRequirements{ + Requests: v1.ResourceList{ + v1.ResourceMemory: resource.MustParse("100Mi"), + }, } - if pAgent.Status.Shards != 2 { - t.Fatalf("expected scale of 2 shards, got %d", pAgent.Status.Shards) + p, err = framework.CreatePrometheusAgentAndWaitUntilReady(context.Background(), ns, p) + require.NoError(t, err) + + dmsName := fmt.Sprintf("prom-agent-%s", p.Name) + dms, err := framework.KubeClient.AppsV1().DaemonSets(ns).Get(ctx, dmsName, metav1.GetOptions{}) + require.NoError(t, err) + + res := dms.Spec.Template.Spec.Containers[0].Resources + require.Equal(t, res, p.Spec.Resources) + + dms.Spec.Template.Spec.Containers[0].Resources = v1.ResourceRequirements{ + Requests: v1.ResourceList{ + v1.ResourceMemory: resource.MustParse("200Mi"), + }, } + framework.KubeClient.AppsV1().DaemonSets(ns).Update(ctx, dms, metav1.UpdateOptions{}) + + var pollErr error + err = wait.PollUntilContextTimeout(context.Background(), 5*time.Second, 5*time.Minute, false, func(ctx context.Context) (bool, error) { + dms, err = framework.KubeClient.AppsV1().DaemonSets(ns).Get(ctx, dmsName, metav1.GetOptions{}) + if err != nil { + pollErr = fmt.Errorf("failed to get Prometheus Agent DaemonSet: %w", err) + return false, nil + } + + res = dms.Spec.Template.Spec.Containers[0].Resources + if !reflect.DeepEqual(res, p.Spec.Resources) { + pollErr = fmt.Errorf("resources don't match. Has %#+v, want %#+v", res, p.Spec.Resources) + return false, nil + } + + return true, nil + }) + + require.NoError(t, pollErr) + require.NoError(t, err) +} + +func testPromAgentReconcileDaemonSetResourceDelete(t *testing.T) { + t.Parallel() + + testCtx := framework.NewTestCtx(t) + defer testCtx.Cleanup(t) + ctx := context.Background() + + ns := framework.CreateNamespace(context.Background(), t, testCtx) + framework.SetupPrometheusRBAC(context.Background(), t, testCtx, ns) + _, err := framework.CreateOrUpdatePrometheusOperatorWithOpts( + ctx, testFramework.PrometheusOperatorOpts{ + Namespace: ns, + AllowedNamespaces: []string{ns}, + EnabledFeatureGates: []string{"PrometheusAgentDaemonSet"}, + }, + ) + require.NoError(t, err) + + name := "test" + prometheusAgentDSCRD := framework.MakeBasicPrometheusAgentDaemonSet(ns, name) + + p, err := framework.CreatePrometheusAgentAndWaitUntilReady(ctx, ns, prometheusAgentDSCRD) + require.NoError(t, err) + + dmsName := fmt.Sprintf("prom-agent-%s", p.Name) + framework.KubeClient.AppsV1().DaemonSets(ns).Delete(ctx, dmsName, metav1.DeleteOptions{}) + + err = framework.WaitForPrometheusAgentDSReady(ctx, ns, prometheusAgentDSCRD) + require.NoError(t, err) +} + +func testPrometheusAgentDaemonSetSelectPodMonitor(t *testing.T) { + testCtx := framework.NewTestCtx(t) + defer testCtx.Cleanup(t) + ctx := context.Background() + name := "test" + + ns := framework.CreateNamespace(context.Background(), t, testCtx) + framework.SetupPrometheusRBAC(context.Background(), t, testCtx, ns) + _, err := framework.CreateOrUpdatePrometheusOperatorWithOpts( + ctx, testFramework.PrometheusOperatorOpts{ + Namespace: ns, + AllowedNamespaces: []string{ns}, + EnabledFeatureGates: []string{"PrometheusAgentDaemonSet"}, + }, + ) + require.NoError(t, err) + + app, err := testFramework.MakeDeployment("../../test/framework/resources/basic-app-for-daemonset-test.yaml") + require.NoError(t, err) + + err = framework.CreateDeployment(ctx, ns, app) + require.NoError(t, err) + + pm := framework.MakeBasicPodMonitor(name) + _, err = framework.MonClientV1.PodMonitors(ns).Create(ctx, pm, metav1.CreateOptions{}) + require.NoError(t, err) + + prometheusAgentDS := framework.MakeBasicPrometheusAgentDaemonSet(ns, name) + _, err = framework.CreatePrometheusAgentAndWaitUntilReady(ctx, ns, prometheusAgentDS) + require.NoError(t, err) + + var pollErr error + var paPods *v1.PodList + var firstTargetIP string + var secondTargetIP string + + appPodsNodes := make([]string, 0, 2) + appPodsIPs := make([]string, 0, 2) + paPodsNodes := make([]string, 0, 2) + + cfg := framework.RestConfig + httpClient := http.Client{} + + err = wait.PollUntilContextTimeout(context.Background(), 15*time.Second, 15*time.Minute, false, func(_ context.Context) (bool, error) { + ctx := context.Background() + + appPods, err := framework.KubeClient.CoreV1().Pods(ns).List(ctx, metav1.ListOptions{ + LabelSelector: "group=test", + }) + if err != nil { + pollErr = fmt.Errorf("can't list app pods: %w", err) + return false, nil + } + + for _, pod := range appPods.Items { + appPodsNodes = append(appPodsNodes, pod.Spec.NodeName) + appPodsIPs = append(appPodsIPs, pod.Status.PodIP) + } + + paPods, err = framework.KubeClient.CoreV1().Pods(ns).List(ctx, pa.ListOptions(name)) + if err != nil { + pollErr = fmt.Errorf("can't list prometheus agent pods: %w", err) + return false, nil + } + + for _, pod := range paPods.Items { + paPodsNodes = append(paPodsNodes, pod.Spec.NodeName) + } + + if len(appPodsNodes) != len(paPodsNodes) { + pollErr = fmt.Errorf("got %d application pods and %d prometheus-agent pods", len(appPodsNodes), len(paPodsNodes)) + return false, nil + } + for _, n := range appPodsNodes { + if !slices.Contains(paPodsNodes, n) { + pollErr = fmt.Errorf("no prometheus-agent pod found on node %s", n) + return false, nil + } + } + + ctx, cancel := context.WithTimeout(ctx, 10*time.Minute) + defer cancel() + + closer, err := testFramework.StartPortForward(ctx, cfg, "https", paPods.Items[0].Name, ns, "9090") + if err != nil { + pollErr = fmt.Errorf("can't start port forward to first prometheus agent pod: %w", err) + return false, nil + } + defer closer() + + req, err := http.NewRequestWithContext(ctx, "GET", "http://localhost:9090/api/v1/targets", nil) + if err != nil { + pollErr = fmt.Errorf("can't create http request to first prometheus server: %w", err) + return false, nil + } + + resp, err := httpClient.Do(req) + if err != nil { + pollErr = fmt.Errorf("can't send http request to first prometheus server: %w", err) + return false, nil + } + + body, err := io.ReadAll(resp.Body) + if err != nil { + pollErr = fmt.Errorf("can't read http response from first prometheus server: %w", err) + return false, nil + } + + var targetsResponse TargetsResponse + err = json.Unmarshal(body, &targetsResponse) + if err != nil { + pollErr = fmt.Errorf("can't unmarshall target's http response from first prometheus server: %w", err) + return false, nil + } + if len(targetsResponse.Data.ActiveTargets) != 1 { + pollErr = fmt.Errorf("expect 1 target from first prometheus agent. Actual target's response: %#+v", targetsResponse) + return false, nil + } + + target := targetsResponse.Data.ActiveTargets[0] + instance := target.Labels.Instance + host := strings.Split(instance, ":")[0] + ips, err := net.LookupHost(host) + if err != nil { + pollErr = fmt.Errorf("can't find IPs from first target's host: %w", err) + return false, nil + } + + found := false + for _, ip := range ips { + if slices.Contains(appPodsIPs, ip) { + found = true + firstTargetIP = ip + } + } + if found == false { + pollErr = fmt.Errorf("first target IP not found in app's list of pod IPs. Target's IP: %#+v, app's pod IPs: %#+v", ips, appPodsIPs) + return false, nil + } + + return true, nil + }) + require.NoError(t, pollErr) + require.NoError(t, err) + + err = wait.PollUntilContextTimeout(context.Background(), 15*time.Second, 15*time.Minute, false, func(_ context.Context) (bool, error) { + ctx := context.Background() + + ctx, cancel := context.WithTimeout(ctx, 10*time.Minute) + defer cancel() + + closer, err := testFramework.StartPortForward(ctx, cfg, "https", paPods.Items[1].Name, ns, "9090") + if err != nil { + pollErr = fmt.Errorf("can't start port forward to second prometheus agent pod: %w", err) + return false, nil + } + defer closer() + + req, err := http.NewRequestWithContext(ctx, "GET", "http://localhost:9090/api/v1/targets", nil) + if err != nil { + pollErr = fmt.Errorf("can't create http request to second prometheus server: %w", err) + return false, nil + } + + resp, err := httpClient.Do(req) + if err != nil { + pollErr = fmt.Errorf("can't send http request to second prometheus server: %w", err) + return false, nil + } + + body, err := io.ReadAll(resp.Body) + if err != nil { + pollErr = fmt.Errorf("can't read http response from second prometheus server: %w", err) + return false, nil + } + + var targetsResponse TargetsResponse + err = json.Unmarshal(body, &targetsResponse) + if err != nil { + pollErr = fmt.Errorf("can't unmarshall target's http response from second prometheus server: %w", err) + return false, nil + } + if len(targetsResponse.Data.ActiveTargets) != 1 { + pollErr = fmt.Errorf("expect 1 target from second prometheus agent. Actual target's response: %#+v", targetsResponse) + return false, nil + } + + target := targetsResponse.Data.ActiveTargets[0] + instance := target.Labels.Instance + host := strings.Split(instance, ":")[0] + ips, err := net.LookupHost(host) + if err != nil { + pollErr = fmt.Errorf("can't find IPs from second target's host: %w", err) + return false, nil + } + + found := false + for _, ip := range ips { + if slices.Contains(appPodsIPs, ip) { + found = true + secondTargetIP = ip + } + } + if found == false { + pollErr = fmt.Errorf("second target IP not found in app's list of pod IPs. Target's IP: %#+v, app's pod IPs: %#+v", ips, appPodsIPs) + return false, nil + } + + return true, nil + }) + + require.NoError(t, pollErr) + require.NoError(t, err) + + require.NotEqual(t, firstTargetIP, secondTargetIP) +} + +type Target struct { + Labels struct { + Instance string `json:"instance"` + } `json:"labels"` +} + +type TargetsResponse struct { + Status string `json:"status"` + Data struct { + ActiveTargets []Target `json:"activeTargets"` + } `json:"data"` } diff --git a/test/e2e/scrapeconfig_test.go b/test/e2e/scrapeconfig_test.go index 9f57df5df8f..21b218e7e04 100644 --- a/test/e2e/scrapeconfig_test.go +++ b/test/e2e/scrapeconfig_test.go @@ -52,7 +52,7 @@ func testScrapeConfigCreation(t *testing.T) { StaticConfigs: []monitoringv1alpha1.StaticConfig{ { Targets: []monitoringv1alpha1.Target{"target1:9090", "target2:9090"}, - Labels: map[monitoringv1.LabelName]string{ + Labels: map[string]string{ "label1": "value1", "label2": "value2", }, @@ -90,7 +90,13 @@ func testScrapeConfigCreation(t *testing.T) { spec: monitoringv1alpha1.ScrapeConfigSpec{ KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), + Role: monitoringv1alpha1.KubernetesRoleNode, + Selectors: []monitoringv1alpha1.K8SSelectorConfig{ + { + Role: "Pod", + Label: ptr.To("component=executor"), + }, + }, }, }, }, @@ -104,11 +110,85 @@ func testScrapeConfigCreation(t *testing.T) { "demo.do.prometheus.io", }, RefreshInterval: &fiveMins, - Type: ptr.To("A"), - Port: ptr.To(9090), + Type: ptr.To(monitoringv1alpha1.DNSRecordType("A")), + Port: ptr.To(int32(9100)), + }, + }, + }, + }, + { + name: "invalid-dns-sd-config-with-empty-name", + spec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{""}, + RefreshInterval: &fiveMins, + Type: ptr.To(monitoringv1alpha1.DNSRecordType("A")), + Port: ptr.To(int32(9100)), + }, + }, + }, + expectedError: true, + }, + { + name: "invalid-scaleway-sd-config-with-empty-tagfilter", + spec: monitoringv1alpha1.ScrapeConfigSpec{ + ScalewaySDConfigs: []monitoringv1alpha1.ScalewaySDConfig{ + { + AccessKey: "ak", + SecretKey: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "key.pem", + }, + ProjectID: "1", + Role: monitoringv1alpha1.ScalewayRoleInstance, + TagsFilter: []string{}, // empty + }, + }, + }, + expectedError: true, + }, + { + name: "invalid-scaleway-sd-config-with-empty-string-tagfilter", + spec: monitoringv1alpha1.ScrapeConfigSpec{ + ScalewaySDConfigs: []monitoringv1alpha1.ScalewaySDConfig{ + { + AccessKey: "ak", + SecretKey: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "key.pem", + }, + ProjectID: "1", + Role: monitoringv1alpha1.ScalewayRoleInstance, + TagsFilter: []string{""}, + }, + }, + }, + expectedError: true, + }, + { + name: "invalid-scaleway-sd-config-tagfilter-items-repeat", + spec: monitoringv1alpha1.ScrapeConfigSpec{ + ScalewaySDConfigs: []monitoringv1alpha1.ScalewaySDConfig{ + { + AccessKey: "ak", + SecretKey: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "secret", + }, + Key: "key.pem", + }, + ProjectID: "1", + Role: monitoringv1alpha1.ScalewayRoleInstance, + TagsFilter: []string{"do", "do"}, // repeat }, }, }, + expectedError: true, }, { name: "invalid-sd-config", @@ -279,7 +359,8 @@ func testScrapeConfigLifecycleInDifferentNS(t *testing.T) { // 1. Create a ScrapeConfig in scns and check that its targets appear in Prometheus sc := framework.MakeBasicScrapeConfig(scns, "scrape-config") sc.ObjectMeta.Labels = map[string]string{ - "group": "sc"} + "group": "sc", + } sc.Spec.StaticConfigs = []monitoringv1alpha1.StaticConfig{ { @@ -417,7 +498,7 @@ func testScrapeConfigKubernetesNodeRole(t *testing.T) { sc.Spec.KubernetesSDConfigs = []monitoringv1alpha1.KubernetesSDConfig{ { - Role: monitoringv1alpha1.Role("Node"), + Role: monitoringv1alpha1.KubernetesRoleNode, }, } _, err = framework.CreateScrapeConfig(context.Background(), ns, sc) @@ -462,8 +543,8 @@ func testScrapeConfigDNSSDConfig(t *testing.T) { sc.Spec.DNSSDConfigs = []monitoringv1alpha1.DNSSDConfig{ { Names: []string{"node.demo.do.prometheus.io"}, - Type: ptr.To("A"), - Port: ptr.To(9100), + Type: ptr.To(monitoringv1alpha1.DNSRecordType("A")), + Port: ptr.To(int32(9100)), }, } _, err = framework.CreateScrapeConfig(context.Background(), ns, sc) @@ -479,9 +560,8 @@ func testScrapeConfigDNSSDConfig(t *testing.T) { require.NoError(t, err) // Check that the targets appear in Prometheus and does proper scrapping - if err := framework.WaitForHealthyTargets(context.Background(), ns, "prometheus-operated", 1); err != nil { - t.Fatal(err) - } + err = framework.WaitForHealthyTargets(context.Background(), ns, "prometheus-operated", 1) + require.NoError(t, err) // Remove the ScrapeConfig err = framework.DeleteScrapeConfig(context.Background(), ns, "scrape-config") @@ -491,3 +571,1044 @@ func testScrapeConfigDNSSDConfig(t *testing.T) { err = framework.WaitForActiveTargets(context.Background(), ns, "prometheus-operated", 0) require.NoError(t, err) } + +type scrapeCRDTestCase struct { + name string + scrapeConfigSpec monitoringv1alpha1.ScrapeConfigSpec + expectedError bool +} + +func testScrapeConfigCRDValidations(t *testing.T) { + t.Parallel() + t.Run("ScrapeConfig", func(t *testing.T) { + runScrapeConfigCRDValidation(t, ScrapeConfigCRDTestCases) + }) + t.Run("KubernetesSD", func(t *testing.T) { + runScrapeConfigCRDValidation(t, K8STestCases) + }) + t.Run("DNSSD", func(t *testing.T) { + runScrapeConfigCRDValidation(t, DNSSDTestCases) + }) + t.Run("EC2SD", func(t *testing.T) { + runScrapeConfigCRDValidation(t, EC2SDTestCases) + }) + t.Run("StaticConfig", func(t *testing.T) { + runScrapeConfigCRDValidation(t, staticConfigTestCases) + }) + t.Run("FileSD", func(t *testing.T) { + runScrapeConfigCRDValidation(t, FileSDTestCases) + }) + t.Run("HTTPSD", func(t *testing.T) { + runScrapeConfigCRDValidation(t, HTTPSDTestCases) + }) + t.Run("IonosSD", func(t *testing.T) { + runScrapeConfigCRDValidation(t, IonosSDTestCases) + }) +} + +func runScrapeConfigCRDValidation(t *testing.T, testCases []scrapeCRDTestCase) { + for _, test := range testCases { + t.Run(test.name, func(t *testing.T) { + t.Parallel() + testCtx := framework.NewTestCtx(t) + defer testCtx.Cleanup(t) + ns := framework.CreateNamespace(context.Background(), t, testCtx) + sc := &monitoringv1alpha1.ScrapeConfig{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: ns, + Annotations: map[string]string{}, + }, + Spec: test.scrapeConfigSpec, + } + + _, err := framework.MonClientV1alpha1.ScrapeConfigs(ns).Create(context.Background(), sc, metav1.CreateOptions{}) + if test.expectedError { + require.True(t, apierrors.IsInvalid(err)) + return + } + + require.NoError(t, err) + }) + } +} + +var HTTPSDTestCases = []scrapeCRDTestCase{ + { + name: "Invalid URL", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + HTTPSDConfigs: []monitoringv1alpha1.HTTPSDConfig{ + { + URL: "valid-server", + }, + }, + }, + expectedError: true, + }, + { + name: "Invalid empty URL", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + HTTPSDConfigs: []monitoringv1alpha1.HTTPSDConfig{ + { + URL: "", + }, + }, + }, + expectedError: true, + }, + { + name: "Invalid absent URL", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + HTTPSDConfigs: []monitoringv1alpha1.HTTPSDConfig{ + {}, + }, + }, + expectedError: true, + }, + { + name: "Valid URL with http scheme", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + HTTPSDConfigs: []monitoringv1alpha1.HTTPSDConfig{ + { + URL: "http://valid.test", + }, + }, + }, + expectedError: false, + }, + { + name: "Valid URL with https scheme", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + HTTPSDConfigs: []monitoringv1alpha1.HTTPSDConfig{ + { + URL: "https://valid-url", + }, + }, + }, + expectedError: false, + }, +} + +var K8STestCases = []scrapeCRDTestCase{ + { + name: "APIServer with empty value", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "EndpointSlice", + APIServer: ptr.To(""), + }, + }, + }, + expectedError: true, + }, + { + name: "Missing required Role", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + // Role is missing + }, + }, + }, + expectedError: true, + }, + { + name: "Invalid Role", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Wrong", + }, + }, + }, + expectedError: true, + }, + { + name: "Valid Role with empty APIServer", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + APIServer: nil, + }, + }, + }, + expectedError: false, + }, + { + name: "Namespace discovery with valid namespace", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Namespaces: &monitoringv1alpha1.NamespaceDiscovery{Names: []string{"default"}}, + }, + }, + }, + expectedError: false, + }, + { + name: "Selector Role missing", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Selectors: []monitoringv1alpha1.K8SSelectorConfig{ + { + // Role is missing + }, + }, + }, + }, + }, + expectedError: true, + }, + { + name: "Selector Role valid", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Selectors: []monitoringv1alpha1.K8SSelectorConfig{ + { + Role: "Pod", + }, + }, + }, + }, + }, + expectedError: false, + }, + { + name: "Selector Label with empty value", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Selectors: []monitoringv1alpha1.K8SSelectorConfig{ + { + Role: "Pod", + Label: ptr.To(""), + }, + }, + }, + }, + }, + expectedError: true, + }, + { + name: "Selector Label with valid value", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Selectors: []monitoringv1alpha1.K8SSelectorConfig{ + { + Role: "Pod", + Label: ptr.To("node.kubernetes.io/instance-type=master"), + }, + }, + }, + }, + }, + expectedError: false, + }, + { + name: "Selector Field with empty value", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Selectors: []monitoringv1alpha1.K8SSelectorConfig{ + { + Role: "Pod", + Field: ptr.To(""), + }, + }, + }, + }, + }, + expectedError: true, + }, + { + name: "Selector Field with valid value", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Selectors: []monitoringv1alpha1.K8SSelectorConfig{ + { + Role: "Pod", + Field: ptr.To("metadata.name=foobar"), + }, + }, + }, + }, + }, + expectedError: false, + }, + { + name: "Selector Field with valid value", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Selectors: []monitoringv1alpha1.K8SSelectorConfig{ + { + Role: "Pod", + Field: ptr.To("metadata.name=foobar"), + }, + }, + }, + }, + }, + expectedError: false, + }, + { + name: "Selector Label and Field with duplicate values", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Selectors: []monitoringv1alpha1.K8SSelectorConfig{ + { + Role: "Pod", + Label: ptr.To("node.kubernetes.io/instance-type=master"), + Field: ptr.To("metadata.name=foobar"), + }, + { + Role: "Pod", + Label: ptr.To("node.kubernetes.io/instance-type=master"), + Field: ptr.To("metadata.name=foobar"), + }, + }, + }, + }, + }, + expectedError: true, + }, + { + name: "IncludeOwnNamespace set to true", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Namespaces: &monitoringv1alpha1.NamespaceDiscovery{ + IncludeOwnNamespace: ptr.To(true), + }, + }, + }, + }, + expectedError: false, + }, + { + name: "IncludeOwnNamespace set to false with empty Names", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Namespaces: &monitoringv1alpha1.NamespaceDiscovery{ + IncludeOwnNamespace: ptr.To(false), + Names: []string{}, + }, + }, + }, + }, + expectedError: false, + }, + { + name: "IncludeOwnNamespace unset with empty Names", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Namespaces: &monitoringv1alpha1.NamespaceDiscovery{ + Names: []string{}, + }, + }, + }, + }, + expectedError: false, + }, + { + name: "Names with valid namespaces", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Namespaces: &monitoringv1alpha1.NamespaceDiscovery{ + Names: []string{"default", "kube-system"}, + }, + }, + }, + }, + expectedError: false, + }, + { + name: "IncludeOwnNamespace set to true with valid Names", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Namespaces: &monitoringv1alpha1.NamespaceDiscovery{ + IncludeOwnNamespace: ptr.To(true), + Names: []string{"default", "kube-system"}, + }, + }, + }, + }, + expectedError: false, + }, + { + name: "IncludeOwnNamespace set to true with repeated Names", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + KubernetesSDConfigs: []monitoringv1alpha1.KubernetesSDConfig{ + { + Role: "Pod", + Namespaces: &monitoringv1alpha1.NamespaceDiscovery{ + IncludeOwnNamespace: ptr.To(true), + Names: []string{"default", "default"}, + }, + }, + }, + }, + expectedError: true, + }, +} + +var DNSSDTestCases = []scrapeCRDTestCase{ + { + name: "Valid Names", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"test1", "test2"}, + }, + }, + }, + expectedError: false, + }, + { + name: "Missing Names", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + {}, + }, + }, + expectedError: true, + }, + { + name: "Empty Names", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{}, + }, + }, + }, + expectedError: true, + }, + { + name: "Empty string in Names", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{""}, + }, + }, + }, + expectedError: true, + }, + { + name: "Valid Record Type A", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"test1"}, + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeA), + }, + }, + }, + expectedError: false, + }, + { + name: "Valid Record Type AAAA", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"test1"}, + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeAAAA), + }, + }, + }, + expectedError: false, + }, + { + name: "Valid Record Type MX", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"test1"}, + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeMX), + }, + }, + }, + expectedError: false, + }, + { + name: "Valid Record Type NS", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"test1"}, + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeNS), + }, + }, + }, + expectedError: false, + }, + { + name: "Valid Record Type SRV", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"test1"}, + Type: ptr.To(monitoringv1alpha1.DNSRecordTypeSRV), + }, + }, + }, + expectedError: false, + }, + { + name: "Invalid Record Type", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"test1"}, + Type: ptr.To(monitoringv1alpha1.DNSRecordType("WRONG")), + }, + }, + }, + expectedError: true, + }, + { + name: "Valid Port Number", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"test1"}, + Port: ptr.To(int32(8080)), + }, + }, + }, + expectedError: false, + }, + { + name: "Invalid Port Number", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"test1"}, + Port: ptr.To(int32(80809)), + }, + }, + }, + expectedError: true, + }, + { + name: "Valid RefreshInterval", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"test1"}, + RefreshInterval: ptr.To(monitoringv1.Duration("30s")), + }, + }, + }, + expectedError: false, + }, + { + name: "Invalid RefreshInterval", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + DNSSDConfigs: []monitoringv1alpha1.DNSSDConfig{ + { + Names: []string{"test1"}, + RefreshInterval: ptr.To(monitoringv1.Duration("30g")), + }, + }, + }, + expectedError: true, + }, +} + +var EC2SDTestCases = []scrapeCRDTestCase{ + { + name: "Valid AWS Region", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + Region: ptr.To("us-west"), + }, + }, + }, + expectedError: false, + }, + { + name: "Valid Absent AWS Region", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + {}, + }, + }, + expectedError: false, + }, + { + name: "Invalid AWS Region", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + Region: ptr.To(""), + }, + }, + }, + expectedError: true, + }, + { + name: "Valid AWS RoleARN", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + RoleARN: ptr.To("valid-role"), + }, + }, + }, + expectedError: false, + }, + { + name: "Valid Absent AWS RoleARN", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + {}, + }, + }, + expectedError: false, + }, + { + name: "Invalid AWS RoleARN", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + RoleARN: ptr.To(""), + }, + }, + }, + expectedError: true, + }, + { + name: "Valid Port Number", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + Port: ptr.To(int32(8080)), + }, + }, + }, + expectedError: false, + }, + { + name: "Invalid Port Number", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + Port: ptr.To(int32(80809)), + }, + }, + }, + expectedError: true, + }, + { + name: "Valid Filters", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + Region: ptr.To("us-west"), + Filters: []monitoringv1alpha1.Filter{ + { + Name: "foo", + Values: []string{"bar"}, + }, + }, + }, + }, + }, + expectedError: false, + }, + { + name: "Invalid Filters with repeat value items", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + Region: ptr.To("us-west"), + Filters: []monitoringv1alpha1.Filter{ + { + Name: "foo", + Values: []string{"bar", "bar"}, + }, + }, + }, + }, + }, + expectedError: true, + }, + { + name: "Invalid Filters with empty values", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + Region: ptr.To("us-west"), + Filters: []monitoringv1alpha1.Filter{ + { + Name: "foo", + Values: []string{}, + }, + }, + }, + }, + }, + expectedError: true, + }, + { + name: "Invalid Filters with empty string values", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + EC2SDConfigs: []monitoringv1alpha1.EC2SDConfig{ + { + Region: ptr.To("us-west"), + Filters: []monitoringv1alpha1.Filter{ + { + Name: "foo", + Values: []string{""}, + }, + }, + }, + }, + }, + expectedError: true, + }, +} + +var ScrapeConfigCRDTestCases = []scrapeCRDTestCase{ + { + name: "JobName: Not Specified", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{}, + expectedError: false, + }, + { + name: "JobName: Empty String", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + JobName: ptr.To(""), + }, + expectedError: true, + }, + { + name: "JobName: Valid Value", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + JobName: ptr.To("validJob"), + }, + expectedError: false, + }, + { + name: "Scheme: Not Specified", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{}, + expectedError: false, + }, + { + name: "Scheme: Invalid Value", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + Scheme: ptr.To("FTP"), + }, + expectedError: true, + }, + { + name: "Scheme: Valid Value HTTP", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + Scheme: ptr.To("HTTP"), + }, + expectedError: false, + }, + { + name: "Scheme: Valid Value HTTPS", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + Scheme: ptr.To("HTTPS"), + }, + expectedError: false, + }, + { + name: "ScrapeClassName: Not Specified", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{}, + expectedError: false, + }, + { + name: "ScrapeClassName: Empty String", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + ScrapeClassName: ptr.To(""), + }, + expectedError: true, + }, + { + name: "ScrapeClassName: Valid Value", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + ScrapeClassName: ptr.To("default"), + }, + expectedError: false, + }, + { + name: "ScrapeProtocols: Not Specified", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{}, + expectedError: false, + }, + { + name: "ScrapeProtocols: Single Valid Protocol", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + ScrapeProtocols: []monitoringv1.ScrapeProtocol{ + "PrometheusProto", + }, + }, + expectedError: false, + }, + { + name: "ScrapeProtocols: Multiple Valid Protocols", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + ScrapeProtocols: []monitoringv1.ScrapeProtocol{ + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + }, + }, + expectedError: false, + }, + { + name: "ScrapeProtocols: Invalid Protocol", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + ScrapeProtocols: []monitoringv1.ScrapeProtocol{ + "InvalidProtocol", + }, + }, + expectedError: true, + }, + { + name: "ScrapeProtocols: Mixed Valid and Invalid Protocols", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + ScrapeProtocols: []monitoringv1.ScrapeProtocol{ + "PrometheusText0.0.4", + "InvalidProtocol", + }, + }, + expectedError: true, + }, + { + name: "ScrapeProtocols: Empty List", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + ScrapeProtocols: []monitoringv1.ScrapeProtocol{}, + }, + expectedError: false, + }, + { + name: "ScrapeProtocols: Duplicate Valid Protocols", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + ScrapeProtocols: []monitoringv1.ScrapeProtocol{ + "OpenMetricsText0.0.1", + "OpenMetricsText0.0.1", + }, + }, + expectedError: true, + }, + { + name: "ScrapeProtocols: All Valid Protocols", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + ScrapeProtocols: []monitoringv1.ScrapeProtocol{ + "PrometheusProto", + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusText0.0.4", + }, + }, + expectedError: false, + }, +} + +var staticConfigTestCases = []scrapeCRDTestCase{ + { + name: "Valid targets", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + + StaticConfigs: []monitoringv1alpha1.StaticConfig{ + { + Targets: []monitoringv1alpha1.Target{"1.1.1.1:9090", "0.0.0.0:9090"}, + }, + }, + }, + expectedError: false, + }, + { + name: "Invalid absent targets", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + + StaticConfigs: []monitoringv1alpha1.StaticConfig{ + {}, + }, + }, + expectedError: true, + }, + { + name: "Invalid duplicate targets", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + + StaticConfigs: []monitoringv1alpha1.StaticConfig{ + { + Targets: []monitoringv1alpha1.Target{"1.1.1.1:9090", "1.1.1.1:9090"}, + }, + }, + }, + expectedError: true, + }, + { + name: "Invalid empty targets", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + + StaticConfigs: []monitoringv1alpha1.StaticConfig{ + { + Targets: []monitoringv1alpha1.Target{}, + }, + }, + }, + expectedError: true, + }, + { + name: "Valid labels", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + + StaticConfigs: []monitoringv1alpha1.StaticConfig{ + { + Targets: []monitoringv1alpha1.Target{"1.1.1.1:9090", "0.0.0.0:9090"}, + Labels: map[string]string{"owned-by": "prometheus"}, + }, + }, + }, + expectedError: false, + }, +} + +var FileSDTestCases = []scrapeCRDTestCase{ + { + name: "Valid files list", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + FileSDConfigs: []monitoringv1alpha1.FileSDConfig{ + { + Files: []monitoringv1alpha1.SDFile{"config.yml", "config.yaml"}, + }, + }, + }, + expectedError: false, + }, + { + name: "Invalid duplicate files list", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + FileSDConfigs: []monitoringv1alpha1.FileSDConfig{ + { + Files: []monitoringv1alpha1.SDFile{"config.yml", "config.yml"}, + }, + }, + }, + expectedError: true, + }, + { + name: "Invalid absent files list", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + FileSDConfigs: []monitoringv1alpha1.FileSDConfig{ + {}, + }, + }, + expectedError: true, + }, + { + name: "Invalid empty files list", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + FileSDConfigs: []monitoringv1alpha1.FileSDConfig{ + { + Files: []monitoringv1alpha1.SDFile{}, + }, + }, + }, + expectedError: true, + }, +} + +var IonosSDTestCases = []scrapeCRDTestCase{ + { + name: "Valid DataCeneterID", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + IonosSDConfigs: []monitoringv1alpha1.IonosSDConfig{ + { + DataCenterID: "11111111-1111-1111-1111-111111111111", + }, + }, + }, + expectedError: false, + }, + { + name: "Invalid empty DataCenterID", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + IonosSDConfigs: []monitoringv1alpha1.IonosSDConfig{ + { + DataCenterID: "", + }, + }, + }, + expectedError: true, + }, + { + name: "Invalid missing DataCenterID", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + IonosSDConfigs: []monitoringv1alpha1.IonosSDConfig{ + {}, + }, + }, + expectedError: true, + }, + { + name: "Valid Port number", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + IonosSDConfigs: []monitoringv1alpha1.IonosSDConfig{ + { + DataCenterID: "11111111-1111-1111-1111-111111111111", + Port: ptr.To(int32(8080)), + }, + }, + }, + expectedError: false, + }, + { + name: "Invalid Port number exceeeding the maximum value", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + IonosSDConfigs: []monitoringv1alpha1.IonosSDConfig{ + { + DataCenterID: "11111111-1111-1111-1111-111111111111", + Port: ptr.To(int32(65536)), // maximum Port number = 65535 + }, + }, + }, + expectedError: true, + }, + { + name: "Invalid Port number below the minimum value", + scrapeConfigSpec: monitoringv1alpha1.ScrapeConfigSpec{ + IonosSDConfigs: []monitoringv1alpha1.IonosSDConfig{ + { + DataCenterID: "11111111-1111-1111-1111-111111111111", + Port: ptr.To(int32(-1)), // minimum Port number = 0 + }, + }, + }, + expectedError: true, + }, +} diff --git a/test/e2e/upgradepath_test.go b/test/e2e/upgradepath_test.go index 05681602627..af6074760c6 100644 --- a/test/e2e/upgradepath_test.go +++ b/test/e2e/upgradepath_test.go @@ -20,6 +20,7 @@ import ( "testing" "time" + "github.com/stretchr/testify/require" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" @@ -32,15 +33,11 @@ func testOperatorUpgrade(t *testing.T) { // Delete cluster wide resources to make sure the environment is clean err := framework.DeletePrometheusOperatorClusterResource(context.Background()) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) // Create Prometheus Operator with previous stable minor version _, err = previousVersionFramework.CreateOrUpdatePrometheusOperator(context.Background(), ns, nil, nil, nil, nil, true, true, false) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) name := "operator-upgrade" @@ -124,43 +121,29 @@ func testOperatorUpgrade(t *testing.T) { alertmanager := previousVersionFramework.MakeBasicAlertmanager(ns, name, 1) _, err = previousVersionFramework.CreateAlertmanagerAndWaitUntilReady(context.Background(), alertmanager) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) _, err = previousVersionFramework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, &alertmanagerService) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) previousVersionFramework.SetupPrometheusRBAC(context.Background(), t, nil, ns) prometheus := previousVersionFramework.MakeBasicPrometheus(ns, name, name, 1) _, err = previousVersionFramework.CreatePrometheusAndWaitUntilReady(context.Background(), ns, previousVersionFramework.MakeBasicPrometheus(ns, name, name, 1)) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) _, err = previousVersionFramework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, &prometheusService) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) thanosRuler := previousVersionFramework.MakeBasicThanosRuler(name, 1, "http://test.example.com") _, err = previousVersionFramework.CreateThanosRulerAndWaitUntilReady(context.Background(), ns, thanosRuler) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) _, err = previousVersionFramework.CreateOrUpdateServiceAndWaitUntilReady(context.Background(), ns, &thanosRulerService) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) framework.SetupPrometheusRBAC(context.Background(), t, testCtx, ns) // Update Prometheus Operator to current version finalizers, err := framework.CreateOrUpdatePrometheusOperator(context.Background(), ns, nil, nil, nil, nil, true, true, true) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) for _, f := range finalizers { testCtx.AddFinalizerFn(f) } @@ -168,30 +151,18 @@ func testOperatorUpgrade(t *testing.T) { // Wait for the updated Prometheus Operator to take effect on Alertmanager, Prometheus, and ThanosRuler. time.Sleep(time.Minute) - err = framework.WaitForAlertmanagerReady(context.Background(), alertmanager) - if err != nil { - t.Fatal(err) - } + _, err = framework.WaitForAlertmanagerReady(context.Background(), alertmanager) + require.NoError(t, err) err = framework.WaitForServiceReady(context.Background(), ns, alertmanagerService.Name) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) _, err = framework.WaitForPrometheusReady(context.Background(), prometheus, 5*time.Minute) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) err = framework.WaitForServiceReady(context.Background(), ns, prometheusService.Name) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) err = framework.WaitForThanosRulerReady(context.Background(), ns, thanosRuler, 5*time.Minute) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) err = framework.WaitForServiceReady(context.Background(), ns, thanosRulerService.Name) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) } diff --git a/test/framework/alertmanager.go b/test/framework/alertmanager.go index 7e10e4c93f2..7f65f203866 100644 --- a/test/framework/alertmanager.go +++ b/test/framework/alertmanager.go @@ -200,20 +200,27 @@ func (f *Framework) CreateAlertmanagerAndWaitUntilReady(ctx context.Context, a * return nil, fmt.Errorf("creating alertmanager %v failed: %w", a.Name, err) } - return a, f.WaitForAlertmanagerReady(ctx, a) + a, err = f.WaitForAlertmanagerReady(ctx, a) + if err != nil { + return nil, fmt.Errorf("failed to patch Alertmanager %s/%s: %w", ns, name, err) + } + + return a, nil } // WaitForAlertmanagerReady waits for each individual pod as well as the // cluster as a whole to be ready. -func (f *Framework) WaitForAlertmanagerReady(ctx context.Context, a *monitoringv1.Alertmanager) error { +func (f *Framework) WaitForAlertmanagerReady(ctx context.Context, a *monitoringv1.Alertmanager) (*monitoringv1.Alertmanager, error) { replicas := int(*a.Spec.Replicas) + var current *monitoringv1.Alertmanager + var getErr error if err := f.WaitForResourceAvailable( ctx, func(context.Context) (resourceStatus, error) { - current, err := f.MonClientV1.Alertmanagers(a.Namespace).Get(ctx, a.Name, metav1.GetOptions{}) - if err != nil { - return resourceStatus{}, err + current, getErr = f.MonClientV1.Alertmanagers(a.Namespace).Get(ctx, a.Name, metav1.GetOptions{}) + if getErr != nil { + return resourceStatus{}, getErr } return resourceStatus{ expectedReplicas: int32(replicas), @@ -224,7 +231,7 @@ func (f *Framework) WaitForAlertmanagerReady(ctx context.Context, a *monitoringv }, 5*time.Minute, ); err != nil { - return fmt.Errorf("alertmanager %v/%v failed to become available: %w", a.Namespace, a.Name, err) + return nil, fmt.Errorf("alertmanager %v/%v failed to become available: %w", a.Namespace, a.Name, err) } // Check that all pods report the expected number of peers. @@ -233,14 +240,14 @@ func (f *Framework) WaitForAlertmanagerReady(ctx context.Context, a *monitoringv for i := 0; i < replicas; i++ { name := fmt.Sprintf("alertmanager-%v-%v", a.Name, strconv.Itoa(i)) if err := f.WaitForAlertmanagerPodInitialized(ctx, a.Namespace, name, replicas, a.Spec.ForceEnableClusterMode, isAMHTTPS); err != nil { - return fmt.Errorf( + return nil, fmt.Errorf( "failed to wait for an Alertmanager cluster (%s) with %d instances to become ready: %w", name, replicas, err, ) } } - return nil + return current, nil } func (f *Framework) PatchAlertmanagerAndWaitUntilReady(ctx context.Context, name, ns string, spec monitoringv1.AlertmanagerSpec) (*monitoringv1.Alertmanager, error) { @@ -249,7 +256,7 @@ func (f *Framework) PatchAlertmanagerAndWaitUntilReady(ctx context.Context, name return nil, fmt.Errorf("failed to patch Alertmanager %s/%s: %w", ns, name, err) } - err = f.WaitForAlertmanagerReady(ctx, a) + a, err = f.WaitForAlertmanagerReady(ctx, a) if err != nil { return nil, fmt.Errorf("failed to update Alertmanager: %v", err) } @@ -289,6 +296,73 @@ func (f *Framework) PatchAlertmanager(ctx context.Context, name, ns string, spec return p, nil } +func (f *Framework) UpdateAlertmanagerReplicasAndWaitUntilReady(ctx context.Context, name, ns string, replicas int32) (*monitoringv1.Alertmanager, error) { + return f.PatchAlertmanagerAndWaitUntilReady( + ctx, + name, + ns, + monitoringv1.AlertmanagerSpec{ + Replicas: ptr.To(replicas), + }, + ) +} + +func (f *Framework) ScaleAlertmanagerAndWaitUntilReady(ctx context.Context, name, ns string, replicas int32) (*monitoringv1.Alertmanager, error) { + aclient := f.MonClientV1.Alertmanagers(ns) + scale, err := aclient.GetScale(ctx, name, metav1.GetOptions{}) + if err != nil { + return nil, fmt.Errorf("failed to get Alertmanager scale: %w", err) + } + scale.Spec.Replicas = replicas + + _, err = aclient.UpdateScale(ctx, name, scale, metav1.UpdateOptions{}) + if err != nil { + return nil, fmt.Errorf("failed to update Alertmanager scale: %w", err) + } + a, err := aclient.Get(ctx, name, metav1.GetOptions{}) + if err != nil { + return nil, fmt.Errorf("failed to get Alertmanager: %w", err) + } + a, err = f.WaitForAlertmanagerReady(ctx, a) + if err != nil { + return nil, err + } + + return a, nil +} + +func (f *Framework) PatchAlertmanager(ctx context.Context, name, ns string, spec monitoringv1.AlertmanagerSpec) (*monitoringv1.Alertmanager, error) { + b, err := json.Marshal( + &monitoringv1.Alertmanager{ + TypeMeta: metav1.TypeMeta{ + Kind: monitoringv1.AlertmanagersKind, + APIVersion: schema.GroupVersion{Group: monitoring.GroupName, Version: monitoringv1.Version}.String(), + }, + Spec: spec, + }, + ) + if err != nil { + return nil, fmt.Errorf("failed to marshal Alertmanager spec: %w", err) + } + + p, err := f.MonClientV1.Alertmanagers(ns).Patch( + ctx, + name, + types.ApplyPatchType, + b, + metav1.PatchOptions{ + Force: ptr.To(true), + FieldManager: "e2e-test", + }, + ) + + if err != nil { + return nil, err + } + + return p, nil +} + func (f *Framework) ScaleAlertmanagerAndWaitUntilReady(ctx context.Context, name, ns string, replicas int32) (*monitoringv1.Alertmanager, error) { return f.PatchAlertmanagerAndWaitUntilReady( ctx, diff --git a/test/framework/context.go b/test/framework/context.go index 0026c7fdee2..6c4d329a628 100644 --- a/test/framework/context.go +++ b/test/framework/context.go @@ -15,16 +15,24 @@ package framework import ( + "bytes" + "context" + "fmt" + "io" "strconv" "strings" "testing" "time" "golang.org/x/sync/errgroup" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" ) type TestCtx struct { id string + namespaces []string cleanUpFns []FinalizerFn } @@ -42,9 +50,138 @@ func (f *Framework) NewTestCtx(t *testing.T) *TestCtx { "test", ) - id := prefix + "-" + strconv.FormatInt(time.Now().Unix(), 36) - return &TestCtx{ - id: id, + tc := &TestCtx{ + id: prefix + "-" + strconv.FormatInt(time.Now().Unix(), 36), + } + + tc.cleanUpFns = []FinalizerFn{ + func() error { + t.Helper() + if !t.Failed() { + return nil + } + + // We can collect more information as we see fit over time. + b := &bytes.Buffer{} + tc.collectAlertmanagers(b, f) + tc.collectPrometheuses(b, f) + tc.collectThanosRulers(b, f) + tc.collectPrometheusAgents(b, f) + tc.collectLogs(b, f) + tc.collectEvents(b, f) + + t.Logf("=== %s (start)", t.Name()) + t.Log("") + t.Log(b.String()) + t.Logf("=== %s (end)", t.Name()) + + return nil + }, + } + + return tc +} + +func (ctx *TestCtx) collectLogs(w io.Writer, f *Framework) { + for _, ns := range ctx.namespaces { + pods, err := f.KubeClient.CoreV1().Pods(ns).List(context.Background(), metav1.ListOptions{}) + if err != nil { + fmt.Fprintf(w, "%s: failed to get pods: %v\n", ns, err) + continue + } + + for _, pod := range pods.Items { + err := f.WritePodLogs(context.Background(), w, ns, pod.Name, LogOptions{}) + if err != nil { + fmt.Fprintf(w, "%s: failed to get pod logs: %v\n", ns, err) + continue + } + } + } +} + +func (ctx *TestCtx) collectEvents(w io.Writer, f *Framework) { + fmt.Fprintln(w, "=== Events") + for _, ns := range ctx.namespaces { + b := &bytes.Buffer{} + err := f.WriteEvents(context.Background(), b, ns) + if err != nil { + fmt.Fprintf(w, "%s: failed to get events: %v\n", ns, err) + } + } +} + +func collectConditions(w io.Writer, prefix string, conditions []monitoringv1.Condition) { + for _, c := range conditions { + fmt.Fprintf( + w, + "%s: condition type=%q status=%q reason=%q message=%q\n", + prefix, + c.Type, + c.Status, + c.Reason, + c.Message, + ) + } +} + +func (ctx *TestCtx) collectAlertmanagers(w io.Writer, f *Framework) { + fmt.Fprintln(w, "=== Alertmanagers") + for _, ns := range ctx.namespaces { + ams, err := f.MonClientV1.Alertmanagers(ns).List(context.Background(), metav1.ListOptions{}) + if err != nil { + fmt.Fprintf(w, "%s: failed to get alertmanagers: %v\n", ns, err) + continue + } + + for _, am := range ams.Items { + collectConditions(w, fmt.Sprintf("Alertmanager=%s/%s", am.Namespace, am.Name), am.Status.Conditions) + } + } +} + +func (ctx *TestCtx) collectPrometheuses(w io.Writer, f *Framework) { + fmt.Fprintln(w, "=== Prometheuses") + for _, ns := range ctx.namespaces { + ps, err := f.MonClientV1.Prometheuses(ns).List(context.Background(), metav1.ListOptions{}) + if err != nil { + fmt.Fprintf(w, "%s: failed to get prometheuses: %v\n", ns, err) + continue + } + + for _, p := range ps.Items { + collectConditions(w, fmt.Sprintf("Prometheus=%s/%s", p.Namespace, p.Name), p.Status.Conditions) + } + } +} + +func (ctx *TestCtx) collectPrometheusAgents(w io.Writer, f *Framework) { + fmt.Fprintln(w, "=== PrometheusAgents") + for _, ns := range ctx.namespaces { + ps, err := f.MonClientV1alpha1.PrometheusAgents(ns).List(context.Background(), metav1.ListOptions{}) + if err != nil { + fmt.Fprintf(w, "%s: failed to get prometheusagents: %v\n", ns, err) + continue + } + + for _, p := range ps.Items { + collectConditions(w, fmt.Sprintf("PrometheusAgent=%s/%s", p.Namespace, p.Name), p.Status.Conditions) + } + } +} + +func (ctx *TestCtx) collectThanosRulers(w io.Writer, f *Framework) { + fmt.Fprintln(w, "=== ThanosRulers") + for _, ns := range ctx.namespaces { + trs, err := f.MonClientV1.ThanosRulers(ns).List(context.Background(), metav1.ListOptions{}) + if err != nil { + fmt.Fprintf(w, "%s: failed to get thanosrulers: %v\n", ns, err) + continue + } + + for _, tr := range trs.Items { + collectConditions(w, fmt.Sprintf("ThanosRuler=%s/%s", tr.Namespace, tr.Name), tr.Status.Conditions) + } } } diff --git a/test/framework/crd.go b/test/framework/crd.go index acfbb05eb03..062ba39ab95 100644 --- a/test/framework/crd.go +++ b/test/framework/crd.go @@ -108,7 +108,7 @@ func (f *Framework) MakeCRD(source string) (*v1.CustomResourceDefinition, error) // WaitForCRDReady waits for a Custom Resource Definition to be available for use. func WaitForCRDReady(listFunc func(opts metav1.ListOptions) (runtime.Object, error)) error { - err := wait.PollUntilContextTimeout(context.Background(), 3*time.Second, 10*time.Minute, false, func(_ context.Context) (bool, error) { + err := wait.PollUntilContextTimeout(context.Background(), time.Second, 2*time.Minute, false, func(_ context.Context) (bool, error) { _, err := listFunc(metav1.ListOptions{}) if err != nil { if se, ok := err.(*apierrors.StatusError); ok { diff --git a/test/framework/event.go b/test/framework/event.go index 4cc0906895a..07ec92a4c5e 100644 --- a/test/framework/event.go +++ b/test/framework/event.go @@ -17,21 +17,21 @@ package framework import ( "context" "fmt" + "io" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -// PrintEvents prints the Kubernetes events to standard out. -func (f *Framework) PrintEvents(ctx context.Context) error { - events, err := f.KubeClient.CoreV1().Events("").List(ctx, metav1.ListOptions{}) +// WriteEvents writes the Kubernetes events for the given namespace. +// If the namespace is empty, all events are written. +func (f *Framework) WriteEvents(ctx context.Context, w io.Writer, ns string) error { + events, err := f.KubeClient.CoreV1().Events(ns).List(ctx, metav1.ListOptions{}) if err != nil { return err } - if events != nil { - fmt.Println("=== Kubernetes events:") - for _, e := range events.Items { - fmt.Printf("FirstTimestamp: '%v', Reason: '%v', Message: '%v'\n", e.FirstTimestamp, e.Reason, e.Message) - } + + for _, e := range events.Items { + fmt.Fprintf(w, "timestamp='%v' namespace=%q reason=%q message=%q\n", e.FirstTimestamp, e.Namespace, e.Reason, e.Message) } return nil diff --git a/test/framework/framework.go b/test/framework/framework.go index 3de199d8465..534eafe832b 100644 --- a/test/framework/framework.go +++ b/test/framework/framework.go @@ -26,8 +26,10 @@ import ( "github.com/blang/semver/v4" "github.com/gogo/protobuf/proto" + "golang.org/x/exp/slices" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" apiclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -95,9 +97,6 @@ func New(kubeconfig, opImage, exampleDir, resourcesDir string, operatorVersion s } httpc := cli.CoreV1().RESTClient().(*rest.RESTClient).Client - if err != nil { - return nil, fmt.Errorf("creating http-client failed: %w", err) - } mClientV1, err := v1monitoringclient.NewForConfig(config) if err != nil { @@ -274,6 +273,14 @@ func (f *Framework) CreateOrUpdatePrometheusOperatorWithOpts( // Add CRD rbac rules clusterRole.Rules = append(clusterRole.Rules, CRDCreateRule, CRDMonitoringRule) + if slices.Contains(opts.EnabledFeatureGates, "PrometheusAgentDaemonSet") { + daemonsetRule := rbacv1.PolicyRule{ + APIGroups: []string{"apps"}, + Resources: []string{"daemonsets"}, + Verbs: []string{"*"}, + } + clusterRole.Rules = append(clusterRole.Rules, daemonsetRule) + } if err := f.UpdateClusterRole(ctx, clusterRole); err != nil { return nil, fmt.Errorf("failed to update prometheus cluster role: %w", err) } diff --git a/test/framework/helpers.go b/test/framework/helpers.go index 8ca143c5f62..08b718a7163 100644 --- a/test/framework/helpers.go +++ b/test/framework/helpers.go @@ -161,20 +161,6 @@ func podRunsImage(p v1.Pod, image string) bool { return false } -func (f *Framework) GetLogs(ctx context.Context, namespace string, podName, containerName string) (string, error) { - logs, err := f.KubeClient.CoreV1().RESTClient().Get(). - Resource("pods"). - Namespace(namespace). - Name(podName).SubResource("log"). - Param("container", containerName). - Do(ctx). - Raw() - if err != nil { - return "", err - } - return string(logs), err -} - // ProxyGetPod expects resourceName as "[protocol:]podName[:portNameOrNumber]". // protocol is optional and the valid values are "http" and "https". // Without specifying protocol, "http" will be used. diff --git a/test/framework/namespace.go b/test/framework/namespace.go index 4af4fc94f4e..7a8029736f5 100644 --- a/test/framework/namespace.go +++ b/test/framework/namespace.go @@ -17,7 +17,6 @@ package framework import ( "context" "encoding/json" - "fmt" "testing" v1 "k8s.io/api/core/v1" @@ -32,19 +31,21 @@ func (f *Framework) CreateNamespace(ctx context.Context, t *testing.T, testCtx * rn := k8sutil.ResourceNamer{} name, err := rn.UniqueDNS1123Label(name) if err != nil { - t.Fatal(fmt.Errorf("failed to generate a namespace name %v: %w", name, err)) + t.Fatalf("failed to generate namespace %v: %v", name, err) } _, err = f.KubeClient.CoreV1().Namespaces().Create(ctx, &v1.Namespace{ ObjectMeta: metav1.ObjectMeta{ - Name: name, + Name: name, + Labels: map[string]string{"app.kubernetes.io/created-by": "e2e-test"}, }, }, metav1.CreateOptions{}) - if err != nil { - t.Fatal(fmt.Errorf("failed to create namespace with name %v: %w", name, err)) + t.Fatalf("failed to create namespace %q: %v", name, err) } + testCtx.namespaces = append(testCtx.namespaces, name) + namespaceFinalizerFn := func() error { return f.DeleteNamespace(ctx, name) } diff --git a/test/framework/pod.go b/test/framework/pod.go index faf1af32fe5..9729f5bd0c7 100644 --- a/test/framework/pod.go +++ b/test/framework/pod.go @@ -32,22 +32,49 @@ import ( "k8s.io/client-go/transport/spdy" ) +type LogOptions struct { + Container string + TailLines int64 + SinceSeconds int64 +} + // PrintPodLogs prints the logs of a specified Pod. -func (f *Framework) PrintPodLogs(ctx context.Context, ns, p string) error { - pod, err := f.KubeClient.CoreV1().Pods(ns).Get(ctx, p, metav1.GetOptions{}) +func (f *Framework) WritePodLogs(ctx context.Context, w io.Writer, ns, pod string, opts LogOptions) error { + p, err := f.KubeClient.CoreV1().Pods(ns).Get(ctx, pod, metav1.GetOptions{}) if err != nil { - return fmt.Errorf("failed to print logs of pod '%v': failed to get pod: %w", p, err) + return fmt.Errorf("failed to get pod %s/%s: %w", ns, pod, err) + } + + var containers []string + for _, c := range p.Spec.Containers { + if opts.Container != "" && c.Name != opts.Container { + continue + } + containers = append(containers, c.Name) } - for _, c := range pod.Spec.Containers { - req := f.KubeClient.CoreV1().Pods(ns).GetLogs(p, &v1.PodLogOptions{Container: c.Name}) + plo := v1.PodLogOptions{} + if opts.TailLines > 0 { + plo.TailLines = &opts.TailLines + } + if opts.SinceSeconds > 0 { + plo.SinceSeconds = &opts.SinceSeconds + } + + for _, c := range containers { + plo.Container = c + req := f.KubeClient.CoreV1().Pods(ns).GetLogs(pod, &plo) resp, err := req.DoRaw(ctx) if err != nil { - return fmt.Errorf("failed to retrieve logs of pod '%v': %w", p, err) + return fmt.Errorf("failed to retrieve logs of container %q (pod %s/%s): %w", c, ns, pod, err) } - fmt.Printf("=== Logs of %v/%v/%v:", ns, p, c.Name) - fmt.Println(string(resp)) + fmt.Fprintf(w, "=== Logs (pod=%s/%s container=%s)\n", ns, pod, c) + _, err = w.Write(resp) + fmt.Fprint(w, "\n") + if err != nil { + return fmt.Errorf("failed to write logs: %w", err) + } } return nil diff --git a/test/framework/prometheus.go b/test/framework/prometheus.go index 612582eec0b..c86053b5ed9 100644 --- a/test/framework/prometheus.go +++ b/test/framework/prometheus.go @@ -68,10 +68,11 @@ type Cert struct { } type PromRemoteWriteTestConfig struct { - ClientKey Key - ClientCert Cert - CA Cert - InsecureSkipVerify bool + ClientKey Key + ClientCert Cert + CA Cert + InsecureSkipVerify bool + RemoteWriteMessageVersion *monitoringv1.RemoteWriteMessageVersion } func (f *Framework) CreateCertificateResources(namespace, certsDir string, prwtc PromRemoteWriteTestConfig) error { @@ -178,6 +179,11 @@ func (f *Framework) CreateCertificateResources(namespace, certsDir string, prwtc } func (f *Framework) MakeBasicPrometheus(ns, name, group string, replicas int32) *monitoringv1.Prometheus { + promVersion := operator.DefaultPrometheusVersion + // Because Prometheus 3 is supported from version 0.77.0 only + if os.Getenv("TEST_EXPERIMENTAL_PROMETHEUS") == "true" && f.operatorVersion.Minor >= 77 { + promVersion = operator.DefaultPrometheusExperimentalVersion + } return &monitoringv1.Prometheus{ ObjectMeta: metav1.ObjectMeta{ Name: name, @@ -187,7 +193,7 @@ func (f *Framework) MakeBasicPrometheus(ns, name, group string, replicas int32) Spec: monitoringv1.PrometheusSpec{ CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ Replicas: &replicas, - Version: operator.DefaultPrometheusVersion, + Version: promVersion, ServiceMonitorSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{ "group": group, @@ -217,7 +223,8 @@ func (f *Framework) MakeBasicPrometheus(ns, name, group string, replicas int32) // AddRemoteWriteWithTLSToPrometheus configures Prometheus to send samples to the remote-write endpoint. func (prwtc PromRemoteWriteTestConfig) AddRemoteWriteWithTLSToPrometheus(p *monitoringv1.Prometheus, url string) { p.Spec.RemoteWrite = []monitoringv1.RemoteWriteSpec{{ - URL: url, + URL: url, + MessageVersion: prwtc.RemoteWriteMessageVersion, QueueConfig: &monitoringv1.QueueConfig{ BatchSendDeadline: (*monitoringv1.Duration)(ptr.To("1s")), }, @@ -285,8 +292,7 @@ func (prwtc PromRemoteWriteTestConfig) AddRemoteWriteWithTLSToPrometheus(p *moni } func (f *Framework) EnableRemoteWriteReceiverWithTLS(p *monitoringv1.Prometheus) { - p.Spec.EnableFeatures = []monitoringv1.EnableFeature{"remote-write-receiver"} - + p.Spec.EnableRemoteWriteReceiver = true p.Spec.Web = &monitoringv1.PrometheusWebSpec{ WebConfigFileFields: monitoringv1.WebConfigFileFields{ TLSConfig: &monitoringv1.WebTLSConfig{ @@ -323,7 +329,7 @@ func (f *Framework) AddAlertingToPrometheus(p *monitoringv1.Prometheus, ns, name p.Spec.Alerting = &monitoringv1.AlertingSpec{ Alertmanagers: []monitoringv1.AlertmanagerEndpoints{ { - Namespace: ns, + Namespace: ptr.To(ns), Name: fmt.Sprintf("alertmanager-%s", name), Port: intstr.FromString("web"), }, @@ -800,13 +806,14 @@ func (f *Framework) PrintPrometheusLogs(ctx context.Context, t *testing.T, p *mo replicas := int(*p.Spec.Replicas) for i := 0; i < replicas; i++ { - l, err := f.GetLogs(ctx, p.Namespace, fmt.Sprintf("prometheus-%s-%d", p.Name, i), "prometheus") + b := &bytes.Buffer{} + err := f.WritePodLogs(ctx, b, p.Namespace, fmt.Sprintf("prometheus-%s-%d", p.Name, i), LogOptions{Container: "prometheus"}) if err != nil { t.Logf("failed to retrieve logs for replica[%d]: %v", i, err) continue } t.Logf("Prometheus %q/%q (replica #%d) logs:", p.Namespace, p.Name, i) - t.Logf("%s", l) + t.Log(b.String()) } } diff --git a/test/framework/prometheusagent.go b/test/framework/prometheusagent.go index 368cb6869b1..87f635e12ac 100644 --- a/test/framework/prometheusagent.go +++ b/test/framework/prometheusagent.go @@ -25,6 +25,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" + wait "k8s.io/apimachinery/pkg/util/wait" "k8s.io/utils/ptr" "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring" @@ -66,15 +67,49 @@ func (f *Framework) MakeBasicPrometheusAgent(ns, name, group string, replicas in } } +func (f *Framework) MakeBasicPrometheusAgentDaemonSet(ns, name string) *monitoringv1alpha1.PrometheusAgent { + return &monitoringv1alpha1.PrometheusAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: ns, + Annotations: map[string]string{}, + }, + Spec: monitoringv1alpha1.PrometheusAgentSpec{ + Mode: ptr.To("DaemonSet"), + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + Version: operator.DefaultPrometheusVersion, + ServiceAccountName: "prometheus", + Resources: v1.ResourceRequirements{ + Requests: v1.ResourceList{ + v1.ResourceMemory: resource.MustParse("400Mi"), + }, + }, + PodMonitorSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "group": name, + }, + }, + }, + }, + } +} + func (f *Framework) CreatePrometheusAgentAndWaitUntilReady(ctx context.Context, ns string, p *monitoringv1alpha1.PrometheusAgent) (*monitoringv1alpha1.PrometheusAgent, error) { result, err := f.MonClientV1alpha1.PrometheusAgents(ns).Create(ctx, p, metav1.CreateOptions{}) if err != nil { return nil, fmt.Errorf("creating %v prometheus-agent instances failed (%v): %v", p.Spec.Replicas, p.Name, err) } - result, err = f.WaitForPrometheusAgentReady(ctx, result, 5*time.Minute) - if err != nil { - return nil, fmt.Errorf("waiting for %v prometheus-agent instances timed out (%v): %v", p.Spec.Replicas, p.Name, err) + if ptr.Deref(p.Spec.Mode, "StatefulSet") == "DaemonSet" { + err = f.WaitForPrometheusAgentDSReady(ctx, ns, p) + if err != nil { + return nil, fmt.Errorf("waiting for prometheus-agent DaemonSet timed out (%v): %v", p.Name, err) + } + } else { + result, err = f.WaitForPrometheusAgentReady(ctx, result, 5*time.Minute) + if err != nil { + return nil, fmt.Errorf("waiting for %v prometheus-agent instances timed out (%v): %v", p.Spec.Replicas, p.Name, err) + } } return result, nil @@ -110,6 +145,40 @@ func (f *Framework) WaitForPrometheusAgentReady(ctx context.Context, p *monitori return current, nil } +func (f *Framework) WaitForPrometheusAgentDSReady(ctx context.Context, ns string, p *monitoringv1alpha1.PrometheusAgent) error { + var pollErr error + if err := wait.PollUntilContextTimeout(ctx, 5*time.Second, 5*time.Minute, true, func(ctx context.Context) (bool, error) { + name := fmt.Sprintf("prom-agent-%s", p.Name) + // TODO: Implement UpdateStatus() for DaemonSet and check status instead of using Get(). + dms, err := f.KubeClient.AppsV1().DaemonSets(ns).Get(ctx, name, metav1.GetOptions{}) + if err != nil { + pollErr = fmt.Errorf("failed to get Prometheus Agent DaemonSet: %w", err) + return false, nil + } + + if dms.ObjectMeta.DeletionTimestamp != nil { + pollErr = fmt.Errorf("Prometheus Agent DaemonSet deletion in progress") + return false, nil + } + + if dms.Status.NumberUnavailable > 0 { + pollErr = fmt.Errorf("Prometheus Agent DaemonSet is not available") + return false, nil + } + + if dms.Status.NumberReady == 0 { + pollErr = fmt.Errorf("Prometheus Agent DaemonSet is not ready") + return false, nil + } + + return true, nil + }); err != nil { + return fmt.Errorf("%v: %w", pollErr, err) + } + + return nil +} + func (f *Framework) DeletePrometheusAgentAndWaitUntilGone(ctx context.Context, ns, name string) error { _, err := f.MonClientV1alpha1.PrometheusAgents(ns).Get(ctx, name, metav1.GetOptions{}) if err != nil { @@ -133,6 +202,28 @@ func (f *Framework) DeletePrometheusAgentAndWaitUntilGone(ctx context.Context, n return nil } +func (f *Framework) DeletePrometheusAgentDSAndWaitUntilGone(ctx context.Context, p *monitoringv1alpha1.PrometheusAgent, ns, name string) error { + if err := f.MonClientV1alpha1.PrometheusAgents(ns).Delete(ctx, name, metav1.DeleteOptions{}); err != nil { + return fmt.Errorf("deleting PrometheusAgent custom resource %v failed: %w", name, err) + } + + var pollErr error + if err := wait.PollUntilContextTimeout(ctx, 5*time.Second, 5*time.Minute, true, func(ctx context.Context) (bool, error) { + dmsName := fmt.Sprintf("prom-agent-%s", p.Name) + dms, _ := f.KubeClient.AppsV1().DaemonSets(ns).Get(ctx, dmsName, metav1.GetOptions{}) + if dms.Status.NumberAvailable != 0 { + pollErr = fmt.Errorf("Prometheus Agent DaemonSet still exists after deleting") + return false, nil + } + + return true, nil + }); err != nil { + return fmt.Errorf("%v: %w", pollErr, err) + } + + return nil +} + func (f *Framework) PatchPrometheusAgent(ctx context.Context, name, ns string, spec monitoringv1alpha1.PrometheusAgentSpec) (*monitoringv1alpha1.PrometheusAgent, error) { b, err := json.Marshal( &monitoringv1alpha1.PrometheusAgent{ @@ -190,7 +281,12 @@ func (f *Framework) PatchPrometheusAgentAndWaitUntilReady(ctx context.Context, n return nil, fmt.Errorf("failed to patch prometheus agent %s/%s: %w", ns, name, err) } - p, err = f.WaitForPrometheusAgentReady(ctx, p, 5*time.Minute) + if ptr.Deref(p.Spec.Mode, "StatefulSet") == "DaemonSet" { + err = f.WaitForPrometheusAgentDSReady(ctx, ns, p) + } else { + p, err = f.WaitForPrometheusAgentReady(ctx, p, 5*time.Minute) + } + if err != nil { return nil, err } diff --git a/test/framework/resources/basic-app-for-daemonset-test.yaml b/test/framework/resources/basic-app-for-daemonset-test.yaml new file mode 100644 index 00000000000..7287986c227 --- /dev/null +++ b/test/framework/resources/basic-app-for-daemonset-test.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app-for-daemonset-test + labels: + group: test +spec: + replicas: 2 + selector: + matchLabels: + group: test + template: + metadata: + labels: + group: test + spec: + containers: + - name: example-app + image: quay.io/prometheus-operator/instrumented-sample-app:latest + imagePullPolicy: IfNotPresent + ports: + - name: web + containerPort: 8080 + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: group + operator: In + values: + - test + topologyKey: "kubernetes.io/hostname" \ No newline at end of file